Edit tour

Windows Analysis Report
http://onedrivesharedfiles.sbs/

Overview

General Information

Sample URL:	http://onedrivesharedfiles.sbs/
Analysis ID:	1620192
Infos:

Detection

DarkCloud

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Antivirus detection for dropped file

Yara detected DarkCloud

Yara detected Telegram RAT

AI detected suspicious URL

Downloads suspicious files via Chrome

Hides threads from debuggers

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to evade debugger and weak emulator (self modifying code)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Creates a process in suspended mode (likely to inject code)

Drops PE files

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2492,i,3353339676385122419,12674454738491559677,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

unarchiver.exe (PID: 6816 cmdline: "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso" MD5: 16FF3CC6CC330A08EED70CBC1D35F5D2)

7za.exe (PID: 6844 cmdline: "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e" "C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso" MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)

conhost.exe (PID: 6852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 6912 cmdline: "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

boonless_protected.exe (PID: 6952 cmdline: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe MD5: 5F1A95A0277B6D95AB7D36A79B4457FE)

chrome.exe (PID: 6456 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://onedrivesharedfiles.sbs/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DarkCloud Stealer	Stealer is written in Visual Basic.	No Attribution	https://asec.ahnlab.com/en/53128/ https://c3rb3ru5d3d53c.github.io/malware-blog/darkcloud-stealer/	https://malpedia.caad.fkie.fraunhofer.de/details/win.darkcloud

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
0000000B.00000003.1914629632.0000000000CA0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
0000000B.00000003.1914629632.0000000000CA0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000B.00000003.1914629632.0000000000CA0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0000000B.00000002.2604304370.0000000000401000.00000020.00000001.01000000.00000008.sdmp	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
0000000B.00000002.2604304370.0000000000401000.00000020.00000001.01000000.00000008.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000B.00000002.2604304370.0000000000401000.00000020.00000001.01000000.00000008.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: boonless_protected.exe PID: 6952	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
Process Memory Space: boonless_protected.exe PID: 6952	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: boonless_protected.exe PID: 6952	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Click to see the 4 entries

Unpacked PEs

Source	Rule	Description	Author
11.3.boonless_protected.exe.ca2730.0.raw.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
11.3.boonless_protected.exe.ca2730.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
11.3.boonless_protected.exe.ca2730.0.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
11.3.boonless_protected.exe.ca2730.0.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
11.3.boonless_protected.exe.ca2730.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
11.3.boonless_protected.exe.ca2730.0.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
11.2.boonless_protected.exe.403730.1.raw.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
11.2.boonless_protected.exe.403730.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
11.2.boonless_protected.exe.403730.1.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
11.2.boonless_protected.exe.403730.1.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
11.2.boonless_protected.exe.403730.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
11.2.boonless_protected.exe.403730.1.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
11.2.boonless_protected.exe.400000.0.unpack	JoeSecurity_DarkCloud	Yara detected DarkCloud	Joe Security
11.2.boonless_protected.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
11.2.boonless_protected.exe.400000.0.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Click to see the 10 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://fileupload.angel-hosting.cloud/download/67b650b49b82a72ac05bb155

Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe

Avira: detection malicious, Label: TR/Crypt.XPACK.Gen2

Phishing

AI detected suspicious URL

Source: http://onedrivesharedfiles.sbs

Joe Sandbox AI: The URL 'onedrivesharedfiles.sbs' closely resembles Microsoft's OneDrive service, a well-known cloud storage platform. The use of 'onedrive' in the domain suggests an attempt to mimic the legitimate OneDrive URL. The addition of 'sharedfiles' could be an attempt to imply a legitimate function of OneDrive, which is sharing files. The '.sbs' domain extension is not commonly associated with Microsoft or OneDrive, increasing the likelihood of confusion. The structural similarity and the use of a less common domain extension suggest a high likelihood of typosquatting. However, without further context, it is possible that this domain could be used for a legitimate purpose unrelated to Microsoft, but the likelihood is low given the context and similarity.

Source: C:\Windows\SysWOW64\unarchiver.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source:

Binary string: W.pdb4 source: boonless_protected.exe, 0000000B.00000003.1914629632.0000000000CA0000.00000004.00001000.00020000.00000000.sdmp, boonless_protected.exe, 0000000B.00000002.2604304370.0000000000401000.00000020.00000001.01000000.00000008.sdmp

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /download/67b650b49b82a72ac05bb155 HTTP/1.1Host: fileupload.angel-hosting.cloudConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: onedrivesharedfiles.sbsConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: onedrivesharedfiles.sbs
Source: global traffic	DNS traffic detected: DNS query: fileupload.angel-hosting.cloud

Source: boonless_protected.exe, 0000000B.00000003.1914629632.0000000000CA0000.00000004.00001000.00020000.00000000.sdmp, boonless_protected.exe, 0000000B.00000002.2604304370.0000000000401000.00000020.00000001.01000000.00000008.sdmp

String found in binary or memory: http://showip.netxhttp://www.mediacollege.com/internet/utilities/show-ip.shtml

Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

System Summary

Downloads suspicious files via Chrome

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File dump: C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso (copy)

Jump to dropped file

PE file contains section with special chars

Source: boonless_protected.exe.7.dr	Static PE information: section name:
Source: boonless_protected.exe.7.dr	Static PE information: section name:
Source: boonless_protected.exe.7.dr	Static PE information: section name:

Source: boonless_protected.exe.7.dr

Static PE information: Section: ZLIB complexity 0.9984046672952587

Source: boonless_protected.exe, 0000000B.00000002.2604430430.0000000000459000.00000004.00000001.01000000.00000008.sdmp	Binary or memory string: B*\AC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbp
Source: boonless_protected.exe	Binary or memory string: B*\AC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbp
Source: boonless_protected.exe, 0000000B.00000003.1914629632.0000000000CA0000.00000004.00001000.00020000.00000000.sdmp, boonless_protected.exe, 0000000B.00000002.2604304370.0000000000401000.00000020.00000001.01000000.00000008.sdmp	Binary or memory string: E*\AC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbp

Source: classification engine

Classification label: mal100.troj.evad.win@27/6@6/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\4cf7277c-6587-468b-9f8b-5fed8953bf00.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6852:120:WilError_03

Source: C:\Windows\SysWOW64\unarchiver.exe

File created: C:\Users\user\AppData\Local\Temp\unarchiver.log

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2492,i,3353339676385122419,12674454738491559677,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://onedrivesharedfiles.sbs/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso"
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e" "C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso"
Source: C:\Windows\SysWOW64\7za.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2492,i,3353339676385122419,12674454738491559677,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\SysWOW64\unarchiver.exe "C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e" "C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso"	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe	Section loaded: 7z.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Section loaded: msvbvm60.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Section loaded: vb6zz.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Section loaded: wintypes.dll	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\unarchiver.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source:

Source: initial sample

Static PE information: section where entry point is pointing to: .boot

Source: boonless_protected.exe.7.dr	Static PE information: section name:
Source: boonless_protected.exe.7.dr	Static PE information: section name:
Source: boonless_protected.exe.7.dr	Static PE information: section name:
Source: boonless_protected.exe.7.dr	Static PE information: section name: .themida
Source: boonless_protected.exe.7.dr	Static PE information: section name: .boot

Source: boonless_protected.exe.7.dr

Static PE information: section name: entropy: 7.965556338807165

Source: C:\Windows\SysWOW64\7za.exe

File created: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Window searched: window name: RegmonClass	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe

File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Jump to behavior

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe

Special instruction interceptor: First address: 4A568A instructions caused by: Self-modifying code

Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: F10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 2C10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Memory allocated: 4C10000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Window / User API: threadDelayed 860	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Window / User API: threadDelayed 9139	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Window / User API: foregroundWindowGot 1694	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6908	Thread sleep count: 860 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6908	Thread sleep time: -430000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6908	Thread sleep count: 9139 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6908	Thread sleep time: -4569500s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\unarchiver.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\unarchiver.exe

