Edit tour

Windows Analysis Report
https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe

Overview

General Information

Sample URL:	https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe
Analysis ID:	1618674
Infos:

Detection

Score:	56
Range:	0 - 100
Confidence:	100%

Signatures

.NET source code contains process injector

.NET source code references suspicious native API functions

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains long sleeps (>= 3 min)

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Usage Of Web Request Commands And Cmdlets

Suricata IDS alerts with low severity for network traffic

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64native

cmd.exe (PID: 9076 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe" > cmdline.out 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 1176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)

wget.exe (PID: 3560 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)

Deus.Launcher.exe (PID: 7132 cmdline: "C:\Users\user\Desktop\download\Deus.Launcher.exe" MD5: 9336D541886BFF351FFE1BCAA2AF7904)

cleanup

Sigma Signatures

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe" > cmdline.out 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5956, ProcessCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe" > cmdline.out 2>&1, ProcessId: 9076, ProcessName: cmd.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe" > cmdline.out 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5956, ProcessCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe" > cmdline.out 2>&1, ProcessId: 9076, ProcessName: cmd.exe

Suricata Signatures

ET MALWARE UPX compressed file download possible malware

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-19T02:05:04.089204+0100	2001046	3	Misc activity	172.67.214.1	443	192.168.11.20	49715	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: unknown	HTTPS traffic detected: 140.82.116.4:443 -> 192.168.11.20:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.116.4:443 -> 192.168.11.20:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.133:443 -> 192.168.11.20:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.93.187:443 -> 192.168.11.20:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.214.1:443 -> 192.168.11.20:49715 version: TLS 1.2

Source:

Binary string: D:\coding\DL 2\obj\x64\Release\Deus Launcher.pdb source: Deus.Launcher.exe, 00000004.00000000.923455590.0000012819482000.00000002.00000001.01000000.00000003.sdmp, Deus.Launcher.exe.2.dr

Source: global traffic	HTTP traffic detected: GET /vers HTTP/1.1Host: server1.deus.menuConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Deus.dll?v=869256 HTTP/1.1Host: download.deus.menuConnection: Keep-Alive

Source: Network traffic

Suricata IDS: 2001046 - Severity 3 - ET MALWARE UPX compressed file download possible malware : 172.67.214.1:443 -> 192.168.11.20:49715

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: /Accept-Encoding: identityHost: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /divinusinc/pulmenti/releases/download/launcher/Deus.Launcher.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: /Accept-Encoding: identityHost: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/655088253/5df374d6-3ac8-4179-bca7-3cbe37324c30?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250219%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250219T010458Z&X-Amz-Expires=300&X-Amz-Signature=fd48d3c12cd8693ba7eb9249c1f8389aa4c9263ac5df50c687fb63ec1f42f092&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DDeus.Launcher.exe&response-content-type=application%2Foctet-stream HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: /Accept-Encoding: identityHost: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /vers HTTP/1.1Host: server1.deus.menuConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /Deus.dll?v=869256 HTTP/1.1Host: download.deus.menuConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: server1.deus.menu
Source: global traffic	DNS traffic detected: DNS query: download.deus.menu

Source: wget.exe, 00000002.00000002.912319008.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.911770691.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, Deus.Launcher.exe, 00000004.00000002.2157182129.0000012836AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: wget.exe, 00000002.00000002.912319008.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000002.00000002.912319008.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.911770691.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, Deus.Launcher.exe, 00000004.00000002.2157182129.0000012836A7F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Deus.Launcher.exe, 00000004.00000002.2153497681.000001281B2E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: wget.exe, 00000002.00000002.912319008.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm
Source: wget.exe, 00000002.00000002.912319008.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.911770691.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, Deus.Launcher.exe, 00000004.00000002.2157182129.0000012836AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: Deus.Launcher.exe, 00000004.00000002.2153497681.000001281B382000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://download.deus.menu
Source: Deus.Launcher.exe, 00000004.00000000.923455590.0000012819482000.00000002.00000001.01000000.00000003.sdmp, Deus.Launcher.exe, 00000004.00000002.2153497681.000001281B2E1000.00000004.00000800.00020000.00000000.sdmp, Deus.Launcher.exe.2.dr	String found in binary or memory: https://download.deus.menu/Deus.dll?v=
Source: Deus.Launcher.exe, 00000004.00000002.2153497681.000001281B2E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://download.deus.menu/Deus.dll?v=869256
Source: wget.exe, 00000002.00000002.911770691.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.ex
Source: wget.exe, 00000002.00000002.911770691.0000000000A50000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, Deus.Launcher.exe, 00000004.00000002.2153497681.000001281B2E1000.00000004.00000800.00020000.00000000.sdmp, cmdline.out.0.dr	String found in binary or memory: https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe
Source: Deus.Launcher.exe, 00000004.00000000.923455590.0000012819482000.00000002.00000001.01000000.00000003.sdmp, Deus.Launcher.exe.2.dr	String found in binary or memory: https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe#Downloading
Source: wget.exe, 00000002.00000002.912319008.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exeG
Source: wget.exe, 00000002.00000002.912130670.0000000001380000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe_PROCE
Source: cmdline.out.0.dr	String found in binary or memory: https://github.com/divinusinc/pulmenti/releases/download/launcher/Deus.Launcher.exe
Source: wget.exe, 00000002.00000003.910689256.0000000002EC2000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.894033350.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.911007192.0000000002EC4000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.909979245.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/divinusinc/pulmenti/releases/download/launcher/Deus.Launcher.exe=e
Source: cmdline.out.0.dr	String found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/655088253/5df374d6-3ac8
Source: wget.exe, 00000002.00000002.912319008.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com
Source: wget.exe, 00000002.00000002.912319008.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.911770691.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, Deus.Launcher.exe, 00000004.00000002.2157182129.0000012836AAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: wget.exe, 00000002.00000002.912319008.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com8
Source: Deus.Launcher.exe, 00000004.00000002.2153497681.000001281B2E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://server1.deus.menu
Source: Deus.Launcher.exe, 00000004.00000002.2157182129.0000012836A7F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://server1.deus.menu/
Source: Deus.Launcher.exe, 00000004.00000000.923455590.0000012819482000.00000002.00000001.01000000.00000003.sdmp, Deus.Launcher.exe, 00000004.00000002.2153497681.000001281B2E1000.00000004.00000800.00020000.00000000.sdmp, Deus.Launcher.exe.2.dr	String found in binary or memory: https://server1.deus.menu/vers