Code function: 6_2_00C5B1D6 GetSystemInfo,

6_2_00C5B1D6

Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Process queried: DebugObjectHandle	Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\7za.exe "C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e" "C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso"	Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe	Process created: C:\Windows\SysWOW64\cmd.exe "cmd.exe" /C "C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Windows\SysWOW64\unarchiver.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected DarkCloud

Source: Yara match	File source: 11.3.boonless_protected.exe.ca2730.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.3.boonless_protected.exe.ca2730.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.boonless_protected.exe.403730.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.boonless_protected.exe.403730.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.boonless_protected.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000003.1914629632.0000000000CA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2604304370.0000000000401000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: boonless_protected.exe PID: 6952, type: MEMORYSTR

Yara detected Telegram RAT

Source: Yara match	File source: 11.3.boonless_protected.exe.ca2730.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.3.boonless_protected.exe.ca2730.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.boonless_protected.exe.403730.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.boonless_protected.exe.403730.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.boonless_protected.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000003.1914629632.0000000000CA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2604304370.0000000000401000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: boonless_protected.exe PID: 6952, type: MEMORYSTR

Source: Yara match	File source: 11.3.boonless_protected.exe.ca2730.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.3.boonless_protected.exe.ca2730.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.boonless_protected.exe.403730.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.boonless_protected.exe.403730.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.boonless_protected.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000003.1914629632.0000000000CA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2604304370.0000000000401000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: boonless_protected.exe PID: 6952, type: MEMORYSTR

Remote Access Functionality

Yara detected DarkCloud

Source: Yara match	File source: 11.3.boonless_protected.exe.ca2730.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.3.boonless_protected.exe.ca2730.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.boonless_protected.exe.403730.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.boonless_protected.exe.403730.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.boonless_protected.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000003.1914629632.0000000000CA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2604304370.0000000000401000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: boonless_protected.exe PID: 6952, type: MEMORYSTR

Yara detected Telegram RAT

Source: Yara match	File source: 11.3.boonless_protected.exe.ca2730.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.3.boonless_protected.exe.ca2730.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.boonless_protected.exe.403730.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.boonless_protected.exe.403730.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.boonless_protected.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000B.00000003.1914629632.0000000000CA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2604304370.0000000000401000.00000020.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: boonless_protected.exe PID: 6952, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	11 Process Injection	1 Masquerading	OS Credential Dumping	62 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	34 Virtualization/Sandbox Evasion	LSASS Memory	34 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Disable or Modify Tools	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	114 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Software Packing	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://onedrivesharedfiles.sbs/	0%	Avira URL Cloud	safe

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe	100%	Avira	TR/Crypt.XPACK.Gen2

Source	Detection	Scanner	Label	Link
https://fileupload.angel-hosting.cloud/download/67b650b49b82a72ac05bb155	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
onedrivesharedfiles.sbs	104.21.112.1	true	true	unknown
www.google.com	142.250.186.132	true	false	high
fileupload.angel-hosting.cloud	172.67.219.50	true	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://onedrivesharedfiles.sbs/	true		unknown
https://fileupload.angel-hosting.cloud/download/67b650b49b82a72ac05bb155	false	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://showip.netxhttp://www.mediacollege.com/internet/utilities/show-ip.shtml	boonless_protected.exe, 0000000B.00000003.1914629632.0000000000CA0000.00000004.00001000.00020000.00000000.sdmp, boonless_protected.exe, 0000000B.00000002.2604304370.0000000000401000.00000020.00000001.01000000.00000008.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.219.50	fileupload.angel-hosting.cloud	United States	13335	CLOUDFLARENETUS	false
104.21.112.1	onedrivesharedfiles.sbs	United States	13335	CLOUDFLARENETUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1620192
Start date and time:	2025-02-20 18:39:23 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://onedrivesharedfiles.sbs/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.win@27/6@6/5
EGA Information:	Successful, ratio: 50%
HCA Information:	Failed

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.227, 142.250.185.142, 64.233.184.84, 142.250.186.46, 172.217.18.110, 142.250.185.174, 199.232.210.172, 2.17.190.73, 142.250.186.174, 172.217.16.206, 172.217.23.110, 216.58.206.46, 172.217.16.195, 142.250.185.206, 2.19.244.127, 52.149.20.212, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Execution Graph export aborted for target boonless_protected.exe, PID 6952 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://onedrivesharedfiles.sbs/

Simulations

Behavior and APIs

Time	Type	Description
12:41:10	API Interceptor	5691x Sleep call for process: boonless_protected.exe modified
12:41:11	API Interceptor	111616x Sleep call for process: unarchiver.exe modified

Process:	C:\Windows\SysWOW64\7za.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2928640
Entropy (8bit):	7.944888225605612
Encrypted:	false
SSDEEP:	49152:qskXfNaUy4IvWRp1Upq8h6BP2Tv7n9jUQj3TIEofWoQMCSqQl5uP7S087:c4URppiXh6sTvz9NIffVCSjl54Ru
MD5:	5F1A95A0277B6D95AB7D36A79B4457FE
SHA1:	31F88E3AB8C809E53C357BDE841EAC8766C12D0F
SHA-256:	C1F0F113E72E88E89271184413900E7C51D0D550F29B89804618E468C1A4E9C6
SHA-512:	7E79DB62665408CF68428920198358C6E2C79A14821D0BA2C3A63AD0618EB9D3CEC558BE2AADE1EF1E2403332AD7877E9C71E6D1E3AA552995636D3E0C1792DE
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].......................p...............Rich............................PE..L....o.g..................... ......XpG...........@..........................0p.....,.,.....................................=...P................................................................................................................... t{.......................... ..` ............................@... ............................@..@.idata..............................@....rsrc...............................@..@.themida..A.........................`....boot.....(..pG...(.................`..`................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\unarchiver.log

Download File

Process:	C:\Windows\SysWOW64\unarchiver.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1785
Entropy (8bit):	5.13895175564947
Encrypted:	false
SSDEEP:	48:/i29GVGGbYGVGGpTGGFGVGGpjGb+GaGWGgGSGk9GqGVGGbGVGGZ+GiGhbA:/ED/4Yo0C4iA
MD5:	12A934AC1CE1F6919958C0D10C144816
SHA1:	67AA05F482B5A340D27D7F1CE15EB5E50FCBFE6C
SHA-256:	5A2540A94E3F57573A95025B37771482EF43E75906A4C6913CFA98D87B1F3EEA
SHA-512:	92DEC291F6F7B201412AA37BDAAE65A6F4224C3A109507FA94374E5429FFECFC6C80514979F031E69162318BF01FDAF983B4D10011E105132E3A6647E6CF4543
Malicious:	false
Reputation:	low
Preview:	02/20/2025 12:40 PM: Unpack: C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso..02/20/2025 12:40 PM: Tmp dir: C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e..02/20/2025 12:40 PM: Received from standard out: ..02/20/2025 12:40 PM: Received from standard out: 7-Zip 18.05 (x86) : Copyright (c) 1999-2018 Igor Pavlov : 2018-04-30..02/20/2025 12:40 PM: Received from standard out: ..02/20/2025 12:40 PM: Received from standard out: Scanning the drive for archives:..02/20/2025 12:40 PM: Received from standard out: 1 file, 3473408 bytes (3392 KiB)..02/20/2025 12:40 PM: Received from standard out: ..02/20/2025 12:40 PM: Received from standard out: Extracting archive: C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso..02/20/2025 12:40 PM: Received from standard out: --..02/20/2025 12:40 PM: Received from standard out: Path = C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso..02/20/2025 12:40 PM: Received from standard out: Type = Udf..02/20/2025 12:40 PM: Receiv

C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UDF filesystem data (version 1.5) 'PAYMENT_49070_FROM_TKO_MEDIA_LLC'
Category:	dropped
Size (bytes):	3473408
Entropy (8bit):	7.2420805904724785
Encrypted:	false
SSDEEP:	49152:uskXfNaUy4IvWRp1Upq8h6BP2Tv7n9jUQj3TIEofWoQMCSqQl5uP7S087:44URppiXh6sTvz9NIffVCSjl54Ru
MD5:	679C980F609FBA6D110CC583482A79C4
SHA1:	2D820873EAF77C93F3B5550456BC16CE5D4EB749
SHA-256:	86074271ADDA27B96B81FCE5CD0FBCE399085558A99F79940BBBF0F4D9C775F8
SHA-512:	E0D65C792260F60405440CC42DA4EF36891DFE92256E2AA2DAB8DCBE1AFAAE7089131DD4AE0DE70700AD52AD6D1E10F833B15A4E39EF1536F1A94418A856EA5E
Malicious:	true
Reputation:	low
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UDF filesystem data (version 1.5) 'PAYMENT_49070_FROM_TKO_MEDIA_LLC'
Category:	dropped
Size (bytes):	3473408
Entropy (8bit):	7.2420805904724785
Encrypted:	false
SSDEEP:	49152:uskXfNaUy4IvWRp1Upq8h6BP2Tv7n9jUQj3TIEofWoQMCSqQl5uP7S087:44URppiXh6sTvz9NIffVCSjl54Ru
MD5:	679C980F609FBA6D110CC583482A79C4
SHA1:	2D820873EAF77C93F3B5550456BC16CE5D4EB749
SHA-256:	86074271ADDA27B96B81FCE5CD0FBCE399085558A99F79940BBBF0F4D9C775F8
SHA-512:	E0D65C792260F60405440CC42DA4EF36891DFE92256E2AA2DAB8DCBE1AFAAE7089131DD4AE0DE70700AD52AD6D1E10F833B15A4E39EF1536F1A94418A856EA5E
Malicious:	false
Reputation:	low
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UDF filesystem data (version 1.5) 'PAYMENT_49070_FROM_TKO_MEDIA_LLC'
Category:	downloaded
Size (bytes):	3473408
Entropy (8bit):	7.2420805904724785
Encrypted:	false
SSDEEP:	49152:uskXfNaUy4IvWRp1Upq8h6BP2Tv7n9jUQj3TIEofWoQMCSqQl5uP7S087:44URppiXh6sTvz9NIffVCSjl54Ru
MD5:	679C980F609FBA6D110CC583482A79C4
SHA1:	2D820873EAF77C93F3B5550456BC16CE5D4EB749
SHA-256:	86074271ADDA27B96B81FCE5CD0FBCE399085558A99F79940BBBF0F4D9C775F8
SHA-512:	E0D65C792260F60405440CC42DA4EF36891DFE92256E2AA2DAB8DCBE1AFAAE7089131DD4AE0DE70700AD52AD6D1E10F833B15A4E39EF1536F1A94418A856EA5E
Malicious:	false
Reputation:	low
URL:	https://fileupload.angel-hosting.cloud/download/67b650b49b82a72ac05bb155
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 20, 2025 18:40:27.988176107 CET	49675	443	192.168.2.4	173.222.162.32
Feb 20, 2025 18:40:31.951572895 CET	49739	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:40:31.951630116 CET	443	49739	142.250.186.132	192.168.2.4
Feb 20, 2025 18:40:31.951714039 CET	49739	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:40:31.951893091 CET	49739	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:40:31.951909065 CET	443	49739	142.250.186.132	192.168.2.4
Feb 20, 2025 18:40:32.610287905 CET	443	49739	142.250.186.132	192.168.2.4
Feb 20, 2025 18:40:32.610749960 CET	49739	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:40:32.610774994 CET	443	49739	142.250.186.132	192.168.2.4
Feb 20, 2025 18:40:32.612464905 CET	443	49739	142.250.186.132	192.168.2.4
Feb 20, 2025 18:40:32.612555981 CET	49739	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:40:32.613912106 CET	49739	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:40:32.613997936 CET	443	49739	142.250.186.132	192.168.2.4
Feb 20, 2025 18:40:32.661133051 CET	49739	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:40:32.661158085 CET	443	49739	142.250.186.132	192.168.2.4
Feb 20, 2025 18:40:32.707937956 CET	49739	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:40:32.915127993 CET	49741	80	192.168.2.4	104.21.112.1
Feb 20, 2025 18:40:32.915512085 CET	49742	80	192.168.2.4	104.21.112.1
Feb 20, 2025 18:40:32.920233011 CET	80	49741	104.21.112.1	192.168.2.4
Feb 20, 2025 18:40:32.920316935 CET	49741	80	192.168.2.4	104.21.112.1
Feb 20, 2025 18:40:32.920547962 CET	80	49742	104.21.112.1	192.168.2.4
Feb 20, 2025 18:40:32.920583963 CET	49741	80	192.168.2.4	104.21.112.1
Feb 20, 2025 18:40:32.920619011 CET	49742	80	192.168.2.4	104.21.112.1
Feb 20, 2025 18:40:32.925556898 CET	80	49741	104.21.112.1	192.168.2.4
Feb 20, 2025 18:40:33.389611959 CET	80	49741	104.21.112.1	192.168.2.4
Feb 20, 2025 18:40:33.443366051 CET	49741	80	192.168.2.4	104.21.112.1
Feb 20, 2025 18:40:33.760530949 CET	49743	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:33.760588884 CET	443	49743	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:33.760656118 CET	49743	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:33.761718035 CET	49743	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:33.761740923 CET	443	49743	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:34.231933117 CET	443	49743	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:34.232271910 CET	49743	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:34.232304096 CET	443	49743	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:34.233261108 CET	443	49743	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:34.233331919 CET	49743	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:34.240031004 CET	49743	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:34.240137100 CET	443	49743	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:34.240273952 CET	49743	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:34.240288973 CET	443	49743	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:34.240359068 CET	49743	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:34.240377903 CET	49743	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:34.241333961 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:34.241379976 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:34.241456985 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:34.242187977 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:34.242199898 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:34.706203938 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:34.706584930 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:34.706617117 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:34.707664013 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:34.707839012 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:34.709537983 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:34.709625006 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:34.709777117 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:34.755338907 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:34.757996082 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:34.758038998 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:34.801455021 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.125559092 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.125715017 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.125802994 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.125807047 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.125837088 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.125886917 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.125936031 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.126123905 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.126220942 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.126277924 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.126292944 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.126339912 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.126344919 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.126462936 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.126502037 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.126507998 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.178333998 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.178365946 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.218920946 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.249324083 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.249485016 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.249542952 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.249553919 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.249955893 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.250008106 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.250014067 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.253895044 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.254007101 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.254014969 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.254040956 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.254093885 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.254257917 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.254400015 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.254453897 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.254461050 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.255019903 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.255080938 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.255085945 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.255182028 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.255234003 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.255240917 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.255920887 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.255966902 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.255973101 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.256068945 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.256254911 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.256259918 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.256827116 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.256860018 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.256892920 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.256903887 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.256943941 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.383064032 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.383271933 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.383308887 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.383330107 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.383353949 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.383389950 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.383394957 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.383403063 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.383445024 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.383454084 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.384269953 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.384335995 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.384345055 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.384383917 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.384705067 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.384761095 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.384798050 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.384849072 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.385694981 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.385736942 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.385761023 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.385767937 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.385793924 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.385814905 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.386521101 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.386567116 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.386677980 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.386727095 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.387482882 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.387538910 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.387600899 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.387649059 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.388457060 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.388504028 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.388567924 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.388623953 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.470256090 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.470318079 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.514360905 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.514429092 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.514436007 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.514447927 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.514477015 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.514482021 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.514528990 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.514545918 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.515321970 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.515345097 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.515369892 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.515377998 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.515388012 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.515425920 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.515444040 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.515444040 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.515455008 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.515465021 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.516422033 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.516457081 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.516486883 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.516489983 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.516498089 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.516551971 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.517162085 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.517214060 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.517254114 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.517298937 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.517306089 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.517317057 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.517354012 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.518171072 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.518203974 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.518227100 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.518233061 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.518241882 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.518254042 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.518273115 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.518296957 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.518304110 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.518321037 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.519165993 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.519226074 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.519253969 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.519253969 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.519264936 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.519284964 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.519309998 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.520195961 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.520231009 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.520246983 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.520250082 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.520258904 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.520283937 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.520308018 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.521102905 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.521147966 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.601429939 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.601485014 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.601495028 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.601499081 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.601533890 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.601567984 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.601624012 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.601648092 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.601665974 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.601674080 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.601701975 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.601721048 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.641855001 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.641870022 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.641931057 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.641964912 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.642004967 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.642023087 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.642055988 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.642064095 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.642086983 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.642138004 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.642549038 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.642561913 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.642626047 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.642633915 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.642668009 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.643141031 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.643156052 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.643213987 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.643223047 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.643249035 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.643273115 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.643377066 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.643389940 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.643445969 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.643456936 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.643492937 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.644087076 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.644100904 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.644161940 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.644171000 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.644208908 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.644224882 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.644231081 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.644239902 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.644260883 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.644296885 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.694201946 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.694216967 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.694263935 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.694294930 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.694319963 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.694346905 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.728930950 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.728945017 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.728996992 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.729022980 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.729058027 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.729080915 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.729203939 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.729218006 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.729259014 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.729265928 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.729298115 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.729465008 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.729480028 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.729523897 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.729531050 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.729559898 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.729772091 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.729787111 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.729826927 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.729835033 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.729995012 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.730212927 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.730226994 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.730249882 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.730263948 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.730271101 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.730308056 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.733900070 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.733947992 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.733966112 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.733974934 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.734031916 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.762600899 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.762672901 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.762676001 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.762701035 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.762731075 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.775588036 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.775604010 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.775692940 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.775721073 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.775830030 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.775866985 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.775891066 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.775899887 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.776067019 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.816111088 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.816128016 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.816186905 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.816205025 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.816245079 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.816349030 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.816378117 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.816406965 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.816416025 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.816433907 