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 140.82.116.4:443 -> 192.168.11.20:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 140.82.116.4:443 -> 192.168.11.20:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.110.133:443 -> 192.168.11.20:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.93.187:443 -> 192.168.11.20:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.214.1:443 -> 192.168.11.20:49715 version: TLS 1.2

Source: Deus.Launcher.exe.2.dr

Static PE information: No import functions for PE file found

Source: Deus.Launcher.exe.2.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Deus.Launcher.exe.2.dr, Launcher.cs	Suspicious method names: .Launcher.toggleInjectOrLaunchBtn
Source: Deus.Launcher.exe.2.dr, Launcher.cs	Suspicious method names: .Launcher.inject
Source: Deus.Launcher.exe.2.dr, Launcher.cs	Suspicious method names: .Launcher.EnableReInject
Source: Deus.Launcher.exe.2.dr, Launcher.cs	Suspicious method names: .Launcher.InjectBtn_Click
Source: Deus.Launcher.exe.2.dr, Launcher.cs	Suspicious method names: .Launcher.AutoInjectCheckBox_CheckedChanged
Source: Deus.Launcher.exe.2.dr, Launcher.cs	Suspicious method names: .Launcher.ReInjectTimer_Tick
Source: Deus.Launcher.exe.2.dr, Launcher.cs	Suspicious method names: .Launcher.AutoInjectTimer_Tick

Source: classification engine

Classification label: mal56.evad.win@5/6@4/4

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1176:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1176:120:WilError_03

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe"
Source: unknown	Process created: C:\Users\user\Desktop\download\Deus.Launcher.exe "C:\Users\user\Desktop\download\Deus.Launcher.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe"	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\download\Deus.Launcher.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source:

Source: Deus.Launcher.exe.2.dr

Static PE information: 0xFC422CCF [Mon Feb 11 17:47:59 2104 UTC]

Source: Deus.Launcher.exe.2.dr

Static PE information: section name: .text entropy: 7.775725633340111

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	File created: C:\Users\user\AppData\Roaming\Deus\bin\Deus 10.0.dll.tmp	Jump to dropped file
Source: C:\Windows\SysWOW64\wget.exe	File created: C:\Users\user\Desktop\download\Deus.Launcher.exe	Jump to dropped file
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	File created: C:\Users\user\AppData\Roaming\Deus\bin\Deus 10.0.dll (copy)	Jump to dropped file

Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Memory allocated: 128198D0000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Memory allocated: 128332E0000 memory reserve \| memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\download\Deus.Launcher.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\download\Deus.Launcher.exe

Window / User API: threadDelayed 9913

Jump to behavior

Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Deus\bin\Deus 10.0.dll.tmp			Jump to dropped file
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Deus\bin\Deus 10.0.dll (copy)			Jump to dropped file

Source: C:\Users\user\Desktop\download\Deus.Launcher.exe TID: 6828	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe TID: 6828	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe TID: 6828	Thread sleep time: -99875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe TID: 6828	Thread sleep time: -99765s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe TID: 6828	Thread sleep time: -99656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe TID: 6828	Thread sleep time: -99547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe TID: 6828	Thread sleep time: -99437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe TID: 6828	Thread sleep time: -99328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe TID: 6828	Thread sleep time: -99219s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe TID: 6828	Thread sleep time: -99109s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe TID: 6828	Thread sleep time: -99000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Thread delayed: delay time: 99875	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Thread delayed: delay time: 99765	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Thread delayed: delay time: 99656	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Thread delayed: delay time: 99547	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Thread delayed: delay time: 99437	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Thread delayed: delay time: 99328	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Thread delayed: delay time: 99219	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Thread delayed: delay time: 99109	Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Thread delayed: delay time: 99000	Jump to behavior

Source: wget.exe, 00000002.00000002.911770691.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, Deus.Launcher.exe, 00000004.00000002.2159019870.0000012836E40000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\download\Deus.Launcher.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\download\Deus.Launcher.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\download\Deus.Launcher.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code contains process injector