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.816458941 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.817121983 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.817137957 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.817209959 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.817218065 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.817290068 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.817353964 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.817368984 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.817409992 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.817415953 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.817425013 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.817451954 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.817483902 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.817492962 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.817522049 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.817548037 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.849934101 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.849951982 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.850016117 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.850030899 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.850069046 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.850281954 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.850296974 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.850336075 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.850343943 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.850378990 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.850424051 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.862955093 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.862968922 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.863034010 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.863044024 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.863104105 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.905287981 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.905303001 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.905375004 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.905390978 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.905525923 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.905644894 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.905658960 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.905721903 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.905730009 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.905770063 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.905823946 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.905838013 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.905879021 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.905885935 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.905919075 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.905940056 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.906172991 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.906187057 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.906230927 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.906239033 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.906272888 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.906294107 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.906307936 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.906363010 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.906369925 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.906407118 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.906425953 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.937136889 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.937153101 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.937223911 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.937237978 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.937277079 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.937495947 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.937511921 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.937556982 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.937563896 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.937597990 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.937619925 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.950114012 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.950134993 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.950180054 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.950191975 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.950237036 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.992851019 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.992871046 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.992989063 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.993000984 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.993163109 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.993180037 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.993235111 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.993242025 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.993288994 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.993288994 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.993455887 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.993469000 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.993535042 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.993572950 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.993635893 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.993637085 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.993637085 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.993645906 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.993802071 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.993814945 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.993936062 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.993936062 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:35.993947029 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:35.994893074 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.029134035 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.029194117 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.029326916 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.029364109 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.029985905 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.029987097 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.029987097 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.029997110 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.031327963 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.031327963 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.041142941 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.041158915 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.041455984 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.041484118 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.044290066 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.080432892 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.080454111 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.080569983 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.080612898 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.080626011 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.080626011 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.080652952 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.080682039 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.080981970 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.080996990 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.081054926 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.081054926 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.081068993 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.081192017 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.081204891 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.081243038 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.081252098 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.081559896 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.081573963 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.081598043 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.081618071 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.081629992 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.081789017 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.081789017 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.098546982 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.116441011 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.116487026 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.116525888 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.116542101 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.116554976 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.128303051 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.128353119 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.128386974 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.128402948 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.128516912 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.128537893 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.128554106 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.128554106 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.128565073 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.128587961 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.167582035 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.167608023 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.167661905 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.167691946 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.167732954 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.167795897 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.167809963 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.167871952 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.167891979 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.168215036 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.168219090 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.168232918 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.168251991 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.168272018 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.168323994 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.168330908 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.168389082 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.168401957 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.168469906 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.168469906 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.168478966 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.168746948 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.168767929 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.168953896 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.168953896 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.168966055 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.203558922 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.203581095 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.203730106 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.203730106 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.203752995 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.215611935 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.215636015 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.215821981 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.215821981 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.215831995 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.215955019 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.215967894 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.216080904 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.216080904 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.216088057 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.254636049 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.254659891 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.254709005 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.254738092 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.254759073 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.254975080 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.254987955 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.255029917 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.255038977 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.255065918 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.255335093 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.255352020 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.255398035 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.255405903 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.255439997 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.256212950 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.256225109 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.256297112 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.256314039 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.256355047 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.256355047 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.256364107 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.256397009 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.257174969 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.290808916 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.290867090 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.290925026 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.290941954 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.290955067 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.291157007 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.302635908 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.302659988 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.302768946 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.302786112 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.302836895 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.303286076 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.303303957 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.303334951 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.303353071 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.303390026 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.303390026 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.341969013 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.341995955 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.342070103 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.342081070 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.342104912 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.342139959 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.342209101 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.342225075 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.342267990 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.342274904 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.342313051 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.342313051 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.342539072 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.342555046 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.342608929 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.342617989 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.342695951 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.342695951 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.343352079 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.343367100 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.343547106 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.343554974 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.343600988 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.343624115 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.343668938 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.343677044 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.343708992 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.343708992 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.377778053 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.377799034 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.377841949 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.377859116 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.377918959 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.377918959 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.389939070 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.389961004 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.390005112 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.390012980 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.390057087 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.390057087 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.390444994 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.390465975 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.390500069 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.390508890 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.390527964 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.390820980 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.429121971 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.429132938 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.429229021 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.429238081 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.429318905 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.429409981 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.429428101 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.429480076 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.429496050 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.429570913 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.429797888 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.429812908 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.429910898 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.429910898 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.429919958 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.430002928 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.430525064 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.430538893 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.430577040 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.430591106 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.430614948 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.430845976 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.430864096 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.430886984 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.430886984 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.430895090 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.430954933 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.430954933 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.465071917 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.465086937 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.465161085 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.465161085 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.465171099 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.471338987 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.477097034 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.477114916 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.477794886 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.477794886 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.477803946 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.477869034 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.477930069 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.477940083 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.478018045 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.478018045 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.478035927 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.479336023 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.516335011 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.516351938 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.516454935 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.516470909 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.516629934 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.516647100 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.516684055 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.516684055 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.516701937 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.516714096 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.516746998 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.516911983 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.516925097 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.517076969 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.517086029 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.517143965 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.517851114 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.517864943 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.517947912 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.517947912 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.517955065 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.518065929 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.518083096 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.518120050 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.518131018 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.518131018 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.518137932 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.518163919 