Source: Deus.Launcher.exe.2.dr, Launcher.cs

.Net Code: inject contains injection code

.NET source code references suspicious native API functions

Source: Deus.Launcher.exe.2.dr, Launcher.cs	Reference to suspicious API methods: OpenProcess(1082u, 1, (uint)gta_pid)
Source: Deus.Launcher.exe.2.dr, Launcher.cs	Reference to suspicious API methods: GetProcAddress(moduleHandle, "LoadLibraryW")
Source: Deus.Launcher.exe.2.dr, Launcher.cs	Reference to suspicious API methods: GetProcAddress(moduleHandle, "LoadLibraryW")
Source: Deus.Launcher.exe.2.dr, Launcher.cs	Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(moduleHandle, "VirtualAllocEx"), typeof(VirtualAllocExDelegate))
Source: Deus.Launcher.exe.2.dr, Launcher.cs	Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(moduleHandle, "WriteProcessMemory"), typeof(WriteProcessMemoryDelegate))
Source: Deus.Launcher.exe.2.dr, Launcher.cs	Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(moduleHandle, "CreateRemoteThread"), typeof(CreateRemoteThreadDelegate))

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://github.com/divinusinc/deus/releases/download/launcher/deus.launcher.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://github.com/divinusinc/deus/releases/download/launcher/deus.launcher.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://github.com/divinusinc/deus/releases/download/launcher/deus.launcher.exe"	Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe	Queries volume information: C:\Users\user\Desktop\download VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\download\Deus.Launcher.exe	Queries volume information: C:\Users\user\Desktop\download\Deus.Launcher.exe VolumeInformation			Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Command and Scripting Interpreter	1 DLL Side-Loading	11 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Obfuscated Files or Information	LSA Secrets	12 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	21 Software Packing	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://server1.deus.menu	0%	Avira URL Cloud	safe
https://download.deus.menu/Deus.dll?v=	0%	Avira URL Cloud	safe
https://server1.deus.menu/	0%	Avira URL Cloud	safe
https://ocsp.quovadisoffshore.com8	0%	Avira URL Cloud	safe
https://download.deus.menu	0%	Avira URL Cloud	safe
https://server1.deus.menu/vers	0%	Avira URL Cloud	safe
https://download.deus.menu/Deus.dll?v=869256	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
github.com	140.82.116.4	true	false	high
server1.deus.menu	104.21.93.187	true	false	unknown
objects.githubusercontent.com	185.199.110.133	true	false	high
download.deus.menu	172.67.214.1	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://download.deus.menu/Deus.dll?v=869256	false	Avira URL Cloud: safe	unknown
https://github.com/divinusinc/pulmenti/releases/download/launcher/Deus.Launcher.exe	false		high
https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe	false		high
https://server1.deus.menu/vers	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe_PROCE	wget.exe, 00000002.00000002.912130670.0000000001380000.00000004.00000020.00020000.00000000.sdmp	false		high
https://server1.deus.menu/	Deus.Launcher.exe, 00000004.00000002.2157182129.0000012836A7F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.ex	wget.exe, 00000002.00000002.911770691.0000000000A58000.00000004.00000020.00020000.00000000.sdmp	false		high
https://server1.deus.menu	Deus.Launcher.exe, 00000004.00000002.2153497681.000001281B2E1000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://download.deus.menu/Deus.dll?v=	Deus.Launcher.exe, 00000004.00000000.923455590.0000012819482000.00000002.00000001.01000000.00000003.sdmp, Deus.Launcher.exe, 00000004.00000002.2153497681.000001281B2E1000.00000004.00000800.00020000.00000000.sdmp, Deus.Launcher.exe.2.dr	false	Avira URL Cloud: safe	unknown
https://ocsp.quovadisoffshore.com8	wget.exe, 00000002.00000002.912319008.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.quovadis.bm	wget.exe, 00000002.00000002.912319008.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.quovadis.bm0	wget.exe, 00000002.00000002.912319008.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.911770691.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, Deus.Launcher.exe, 00000004.00000002.2157182129.0000012836AAB000.00000004.00000020.00020000.00000000.sdmp	false		high
https://download.deus.menu	Deus.Launcher.exe, 00000004.00000002.2153497681.000001281B382000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exeG	wget.exe, 00000002.00000002.912319008.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ocsp.quovadisoffshore.com0	wget.exe, 00000002.00000002.912319008.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.911770691.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, Deus.Launcher.exe, 00000004.00000002.2157182129.0000012836AAB000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Deus.Launcher.exe, 00000004.00000002.2153497681.000001281B2E1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe#Downloading	Deus.Launcher.exe, 00000004.00000000.923455590.0000012819482000.00000002.00000001.01000000.00000003.sdmp, Deus.Launcher.exe.2.dr	false		high
https://ocsp.quovadisoffshore.com	wget.exe, 00000002.00000002.912319008.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.910804470.0000000002E7A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://objects.githubusercontent.com/github-production-release-asset-2e65be/655088253/5df374d6-3ac8	cmdline.out.0.dr	false		high
https://github.com/divinusinc/pulmenti/releases/download/launcher/Deus.Launcher.exe=e	wget.exe, 00000002.00000003.910689256.0000000002EC2000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.894033350.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.911007192.0000000002EC4000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.909979245.0000000002EC0000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
140.82.116.4	github.com	United States	36459	GITHUBUS	false
104.21.93.187	server1.deus.menu	United States	13335	CLOUDFLARENETUS	false
185.199.110.133	objects.githubusercontent.com	Netherlands	54113	FASTLYUS	false
172.67.214.1	download.deus.menu	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1618674
Start date and time:	2025-02-19 02:02:27 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	urldownload.jbs
Sample URL:	https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Detection:	MAL
Classification:	mal56.evad.win@5/6@4/4

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, sppsvc.exe, SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 96.16.70.160
Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe

Simulations

Behavior and APIs

Time	Type	Description
20:05:01	API Interceptor	5419532x Sleep call for process: Deus.Launcher.exe modified

C:\Users\user\AppData\Local\Divinus,_Inc\Deus.Launcher.exe_Url_wzqwwm24yrg45qzy15d2hyc2xdzm2ela\1.0.0.0\user.config (copy)

Download File

Process:	C:\Users\user\Desktop\download\Deus.Launcher.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	940
Entropy (8bit):	4.841974046978804
Encrypted:	false
SSDEEP:	24:2dqIK07E449GK6E4Ev+Xi1xEKpnvLBPSvY:crr7HKG7Hq3xEAnFSg
MD5:	9B440C9ED9E701286A9AE8EDE169B446
SHA1:	C8708A78C424C7A510B107B8A5999CAE5AA0F364
SHA-256:	C3CAF707FACFE0E6EADC284A9651E412731545111500190F4542FB2A662864F3
SHA-512:	C875E061AEA68FA7F13A45574091B9A0358E127C904194BBC397F5DF86B49039E4027A477D6CF080823A1FB30ED219923BBACECBE0D1CDD066FD331E3979F7E8
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="Deus_Launcher.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <Deus_Launcher.Properties.Settings>.. <setting name="MustUpgrade" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="Version" serializeAs="String">.. <value>0</value>.. </setting>.. </Deus_Launcher.Properties.Settings>.. </userSettings>..</configuration>

C:\Users\user\AppData\Local\Divinus,_Inc\Deus.Launcher.exe_Url_wzqwwm24yrg45qzy15d2hyc2xdzm2ela\1.0.0.0\ybugmkv1.newcfg

Download File

Process:	C:\Users\user\Desktop\download\Deus.Launcher.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	940
Entropy (8bit):	4.841974046978804
Encrypted:	false
SSDEEP:	24:2dqIK07E449GK6E4Ev+Xi1xEKpnvLBPSvY:crr7HKG7Hq3xEAnFSg
MD5:	9B440C9ED9E701286A9AE8EDE169B446
SHA1:	C8708A78C424C7A510B107B8A5999CAE5AA0F364
SHA-256:	C3CAF707FACFE0E6EADC284A9651E412731545111500190F4542FB2A662864F3
SHA-512:	C875E061AEA68FA7F13A45574091B9A0358E127C904194BBC397F5DF86B49039E4027A477D6CF080823A1FB30ED219923BBACECBE0D1CDD066FD331E3979F7E8
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="Deus_Launcher.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <Deus_Launcher.Properties.Settings>.. <setting name="MustUpgrade" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="Version" serializeAs="String">.. <value>0</value>.. </setting>.. </Deus_Launcher.Properties.Settings>.. </userSettings>..</configuration>

C:\Users\user\AppData\Roaming\Deus\bin\Deus 10.0.dll (copy)

Download File

Process:	C:\Users\user\Desktop\download\Deus.Launcher.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	7559168
Entropy (8bit):	7.906176582601011
Encrypted:	false
SSDEEP:	196608:6SYxxxxeTdjsdIpViTLaN05BcO70UfZta4Iyw:PmdIpViT2uBD706Z04o
MD5:	5E320A71962AE946EC87C9C3F0930762
SHA1:	18EC9520094969E74F1D68BDD3B03A3E7DB91F06
SHA-256:	608A735D6C4956DA1C1C6476AA17B167D4B85D00368CD52BA5DC914CE7F33CC5
SHA-512:	F7DF3F8DE251654FC39F2DC96CE6C2B2C1027649F08CA1981C9956573CC9BA1A159EEEA2A2C2B3EE4D58D9D6B1199A22B12FC1372749C6F5980045625AF0B5CB
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#.k.B.8.B.8.B.8.:.8.B.8..d8.B.8..9.B.8..9.B.8..9.B.8..9.B.8.=.9.B.8.:.9.B.8.B.8.@.8..9.B.8..9.B.8..9X@.8..f8.B.8..9.B.8Rich.B.8........PE..d......g.........." ...).Ps......P.....`................................................`.....................................................H.............q. ...........<... ...........................P...(.......@...........................................UPX0.....P..............................UPX1.....Ps..`...Hs.................@....rsrc................Ls.............@..............................................................................................................................................................................................................................................................................................................................................4.22.UPX!.$..

C:\Users\user\AppData\Roaming\Deus\bin\Deus 10.0.dll.tmp

Download File

Process:	C:\Users\user\Desktop\download\Deus.Launcher.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	7559168
Entropy (8bit):	7.906176582601011
Encrypted:	false
SSDEEP:	196608:6SYxxxxeTdjsdIpViTLaN05BcO70UfZta4Iyw:PmdIpViT2uBD706Z04o
MD5:	5E320A71962AE946EC87C9C3F0930762
SHA1:	18EC9520094969E74F1D68BDD3B03A3E7DB91F06
SHA-256:	608A735D6C4956DA1C1C6476AA17B167D4B85D00368CD52BA5DC914CE7F33CC5
SHA-512:	F7DF3F8DE251654FC39F2DC96CE6C2B2C1027649F08CA1981C9956573CC9BA1A159EEEA2A2C2B3EE4D58D9D6B1199A22B12FC1372749C6F5980045625AF0B5CB
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#.k.B.8.B.8.B.8.:.8.B.8..d8.B.8..9.B.8..9.B.8..9.B.8..9.B.8.=.9.B.8.:.9.B.8.B.8.@.8..9.B.8..9.B.8..9X@.8..f8.B.8..9.B.8Rich.B.8........PE..d......g.........." ...).Ps......P.....`................................................`.....................................................H.............q. ...........<... ...........................P...(.......@...........................................UPX0.....P..............................UPX1.....Ps..`...Hs.................@....rsrc................Ls.............@..............................................................................................................................................................................................................................................................................................................................................4.22.UPX!.$..