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.564409018 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.564421892 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.564462900 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.564479113 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.564574957 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.564574957 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.564587116 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.564603090 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.564650059 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.564650059 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.564659119 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.605165005 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.605178118 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.605448961 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.605465889 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.605495930 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.605496883 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.605520010 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.605681896 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.605681896 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.605849028 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.605863094 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.606004000 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.606015921 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.606095076 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.606945038 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.606960058 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.607335091 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.607347012 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.607528925 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.608026981 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.608042002 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.608117104 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.608128071 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.608294010 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.639403105 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.639427900 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.639754057 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.639775038 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.639847994 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.651586056 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.651606083 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.651828051 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.651840925 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.651873112 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.651886940 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.651895046 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.651906967 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.652023077 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.652023077 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.693198919 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.693217993 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.693290949 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.693304062 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.693377972 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.693399906 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.693423033 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.693464994 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.693474054 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.693603992 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.693603992 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.693649054 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.693665981 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.693747044 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.693747044 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.693756104 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.693804026 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.694447994 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.694463015 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.694569111 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.694570065 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.694578886 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.695058107 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.695326090 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.695343018 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.695396900 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.695404053 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.696592093 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.726829052 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.726845980 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.726963043 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.726974010 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.727124929 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.738714933 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.738729000 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.738853931 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.738862991 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.738926888 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.739095926 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.739108086 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.739146948 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.739154100 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.739214897 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.739257097 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.780436993 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.780462027 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.780586004 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.780596018 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.780728102 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.780747890 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.780754089 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.780770063 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.780795097 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.780850887 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.781017065 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.781056881 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.781092882 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.781109095 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.781455994 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.781455994 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.781533957 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.781549931 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.782206059 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.782206059 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.782222986 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.782315016 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.782332897 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.782361031 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.782361031 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.782371998 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.782453060 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.782453060 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.813891888 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.813908100 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.813997984 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.813997984 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.814008951 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.814136982 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.825968027 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.825982094 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.826019049 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.826025963 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.826061010 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.826061010 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.826179981 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.826195955 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.826400995 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.826400995 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.826409101 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.826531887 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.867818117 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.867841959 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.867912054 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.867923021 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.867963076 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.867969990 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.868088961 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.868098974 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.868446112 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.868458986 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.868499041 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.868508101 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.868519068 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.868549109 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.868788004 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.868802071 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.868869066 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.868877888 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.869219065 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.869656086 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.869672060 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.869792938 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.869792938 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.869801044 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.869860888 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.901129007 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.901154995 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.901205063 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.901215076 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.901251078 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.901251078 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.913331985 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.913357973 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.913422108 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.913422108 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.913429976 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.913561106 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.954999924 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.955032110 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.955086946 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.955123901 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.955137968 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.955266953 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.955281973 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.955432892 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.955447912 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.955543995 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.955543995 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.955554008 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.955780029 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.955794096 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.955914021 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.955914021 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.955923080 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.956598997 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.956612110 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.956662893 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.956671953 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.988420963 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.988440037 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.988476038 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.988487959 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.988512039 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.988523006 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:36.988542080 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:36.988620996 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.041870117 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.041886091 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.041966915 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.041975975 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.042334080 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.042361021 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.042382956 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.042402029 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.042412043 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.042439938 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.042469978 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.042489052 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.042552948 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.042561054 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.042702913 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.042721033 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.042751074 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.042763948 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.042774916 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.042814016 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.043200016 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.043219090 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.043275118 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.043275118 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.043282986 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.043579102 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.043812990 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.043827057 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.043875933 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.043889046 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.044118881 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.075395107 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.075413942 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.075505972 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.075520039 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.075598001 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.075606108 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.075613022 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.075634956 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.075651884 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.075666904 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.075694084 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.076021910 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.129071951 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.129101992 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.129199982 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.129236937 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.129241943 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.129259109 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.129281044 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.129281044 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.129582882 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.129596949 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.129645109 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.129653931 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.129678965 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.129818916 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.129834890 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.129867077 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.129873991 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.129888058 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.130444050 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.130458117 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.130501986 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.130510092 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.130522013 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.130974054 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.130995035 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.131035089 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.131042957 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.131067991 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.162800074 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.162820101 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.162911892 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.162923098 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.162951946 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.162971973 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.163011074 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.163019896 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.163029909 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.207550049 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.222687960 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.222708941 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.222933054 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.222943068 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.223239899 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.223259926 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.223313093 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.223320961 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.223339081 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.223364115 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.223871946 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.223886967 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.223951101 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.223978996 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.223989964 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.224010944 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.224061012 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.224225044 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.224240065 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.224288940 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.224296093 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.224330902 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.224345922 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.224379063 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.224395990 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.224428892 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.250489950 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.250511885 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.250567913 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.250577927 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.250869036 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.250878096 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.250920057 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.250930071 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.250946999 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.300003052 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.311651945 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.311731100 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.311764956 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.311774015 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.311824083 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.311824083 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.311885118 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.311925888 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.311956882 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.311964035 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.312007904 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.312007904 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.312078953 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.312094927 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.312129974 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.312138081 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.312160969 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.312191010 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.312252998 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.312309027 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.312309980 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.312339067 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.312351942 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.312433958 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.312464952 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.312516928 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.312539101 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.312546015 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.312558889 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.312639952 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.312647104 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.312671900 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.312704086 