C:\Users\user\Desktop\cmdline.out

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with very long lines (539), with CRLF line terminators
Category:	modified
Size (bytes):	2463
Entropy (8bit):	5.35485771594464
Encrypted:	false
SSDEEP:	48:Ks755E8N8g554rGIz9fmrGIz9fpDwD56dF0ibQ0UD:71IF3IFl2
MD5:	E4FC54193509B07672D80F54C9F5679F
SHA1:	0B3185999D4A81A5A6FAA2DE2A797702A8CF854A
SHA-256:	DE86814689B67DA7D41C893D17E3C206DAC2AB7E6A1D1288B73CCADED25DCE07
SHA-512:	3531D70572B9FBB61903925F078F401E20607888E3308983E311C3BE7CC3B08313D2240A7B17C20A862B253695E028BAD59DCF915B442227E05A9761575DF4C9
Malicious:	false
Reputation:	low
Preview:	--2025-02-18 20:04:55-- https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe..Resolving github.com (github.com)... 140.82.116.4..Connecting to github.com (github.com)\|140.82.116.4\|:443... connected...HTTP request sent, awaiting response... 301 Moved Permanently..Location: https://github.com/divinusinc/pulmenti/releases/download/launcher/Deus.Launcher.exe [following]..--2025-02-18 20:04:56-- https://github.com/divinusinc/pulmenti/releases/download/launcher/Deus.Launcher.exe..Connecting to github.com (github.com)\|140.82.116.4\|:443... connected...HTTP request sent, awaiting response... 302 Found..Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/655088253/5df374d6-3ac8-4179-bca7-3cbe37324c30?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250219%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250219T010458Z&X-Amz-Expires=300&X-Amz-Signature=fd48d3c12cd8693ba7eb9249c1f8389aa4c9263ac5df50c687fb63ec1f

C:\Users\user\Desktop\download\Deus.Launcher.exe

Download File

Process:	C:\Windows\SysWOW64\wget.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	136192
Entropy (8bit):	7.736021950674218
Encrypted:	false
SSDEEP:	3072:ovwgxjZhgHVp8DMDLo66cF7irILgZP6UrcWcazz2H5sRVrayY:2KpFP6c2v0nWcazz2Zs/2y
MD5:	9336D541886BFF351FFE1BCAA2AF7904
SHA1:	168E7576D81809619C26F25356781643E20F03D0
SHA-256:	3DE197749C2BAD89383625267088CAA4C89DA61670461490D8D7E3B5BDE0E085
SHA-512:	3F01B1AC57CC8587FD2A4F5316991BA02FB606D0DF083367E0A5F609314E267DF350489F654F807ACA0E531152041F821327B887E379EAF54B1BBAFABCC87070
Malicious:	false
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....,B..........."...0......,........... .....@..... .......................`............`...@......@............... ............................... .................................8............................................................ ..H............text...1.... ...................... ..`.rsrc....... ...,..................@..@........................................H........8...A......,....z.. .............................................{...."..}......{...."..}....V.(......(......(......(........D...%....(....,..(........D...%....(....&....0............}.....(.......(....r...p(....}.....{....(....-..{....(....&.{....r...p(....(....-..{....r...p(....(....&.{....r...p(....(....,2.{....r...p(....(......&.r1..p...(....&.( ..........{....r...p(....(!...}.....().....o"...ro..p(....o#....{..........%..ry..ps.....%..r...ps.....%..r...ps.....o$..

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-02-19T02:05:04.089204+0100	2001046	ET MALWARE UPX compressed file download possible malware	3	172.67.214.1	443	192.168.11.20	49715	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 19, 2025 02:04:56.795109034 CET	49711	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:56.795151949 CET	443	49711	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:56.795377970 CET	49711	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:56.800384998 CET	49711	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:56.800399065 CET	443	49711	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:57.207823992 CET	443	49711	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:57.208060980 CET	49711	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:57.209733009 CET	49711	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:57.209796906 CET	443	49711	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:57.210762024 CET	443	49711	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:57.212786913 CET	49711	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:57.254447937 CET	443	49711	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:57.657335043 CET	443	49711	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:57.657471895 CET	443	49711	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:57.657565117 CET	443	49711	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:57.657783031 CET	49711	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:57.668087959 CET	49711	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:57.668138027 CET	443	49711	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:57.680711985 CET	49712	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:57.680758953 CET	443	49712	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:57.680969954 CET	49712	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:57.682912111 CET	49712	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:57.682936907 CET	443	49712	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:58.066694021 CET	443	49712	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:58.066914082 CET	49712	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:58.068942070 CET	49712	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:58.068972111 CET	443	49712	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:58.069545031 CET	443	49712	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:58.071285009 CET	49712	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:58.114257097 CET	443	49712	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:58.548491001 CET	443	49712	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:58.548814058 CET	443	49712	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:58.548883915 CET	443	49712	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:58.549004078 CET	49712	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:58.549180031 CET	49712	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:58.562459946 CET	49712	443	192.168.11.20	140.82.116.4
Feb 19, 2025 02:04:58.562494993 CET	443	49712	140.82.116.4	192.168.11.20
Feb 19, 2025 02:04:58.746838093 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:58.746854067 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:58.747029066 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:58.748873949 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:58.748882055 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.098982096 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.099200010 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.100312948 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.100356102 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.101052046 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.103789091 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.146223068 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.785773039 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.786767006 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.786865950 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.786958933 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.787059069 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.787060976 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.787116051 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.787153006 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.787307978 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.791795015 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.797563076 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.797669888 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.797806978 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.797864914 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.798088074 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.802856922 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.808444977 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.808768988 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.808851004 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.814095974 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.814285040 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.814321995 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.819566965 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.819797039 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.819849968 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.825021029 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.825273991 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.825330973 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.830432892 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.830729961 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.830787897 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.835916042 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.836200953 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.836282015 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.846697092 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.846807003 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.846920013 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.846976995 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.847208977 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.852171898 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.897646904 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.951646090 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.954019070 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.954125881 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.954313040 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.954370975 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.954590082 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.959076881 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.963452101 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.963614941 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.963656902 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.968583107 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.968725920 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.968761921 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.994254112 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.994273901 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.994323969 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.994519949 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.994523048 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.994571924 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.994595051 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.994713068 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:04:59.994745970 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:04:59.994878054 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.015177965 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:05:00.015237093 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:05:00.015394926 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.015394926 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.015443087 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:05:00.015535116 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.015666962 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.059462070 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:05:00.059523106 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:05:00.059663057 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.059663057 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.059719086 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:05:00.059786081 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.059919119 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.129714966 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:05:00.129771948 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:05:00.129913092 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.129913092 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.129955053 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.129955053 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.129955053 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.129980087 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:05:00.130172014 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.146167994 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:05:00.146272898 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:05:00.146424055 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.146425009 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.146505117 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:05:00.146533966 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.146683931 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.150479078 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:05:00.150645018 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.150655985 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:05:00.150818110 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.157047033 CET	49713	443	192.168.11.20	185.199.110.133
Feb 19, 2025 02:05:00.157095909 CET	443	49713	185.199.110.133	192.168.11.20
Feb 19, 2025 02:05:02.187302113 CET	49714	443	192.168.11.20	104.21.93.187
Feb 19, 2025 02:05:02.187325954 CET	443	49714	104.21.93.187	192.168.11.20
Feb 19, 2025 02:05:02.187604904 CET	49714	443	192.168.11.20	104.21.93.187
Feb 19, 2025 02:05:02.197732925 CET	49714	443	192.168.11.20	104.21.93.187
Feb 19, 2025 02:05:02.197751999 CET	443	49714	104.21.93.187	192.168.11.20
Feb 19, 2025 02:05:02.547144890 CET	443	49714	104.21.93.187	192.168.11.20
Feb 19, 2025 02:05:02.547487974 CET	49714	443	192.168.11.20	104.21.93.187
Feb 19, 2025 02:05:02.550746918 CET	49714	443	192.168.11.20	104.21.93.187
Feb 19, 2025 02:05:02.550770998 CET	443	49714	104.21.93.187	192.168.11.20
Feb 19, 2025 02:05:02.551270962 CET	443	49714	104.21.93.187	192.168.11.20
Feb 19, 2025 02:05:02.584129095 CET	49714	443	192.168.11.20	104.21.93.187
Feb 19, 2025 02:05:02.626286030 CET	443	49714	104.21.93.187	192.168.11.20
Feb 19, 2025 02:05:03.000128984 CET	443	49714	104.21.93.187	192.168.11.20
Feb 19, 2025 02:05:03.000211954 CET	443	49714	104.21.93.187	192.168.11.20
Feb 19, 2025 02:05:03.000394106 CET	49714	443	192.168.11.20	104.21.93.187
Feb 19, 2025 02:05:03.004288912 CET	49714	443	192.168.11.20	104.21.93.187
Feb 19, 2025 02:05:03.188118935 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:03.188178062 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:03.188324928 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:03.188600063 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:03.188618898 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:03.532020092 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:03.532253981 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:03.533622026 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:03.533660889 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:03.534344912 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:03.535260916 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:03.578217983 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.060405970 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.081749916 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.081826925 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.081991911 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.082047939 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.082250118 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.082437992 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.082609892 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.082766056 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.082801104 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.083206892 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.083318949 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.083420038 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.083453894 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.083650112 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.084135056 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.084238052 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.084322929 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.084376097 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.084430933 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.084578991 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.085165977 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.085268021 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.085336924 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.085391045 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.085616112 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.085990906 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.086236954 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.086333036 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.086431026 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.086476088 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.086738110 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.086771011 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.087104082 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.087212086 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.087349892 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.087379932 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.087517023 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.087551117 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.088267088 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.088372946 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.088502884 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.088558912 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.088774920 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.088802099 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.089137077 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.089229107 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.089375019 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.089406013 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.089600086 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.089827061 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.090061903 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.090151072 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.090413094 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.090449095 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.090590000 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.090780020 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.091248035 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.091451883 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.091480970 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.092673063 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.092957020 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.093008995 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.093240023 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.224900007 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.225121021 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.248083115 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.248225927 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.248292923 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.248358011 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.248449087 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.248617887 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.249198914 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.249418974 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.250053883 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.250235081 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.250296116 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.251033068 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.251306057 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.251370907 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.251420975 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.251454115 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.251719952 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.252561092 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.252846003 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.252921104 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.253134966 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.253175020 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.253552914 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.253808975 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.255153894 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.255291939 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.255297899 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.255521059 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.255573034 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.256302118 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.256514072 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.256565094 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.256725073 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.257837057 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.258084059 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.258111954 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.258147955 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.258229971 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.258347988 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.389826059 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.390065908 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.411413908 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.411626101 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.411639929 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.411693096 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.412312984 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.413213015 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.413425922 