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.312716961 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.312726021 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.312743902 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.312773943 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.312819958 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.337825060 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.337908030 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.337960958 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.337970972 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.337992907 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.338056087 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.338063002 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.338095903 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.338120937 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.338149071 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.338148117 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.338177919 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.338228941 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.338228941 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.397349119 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.397394896 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.397486925 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.397501945 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.397512913 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.397568941 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.397995949 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.398070097 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.398127079 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.398127079 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.398135900 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.398322105 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.398374081 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.398379087 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.398418903 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.398444891 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.398464918 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.398657084 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.398684025 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.398715019 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.398720980 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.398732901 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.398834944 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.399271965 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.399286032 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.399334908 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.399341106 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.399363995 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.399653912 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.399678946 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.399723053 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.399733067 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.399746895 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.399786949 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.424726963 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.424772978 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.424946070 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.424957991 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.425010920 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.426722050 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.426768064 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.426831961 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.426831961 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.426841021 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.426922083 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.485457897 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.485519886 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.485551119 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.485560894 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.485599995 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.485752106 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.485788107 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.485800028 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.485805035 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.485845089 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.485865116 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.486270905 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.486310959 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.486337900 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.486352921 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.486388922 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.486602068 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.486753941 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.486809969 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.486812115 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.486838102 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.486879110 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.486879110 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.487472057 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.487514973 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.487550020 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.487557888 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.487602949 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.487602949 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.487981081 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.488029957 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.488046885 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.488069057 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.488111973 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.488111973 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.548676968 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.548733950 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.548811913 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.548821926 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.548862934 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.549002886 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.549046040 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.549081087 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.549091101 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.549103022 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.549127102 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.572196007 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.572241068 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.572340012 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.572349072 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.572407961 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.572407961 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.572490931 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.572531939 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.572601080 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.572601080 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.572609901 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.572778940 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.572828054 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.572840929 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.572855949 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.572910070 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.572925091 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.573132038 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.573172092 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.573196888 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.573203087 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.573224068 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.573247910 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.573751926 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.573793888 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.573817968 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.573832989 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.573867083 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.573879957 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.574126005 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.574206114 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.574232101 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.574239969 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.574253082 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.574279070 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.635698080 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.635760069 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.635795116 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.635807991 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.635855913 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.636241913 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.636285067 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.636333942 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.636341095 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.636368036 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.636679888 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.690220118 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.690265894 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.690454960 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.690495968 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.690504074 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.690531015 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.690577984 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.690608025 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.690690041 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.690731049 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.690768957 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.690778017 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.690795898 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.690880060 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.690924883 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.690959930 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.690968990 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.691024065 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.691063881 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.691121101 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.691140890 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.691160917 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.691236019 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.691299915 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.691366911 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.691390991 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.691400051 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.691426992 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.722791910 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.722832918 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.722938061 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.722938061 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.722949028 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.723468065 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.723516941 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.723678112 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.723689079 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.769808054 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.777261019 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.777318954 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.777400017 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.777400017 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.777409077 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.777452946 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.777544975 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.777589083 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.777652979 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.777652979 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.777659893 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.777694941 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.777937889 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.777981043 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.778026104 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.778033018 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.778109074 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.778151035 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.778196096 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.778223038 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.778233051 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.778276920 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.778276920 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.778506994 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.778568983 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.778584003 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.778593063 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.778618097 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.778670073 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.778832912 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.778875113 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.778912067 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.778918982 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.778964996 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.778964996 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.810211897 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.810255051 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.810291052 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.810300112 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.810359001 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.810767889 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.810810089 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.810839891 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.810847998 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.810894012 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.810894012 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.811525106 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.811610937 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.811618090 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.811697960 CET	443	49745	172.67.219.50	192.168.2.4
Feb 20, 2025 18:40:37.811721087 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.811768055 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.811768055 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:37.811786890 CET	49745	443	192.168.2.4	172.67.219.50
Feb 20, 2025 18:40:40.058594942 CET	49672	443	192.168.2.4	173.222.162.32
Feb 20, 2025 18:40:40.058640003 CET	443	49672	173.222.162.32	192.168.2.4
Feb 20, 2025 18:40:40.058787107 CET	49672	443	192.168.2.4	173.222.162.32
Feb 20, 2025 18:40:40.058800936 CET	443	49672	173.222.162.32	192.168.2.4
Feb 20, 2025 18:40:42.509936094 CET	443	49739	142.250.186.132	192.168.2.4
Feb 20, 2025 18:40:42.509999990 CET	443	49739	142.250.186.132	192.168.2.4
Feb 20, 2025 18:40:42.510056973 CET	49739	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:40:42.766904116 CET	49723	80	192.168.2.4	199.232.214.172
Feb 20, 2025 18:40:42.772253036 CET	80	49723	199.232.214.172	192.168.2.4
Feb 20, 2025 18:40:42.772332907 CET	49723	80	192.168.2.4	199.232.214.172
Feb 20, 2025 18:40:44.041866064 CET	49739	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:40:44.041907072 CET	443	49739	142.250.186.132	192.168.2.4
Feb 20, 2025 18:40:48.279287100 CET	80	49742	104.21.112.1	192.168.2.4
Feb 20, 2025 18:40:48.279475927 CET	49742	80	192.168.2.4	104.21.112.1
Feb 20, 2025 18:40:50.046289921 CET	49742	80	192.168.2.4	104.21.112.1
Feb 20, 2025 18:40:50.051537037 CET	80	49742	104.21.112.1	192.168.2.4
Feb 20, 2025 18:41:18.395174980 CET	49741	80	192.168.2.4	104.21.112.1
Feb 20, 2025 18:41:18.400165081 CET	80	49741	104.21.112.1	192.168.2.4
Feb 20, 2025 18:41:25.535525084 CET	49724	80	192.168.2.4	199.232.214.172
Feb 20, 2025 18:41:25.541104078 CET	80	49724	199.232.214.172	192.168.2.4
Feb 20, 2025 18:41:25.541309118 CET	49724	80	192.168.2.4	199.232.214.172
Feb 20, 2025 18:41:32.011936903 CET	49870	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:41:32.012026072 CET	443	49870	142.250.186.132	192.168.2.4
Feb 20, 2025 18:41:32.012160063 CET	49870	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:41:32.015250921 CET	49870	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:41:32.015285015 CET	443	49870	142.250.186.132	192.168.2.4
Feb 20, 2025 18:41:32.697384119 CET	443	49870	142.250.186.132	192.168.2.4
Feb 20, 2025 18:41:32.697917938 CET	49870	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:41:32.697952032 CET	443	49870	142.250.186.132	192.168.2.4
Feb 20, 2025 18:41:32.698925972 CET	443	49870	142.250.186.132	192.168.2.4
Feb 20, 2025 18:41:32.699250937 CET	49870	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:41:32.699343920 CET	443	49870	142.250.186.132	192.168.2.4
Feb 20, 2025 18:41:32.754245996 CET	49870	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:41:42.594080925 CET	443	49870	142.250.186.132	192.168.2.4
Feb 20, 2025 18:41:42.594219923 CET	443	49870	142.250.186.132	192.168.2.4
Feb 20, 2025 18:41:42.594465017 CET	49870	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:41:44.038110971 CET	49870	443	192.168.2.4	142.250.186.132
Feb 20, 2025 18:41:44.038124084 CET	443	49870	142.250.186.132	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 20, 2025 18:40:27.835191011 CET	53	55387	1.1.1.1	192.168.2.4
Feb 20, 2025 18:40:27.882181883 CET	53	59669	1.1.1.1	192.168.2.4
Feb 20, 2025 18:40:29.135297060 CET	53	55308	1.1.1.1	192.168.2.4
Feb 20, 2025 18:40:31.943145037 CET	52074	53	192.168.2.4	1.1.1.1
Feb 20, 2025 18:40:31.943236113 CET	52327	53	192.168.2.4	1.1.1.1
Feb 20, 2025 18:40:31.950588942 CET	53	52074	1.1.1.1	192.168.2.4
Feb 20, 2025 18:40:31.950671911 CET	53	52327	1.1.1.1	192.168.2.4
Feb 20, 2025 18:40:32.882700920 CET	65103	53	192.168.2.4	1.1.1.1
Feb 20, 2025 18:40:32.883922100 CET	55569	53	192.168.2.4	1.1.1.1
Feb 20, 2025 18:40:32.904026985 CET	53	65103	1.1.1.1	192.168.2.4
Feb 20, 2025 18:40:32.914520025 CET	53	55569	1.1.1.1	192.168.2.4
Feb 20, 2025 18:40:33.735498905 CET	56055	53	192.168.2.4	1.1.1.1
Feb 20, 2025 18:40:33.736212969 CET	50944	53	192.168.2.4	1.1.1.1
Feb 20, 2025 18:40:33.750191927 CET	53	50944	1.1.1.1	192.168.2.4
Feb 20, 2025 18:40:33.758991957 CET	53	56055	1.1.1.1	192.168.2.4
Feb 20, 2025 18:40:37.136015892 CET	138	138	192.168.2.4	192.168.2.255
Feb 20, 2025 18:40:46.207060099 CET	53	57128	1.1.1.1	192.168.2.4
Feb 20, 2025 18:41:05.268548965 CET	53	61956	1.1.1.1	192.168.2.4
Feb 20, 2025 18:41:27.405493975 CET	53	52129	1.1.1.1	192.168.2.4
Feb 20, 2025 18:41:28.122912884 CET	53	59248	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 20, 2025 18:40:31.943145037 CET	192.168.2.4	1.1.1.1	0x2138	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Feb 20, 2025 18:40:31.943236113 CET	192.168.2.4	1.1.1.1	0x51aa	Standard query (0)	www.google.com	65	IN (0x0001)	false
Feb 20, 2025 18:40:32.882700920 CET	192.168.2.4	1.1.1.1	0xfd21	Standard query (0)	onedrivesharedfiles.sbs	A (IP address)	IN (0x0001)	false
Feb 20, 2025 18:40:32.883922100 CET	192.168.2.4	1.1.1.1	0x729b	Standard query (0)	onedrivesharedfiles.sbs	65	IN (0x0001)	false
Feb 20, 2025 18:40:33.735498905 CET	192.168.2.4	1.1.1.1	0xafc5	Standard query (0)	fileupload.angel-hosting.cloud	A (IP address)	IN (0x0001)	false
Feb 20, 2025 18:40:33.736212969 CET	192.168.2.4	1.1.1.1	0xd9d7	Standard query (0)	fileupload.angel-hosting.cloud	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Feb 20, 2025 18:40:31.950588942 CET	1.1.1.1	192.168.2.4	0x2138	No error (0)	www.google.com	142.250.186.132	A (IP address)	IN (0x0001)	false
Feb 20, 2025 18:40:31.950671911 CET	1.1.1.1	192.168.2.4	0x51aa	No error (0)	www.google.com		65	IN (0x0001)	false
Feb 20, 2025 18:40:32.904026985 CET	1.1.1.1	192.168.2.4	0xfd21	No error (0)	onedrivesharedfiles.sbs	104.21.112.1	A (IP address)	IN (0x0001)	false
Feb 20, 2025 18:40:32.904026985 CET	1.1.1.1	192.168.2.4	0xfd21	No error (0)	onedrivesharedfiles.sbs	104.21.96.1	A (IP address)	IN (0x0001)	false
Feb 20, 2025 18:40:32.904026985 CET	1.1.1.1	192.168.2.4	0xfd21	No error (0)	onedrivesharedfiles.sbs	104.21.32.1	A (IP address)	IN (0x0001)	false
Feb 20, 2025 18:40:32.904026985 CET	1.1.1.1	192.168.2.4	0xfd21	No error (0)	onedrivesharedfiles.sbs	104.21.48.1	A (IP address)	IN (0x0001)	false
Feb 20, 2025 18:40:32.904026985 CET	1.1.1.1	192.168.2.4	0xfd21	No error (0)	onedrivesharedfiles.sbs	104.21.80.1	A (IP address)	IN (0x0001)	false
Feb 20, 2025 18:40:32.904026985 CET	1.1.1.1	192.168.2.4	0xfd21	No error (0)	onedrivesharedfiles.sbs	104.21.64.1	A (IP address)	IN (0x0001)	false
Feb 20, 2025 18:40:32.904026985 CET	1.1.1.1	192.168.2.4	0xfd21	No error (0)	onedrivesharedfiles.sbs	104.21.16.1	A (IP address)	IN (0x0001)	false
Feb 20, 2025 18:40:32.914520025 CET	1.1.1.1	192.168.2.4	0x729b	No error (0)	onedrivesharedfiles.sbs		65	IN (0x0001)	false
Feb 20, 2025 18:40:33.750191927 CET	1.1.1.1	192.168.2.4	0xd9d7	No error (0)	fileupload.angel-hosting.cloud		65	IN (0x0001)	false
Feb 20, 2025 18:40:33.758991957 CET	1.1.1.1	192.168.2.4	0xafc5	No error (0)	fileupload.angel-hosting.cloud	172.67.219.50	A (IP address)	IN (0x0001)	false
Feb 20, 2025 18:40:33.758991957 CET	1.1.1.1	192.168.2.4	0xafc5	No error (0)	fileupload.angel-hosting.cloud	104.21.45.213	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fileupload.angel-hosting.cloud