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.413696051 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.413908005 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.414443970 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.415090084 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.415090084 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.415268898 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.415467978 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.416179895 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.416415930 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.416631937 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.416858912 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.417582989 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.417714119 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.417819977 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.418282032 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.418521881 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.418646097 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.418797016 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.418859005 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.419517994 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.419749975 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.420294046 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.420954943 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.420986891 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.421150923 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.421189070 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.421215057 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.421353102 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.422138929 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.422318935 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.422395945 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.422406912 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.422430992 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.422605038 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.423306942 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.423563957 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.423590899 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.424454927 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.424645901 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.424671888 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.424879074 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.425153971 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.425400972 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.425846100 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.426089048 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.426117897 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.426362991 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.426778078 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.426955938 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.429620981 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.429760933 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.429848909 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.429897070 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.429914951 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.430027962 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.432868004 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.432934999 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.433044910 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.433072090 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.433423042 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.435595036 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.435698986 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.436114073 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.436114073 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.436114073 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.436178923 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.438570976 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.438626051 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.438750982 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.438786983 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.438803911 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.438930988 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.441291094 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.441344976 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.441457987 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.441520929 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.441637993 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.444159031 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.444210052 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.444577932 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.444631100 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.463280916 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.463339090 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.463412046 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.463459969 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.463486910 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.463632107 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.556405067 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.556457043 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.556591988 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.556761026 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.556786060 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.557096958 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.577966928 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.578017950 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.578156948 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.578237057 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.578267097 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.578536034 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.581198931 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.581248999 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.581459999 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.581499100 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.581522942 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.581705093 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.584059000 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.584105968 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.584244013 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.584408998 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.584445953 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.584697008 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.586998940 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.587040901 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.587162018 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.587291002 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.587330103 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.587440968 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.587511063 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.589819908 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.589864016 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.590018988 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.590066910 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.590081930 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.590279102 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.590341091 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.592888117 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.592928886 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.593090057 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.593121052 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.593153000 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.593277931 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.595767975 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.595808983 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.595995903 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.596035957 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.596057892 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.596374035 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.598814011 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.598854065 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.599018097 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.599167109 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.599205017 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.599225998 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.599440098 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.601701975 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.601742029 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.601866007 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.601963043 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.601988077 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.602108002 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.602196932 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.604847908 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.604886055 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.605046034 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.605087042 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.605108023 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.605211973 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.605381966 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.607722998 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.607762098 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.607933044 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.607975006 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.607995987 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.608136892 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.608270884 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.610419989 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.610455990 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.610624075 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.610666037 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.610687017 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.610841036 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.610960960 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.613338947 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.613375902 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.613502979 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.613554001 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.613579035 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.613692999 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.613806963 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.616552114 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.616591930 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.616782904 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.616822004 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.616976976 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.617078066 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.619442940 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.619479895 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.619812965 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.619852066 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.620151997 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.622524977 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.622562885 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.622750998 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.622792006 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.622812986 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.622944117 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.623102903 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.625885010 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.625924110 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.626125097 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.626164913 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.626317024 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.626440048 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.628387928 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.628424883 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.628628969 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.628719091 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.628757000 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.628998995 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.631360054 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.631397009 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.631613016 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.631653070 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.631678104 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.631872892 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.634341955 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.634380102 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.634510040 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.634582996 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.634608984 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.634737015 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.634835958 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.637515068 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.637551069 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.637748957 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.637787104 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.637811899 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.637955904 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.640381098 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.640419960 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.640650988 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.640690088 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.640713930 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.640860081 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.643719912 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.643759012 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.643975973 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.644015074 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.644131899 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.644239902 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.645807028 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.645845890 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.646049023 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.646135092 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.646135092 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.646158934 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.646430016 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.719425917 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.719448090 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.719633102 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.719798088 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.719810963 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.720009089 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.721704006 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.721715927 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.722148895 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.722148895 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.722161055 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.722385883 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.741396904 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.741408110 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.741602898 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.741677046 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.741684914 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.741888046 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.741945982 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.744260073 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.744271040 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.744479895 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.744488001 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.744554996 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.744704008 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.747009039 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.747023106 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.747198105 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.747327089 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.747334003 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.747536898 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.749794960 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.749803066 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.749958038 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.750061989 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.750065088 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.750296116 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.752599955 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.752608061 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.752829075 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.752899885 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.752906084 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.753015041 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.753169060 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.756161928 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.756169081 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.756356955 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.756469011 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.756478071 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.756721973 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.759008884 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.759016037 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.759238005 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.759247065 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.759448051 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.761543036 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.761549950 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.761811018 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.761816978 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.761852980 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.762135983 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.765137911 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.765146017 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.765494108 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.765501022 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.765753031 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.768263102 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.768274069 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.768443108 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.768521070 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.768527031 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.768631935 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.768754959 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.770808935 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.770819902 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.771056890 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.771064997 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.771198988 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.771301031 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.773333073 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.773344040 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.773557901 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.773643017 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.773648024 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.773901939 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.776920080 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.776932001 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.777101994 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.777179003 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.777185917 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.777348042 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.777453899 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.779850006 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.779860973 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.780091047 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.780097961 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.780169010 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.780312061 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.782622099 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.782633066 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.782804966 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.782857895 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.782865047 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.782979012 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.783117056 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.785831928 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.785841942 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.786082029 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.786089897 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.786134958 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.786272049 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.788852930 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.788863897 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.789077997 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.789087057 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.789166927 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.789397955 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.791466951 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.791476965 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.791632891 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.791734934 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.791745901 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.791882992 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.792012930 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.794368982 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.794379950 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.794567108 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.794568062 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.794682026 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.794692993 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.794929028 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.797785997 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.797796965 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.797966003 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.797993898 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.797997952 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.798094988 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.798176050 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.800736904 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.800748110 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.800935030 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.800935030 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.800990105 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.801002026 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.801095963 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.801229000 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.802998066 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.803009033 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.803164959 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.803237915 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.803250074 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.803327084 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.803441048 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.805744886 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.805756092 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.805938959 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.806008101 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.806008101 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.806020021 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.806144953 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.808706045 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.808717012 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.808995008 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.809006929 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.809019089 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.809295893 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.811285973 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.811295986 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.811458111 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.811543941 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.811554909 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.811639071 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.811770916 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.813641071 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.813652039 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.813957930 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.813970089 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.814251900 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.816006899 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.816018105 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.816198111 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.816198111 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.816303968 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.816315889 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.816600084 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.819113970 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.819124937 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.819291115 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.819356918 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.819369078 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.819447041 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.819642067 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.821418047 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.821428061 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.821634054 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.821688890 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.821688890 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.821702003 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.821930885 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.823667049 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.823677063 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.823839903 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.824062109 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.824074030 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.824377060 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.826028109 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.826037884 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.826167107 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.826353073 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.826364040 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.826525927 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.828923941 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.828934908 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.829078913 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.829139948 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.829148054 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.829262018 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.829431057 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.831289053 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.831300020 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.831459999 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.831549883 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.831562042 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.831718922 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.831835985 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.833761930 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.833772898 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.833942890 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.834125042 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.834136009 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.834306002 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.836566925 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.836576939 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.836747885 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.836803913 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.836816072 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.836889982 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.837104082 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.838932991 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.838943005 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.839128017 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.839128017 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.839142084 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.839260101 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.839337111 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.841511965 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.841522932 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.841681004 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.841833115 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.841845036 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.842168093 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.843497992 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.843508959 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.843718052 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.843729973 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.843873978 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.843978882 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.846723080 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.846733093 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.847045898 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.847059011 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.847254992 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.848922968 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.848932981 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.849100113 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.849168062 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.849179983 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.849349976 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.849428892 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.851279974 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.851290941 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.851567984 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.851579905 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.851636887 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.851752043 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.854237080 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.854247093 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.854414940 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.854471922 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.854484081 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.854559898 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.854690075 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.856750965 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.856760979 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.856926918 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.857004881 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.857016087 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.857131958 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.857278109 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.858951092 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.858961105 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.859137058 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.859289885 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.859302044 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.859370947 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.859463930 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.861310959 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.861321926 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.861567974 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.861579895 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.861649990 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.861747980 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.864238977 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.864248991 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.864424944 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.864480972 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.864491940 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.864648104 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.864711046 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.866591930 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.866602898 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.866740942 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.866878986 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.866890907 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.867077112 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.868979931 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.868990898 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.869173050 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.869237900 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.869249105 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.869368076 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.869472027 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.872018099 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.872026920 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.872199059 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.872345924 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.872359037 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.872498035 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.874403954 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.874413013 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.874645948 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.874656916 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.874737024 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.874932051 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.884351969 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.884366035 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.884598017 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.884819984 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.884831905 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.885138988 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.886614084 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.886627913 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.886787891 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.886909008 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.886920929 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.887022018 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.887126923 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.888933897 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.888946056 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.889117002 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.889265060 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.889276981 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.889468908 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.890892982 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.890907049 CET	443	49715	172.67.214.1	192.168.11.20
Feb 19, 2025 02:05:04.891066074 CET	49715	443	192.168.11.20	172.67.214.1
Feb 19, 2025 02:05:04.891277075 CET	49715	443	192.168.11.20</

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Divinus,_Inc\Deus.Launcher.exe_Url_wzqwwm24yrg45qzy15d2hyc2xdzm2ela\1.0.0.0\user.config (copy)

C:\Users\user\AppData\Local\Divinus,_Inc\Deus.Launcher.exe_Url_wzqwwm24yrg45qzy15d2hyc2xdzm2ela\1.0.0.0\ybugmkv1.newcfg

C:\Users\user\AppData\Roaming\Deus\bin\Deus 10.0.dll (copy)

C:\Users\user\AppData\Roaming\Deus\bin\Deus 10.0.dll.tmp

C:\Users\user\Desktop\cmdline.out

C:\Users\user\Desktop\download\Deus.Launcher.exe

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

Windows Analysis Report
https://github.com/divinusinc/Deus/releases/download/launcher/Deus.Launcher.exe