onedrivesharedfiles.sbs

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49741	104.21.112.1	80	1780	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Feb 20, 2025 18:40:32.920583963 CET	438	OUT	GET / HTTP/1.1 Host: onedrivesharedfiles.sbs Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Feb 20, 2025 18:40:33.389611959 CET	1103	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 20 Feb 2025 17:40:33 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Cache-Control: max-age=3600 Expires: Thu, 20 Feb 2025 18:40:33 GMT Location: https://fileupload.angel-hosting.cloud/download/67b650b49b82a72ac05bb155 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FExcceaQ12AP6r41XMBaD4DYgaEON0RVYiypVIDgUsaC9ZDAwL8rAuujextJ6Kuvk%2FBjvWvEappGd0Zza5eEVxomJ277gAgZ%2FBubK5o6C8N480kAVdmHnn8PTUELmbiFweZzAJdZmYvn7w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 9150484c4b1e7c93-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1977&min_rtt=1977&rtt_var=988&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=438&delivery_rate=0&cwnd=210&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>
Feb 20, 2025 18:41:18.395174980 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49745	172.67.219.50	443	1780	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-02-20 17:40:34 UTC	706	OUT	GET /download/67b650b49b82a72ac05bb155 HTTP/1.1 Host: fileupload.angel-hosting.cloud Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-20 17:40:35 UTC	1078	IN	HTTP/1.1 200 OK Date: Thu, 20 Feb 2025 17:40:35 GMT Content-Type: application/octet-stream Content-Length: 3473408 Connection: close X-Powered-By: Express Access-Control-Allow-Origin: * Content-Disposition: attachment; filename="Payment_49070_from_TKO_MEDIA_LLC.iso" Accept-Ranges: bytes Cache-Control: public, max-age=0 Last-Modified: Wed, 19 Feb 2025 21:44:20 GMT ETag: W/"350000-195202b402a" cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BoGByCymsUC7XUWGLPUCLLzuEAPvFLLGse97l64ZSkM6lz0UYs0WA%2FHMLGCbAIdBmSmkQulpFo9aS%2BeeJpyy7bjgKTglv3L%2ByREFJ%2FqiHFupojbyu7cQ7aIuexIHngXcU480MAhUlZDutrBsFQXQgak%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 915048557e1972b7-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1834&min_rtt=1829&rtt_var=697&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=1284&delivery_rate=1558164&cwnd=198&unsent_bytes=0&cid=d9d5680eb55802c2&ts=430&x=0"
2025-02-20 17:40:35 UTC	291	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-02-20 17:40:35 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-02-20 17:40:35 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-02-20 17:40:35 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-02-20 17:40:35 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-02-20 17:40:35 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-02-20 17:40:35 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-02-20 17:40:35 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-02-20 17:40:35 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2025-02-20 17:40:35 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Target ID:	0
Start time:	12:40:23
Start date:	20/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	12:40:26
Start date:	20/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 --field-trial-handle=2492,i,3353339676385122419,12674454738491559677,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	12:40:31
Start date:	20/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://onedrivesharedfiles.sbs/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	12:40:38
Start date:	20/02/2025
Path:	C:\Windows\SysWOW64\unarchiver.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso"
Imagebase:	0x570000
File size:	12'800 bytes
MD5 hash:	16FF3CC6CC330A08EED70CBC1D35F5D2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	12:40:38
Start date:	20/02/2025
Path:	C:\Windows\SysWOW64\7za.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e" "C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso"
Imagebase:	0xde0000
File size:	289'792 bytes
MD5 hash:	77E556CDFDC5C592F5C46DB4127C6F4C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	12:40:38
Start date:	20/02/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	12:40:38
Start date:	20/02/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"cmd.exe" /C "C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	10
Start time:	12:40:38
Start date:	20/02/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	12:40:38
Start date:	20/02/2025
Path:	C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe
Imagebase:	0x400000
File size:	2'928'640 bytes
MD5 hash:	5F1A95A0277B6D95AB7D36A79B4457FE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkCloud, Description: Yara detected DarkCloud, Source: 0000000B.00000003.1914629632.0000000000CA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000003.1914629632.0000000000CA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000B.00000003.1914629632.0000000000CA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DarkCloud, Description: Yara detected DarkCloud, Source: 0000000B.00000002.2604304370.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2604304370.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000B.00000002.2604304370.0000000000401000.00000020.00000001.01000000.00000008.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	21.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	5.5%
Total number of Nodes:	73
Total number of Limit Nodes:	4

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00C5B1D6 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 00C5B208

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 5913e6cbb5efab18087294bba9df22bdd25fc758ef87c903c0f4c1dc40c34428
Instruction ID: 61654710f24df61298c9a3c78cfdbd6c5ece0ead2b3cf0b3ec70a066f3478157
Opcode Fuzzy Hash: 5913e6cbb5efab18087294bba9df22bdd25fc758ef87c903c0f4c1dc40c34428
Instruction Fuzzy Hash: 8A01DB389046449FDB10CF15D885B6AFBE4EF05321F08C4AADD488F246D379A948CBB2

Function 00F90C99 Relevance: 6.3, Strings: 5, Instructions: 85
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

e]uj^, xrefs: 00F90D6E, 00F90D73
`aj, xrefs: 00F90D37
[M2, xrefs: 00F90D43, 00F90D48
`aj, xrefs: 00F90D62
Pcj, xrefs: 00F90CC8

Memory Dump Source

Source File: 00000006.00000002.2605674607.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f90000_unarchiver.jbxd

Similarity

API ID:
String ID: Pcj$[M2$`aj$`aj$e]uj^
API String ID: 0-2293194912
Opcode ID: fec60f32d423a9e7669b5b39d7e583b576f139bbd6bc750f23c617a26f68c1bc
Instruction ID: fd1d2475f22032842f6207b274286ed1c0d405ad097fc836f34b1938466f2fbb
Opcode Fuzzy Hash: fec60f32d423a9e7669b5b39d7e583b576f139bbd6bc750f23c617a26f68c1bc
Instruction Fuzzy Hash: F5213539B042508FCB16EB79884076F7BE25FCA214B55852CD486DB3D2CF36ED029796

Function 00F90CA8 Relevance: 6.3, Strings: 5, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

e]uj^, xrefs: 00F90D6E, 00F90D73
`aj, xrefs: 00F90D37
[M2, xrefs: 00F90D43, 00F90D48
`aj, xrefs: 00F90D62
Pcj, xrefs: 00F90CC8

Memory Dump Source

Source File: 00000006.00000002.2605674607.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f90000_unarchiver.jbxd

Similarity

API ID:
String ID: Pcj$[M2$`aj$`aj$e]uj^
API String ID: 0-2293194912
Opcode ID: 650b927761fab0d59c7ef98d0754e35d6767b98ef32baeeac2c90a145116bf5b
Instruction ID: 047527bfe5f45792fa0221d18214878acf0be91715be1a19da7c8927e3dd4f5a
Opcode Fuzzy Hash: 650b927761fab0d59c7ef98d0754e35d6767b98ef32baeeac2c90a145116bf5b
Instruction Fuzzy Hash: 672127357002148FCB54EB79894036FB7E76FC6208B55842CD486CB382DF76ED029796

Function 00C5B246 Relevance: 1.6, APIs: 1, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 00C5B2F3

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 061071cea48da555ef38e7dea5b6304f1d05dab5fa80759a2f22bd511c92d6be
Instruction ID: 4531295717834483ad79ab6ceffd449b1acc33ed50456ef5c93b607e7a4e0aba
Opcode Fuzzy Hash: 061071cea48da555ef38e7dea5b6304f1d05dab5fa80759a2f22bd511c92d6be
Instruction Fuzzy Hash: F131A3714043446FE7228B61CC45FA6BFBCEF06210F08889AE985DB162D324A909CBB1

Function 00C5AD04 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 00C5ADA7

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 2502b17c35c3bd14cdf75626787bffa25cc5928fbe8bc9cec093620f952da1bb
Instruction ID: d5c63ee08b048b077126c41942d2f41c7479220fdafa4196e67766f647be533d
Opcode Fuzzy Hash: 2502b17c35c3bd14cdf75626787bffa25cc5928fbe8bc9cec093620f952da1bb
Instruction Fuzzy Hash: E331B071004344AFEB228B65CC45FA7BFBCEF09310F08889EF985CB552D224A949CBA1

Function 00C5AB76 Relevance: 1.6, APIs: 1, Instructions: 92
pipeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00C5AC36

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: CreatePipe
String ID:
API String ID: 2719314638-0
Opcode ID: a5f12a42d90bb0e5b55c327327d5baab8c2e148c1b557500108e4b7356e74909
Instruction ID: fb84b797e5ac9067dc2c895b24fdce774efe6ba13da2220b45fe60f06e5ce3e8
Opcode Fuzzy Hash: a5f12a42d90bb0e5b55c327327d5baab8c2e148c1b557500108e4b7356e74909
Instruction Fuzzy Hash: 3A316C7150E3C06FD3039B758C65A65BFB4AF47610F1A84CBD8C4DF1A3D2296919C7A2

Function 00C5A5DC Relevance: 1.6, APIs: 1, Instructions: 90
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00C5A67D

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: d40554e3ea50fdf4ccb12e8539264554e9797d6738fefe3ccf7e5efed3a8c0cc
Instruction ID: b1f8f6b6eefbdb9bbaf4055a91e537d12ebeaf7b5cab426eeb279844eccfb2bf
Opcode Fuzzy Hash: d40554e3ea50fdf4ccb12e8539264554e9797d6738fefe3ccf7e5efed3a8c0cc
Instruction Fuzzy Hash: D0318D71504340AFE722CF66CC45F66BBE8EF09220F08899EF9858B252D375E919CB75

Function 00C5A120 Relevance: 1.6, APIs: 1, Instructions: 82
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00C5A1C2

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 687b346ecb9223834b80a9b94d172eb59a026eb2a71e462e6eb181af1dd152b0
Instruction ID: 4d530d73b0b4021f868f0f51f51bc42dc73097fc914cfd14ba075bd85aa32c56
Opcode Fuzzy Hash: 687b346ecb9223834b80a9b94d172eb59a026eb2a71e462e6eb181af1dd152b0
Instruction Fuzzy Hash: 4221B27150D3C06FD3128B268C51BA6BFB4EF47610F1985CBE884CF693D225A919C7B2

Function 00C5B276 Relevance: 1.6, APIs: 1, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 00C5B2F3

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 5176fdb8ee98fe074cde2b6ebbedf8fc70d44be667097d9f7fb16c4dfdf773b4
Instruction ID: af96e16c054552d26f24a962a17680336beeef80c870786e39abfc5d78a7d405
Opcode Fuzzy Hash: 5176fdb8ee98fe074cde2b6ebbedf8fc70d44be667097d9f7fb16c4dfdf773b4
Instruction Fuzzy Hash: 9121E075500604AFEB218F65CC45FABFBACEF08314F04882AEA45DB251D734A9488BA1

Function 00C5A370 Relevance: 1.6, APIs: 1, Instructions: 80
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,CECEF17D,00000000,00000000,00000000,00000000), ref: 00C5A40C

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1b2b94eb264107a9d8049fc72b18b39d24c39f9bdbaf2b7027a1b390db45f56c
Instruction ID: e9aa3b3bb57f2ebdfbd6945ed2e5d8be28cdd98fec77160ea7d1f00fc553d8a1
Opcode Fuzzy Hash: 1b2b94eb264107a9d8049fc72b18b39d24c39f9bdbaf2b7027a1b390db45f56c
Instruction Fuzzy Hash: 63218D75504744AFD721CF16CC84FA2BBF8EF05710F08859AE985CB2A2D364E948CBB6

Function 00C5AD2A Relevance: 1.6, APIs: 1, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,00000E24), ref: 00C5ADA7

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 2d350cd2e2e5a70361a33565f1a03def0be9c40ceae6adc51ecda5e986002bed
Instruction ID: 7047e76b1a247ddd7c7807620b732205333ae2070598c3ec5cec60bf5c59d150
Opcode Fuzzy Hash: 2d350cd2e2e5a70361a33565f1a03def0be9c40ceae6adc51ecda5e986002bed
Instruction Fuzzy Hash: 6921E071100204AFEB219F66CC45FABBBECEF08324F04882AEA45CA551D734A5488BA2

Function 00C5A850 Relevance: 1.6, APIs: 1, Instructions: 78
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointer.KERNELBASE(?,00000E24,CECEF17D,00000000,00000000,00000000,00000000), ref: 00C5A8DE

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 2a5e6727013cd7005ebb1db6029f898a746e8105d9a29f7162eb87fc31d75495
Instruction ID: ebea0482035b4346311cabba4eaeca8548ba1858942c1017c5669181f05bcc60
Opcode Fuzzy Hash: 2a5e6727013cd7005ebb1db6029f898a746e8105d9a29f7162eb87fc31d75495
Instruction Fuzzy Hash: FF21D3714083806FE7228F25DC44FA6BFB8EF46724F0884DAE984CF152C225A909C7B6

Function 00C5A933 Relevance: 1.6, APIs: 1, Instructions: 77
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNELBASE(?,00000E24,CECEF17D,00000000,00000000,00000000,00000000), ref: 00C5A9C1

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 516eb6ffc9f792c476003b9952e43e203c05972ff6938654a10d5114079aa69f
Instruction ID: eeff7f131daddcc5a1c58aee2fa63484f0ad52a1dd318ba85eb1d9b9fb1e85d9
Opcode Fuzzy Hash: 516eb6ffc9f792c476003b9952e43e203c05972ff6938654a10d5114079aa69f
Instruction Fuzzy Hash: DC21B271409380AFDB22CF65CC45F96BFB8EF4A314F08849AE9849F152C375A548CBB6

Function 00C5A5FE Relevance: 1.6, APIs: 1, Instructions: 76
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00C5A67D

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: ac7f47070b0708f6ff7a7f37668fcb3346c74e8f3244b7f4882eb07a99928b0f
Instruction ID: 27e3e83795ae8c3034e765704f5e24a67d7b6b050418884ddeeb0cd2c76f2c02
Opcode Fuzzy Hash: ac7f47070b0708f6ff7a7f37668fcb3346c74e8f3244b7f4882eb07a99928b0f
Instruction Fuzzy Hash: 8B219F75500600AFE721CF66CD45F66FBE8EF08310F088969ED858B251D775E948CA76

Function 00C5A78F Relevance: 1.6, APIs: 1, Instructions: 73
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,00000E24,CECEF17D,00000000,00000000,00000000,00000000), ref: 00C5A815

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 0cf212a7259d58e6ce4d9fb9aa1d3545ae6d384eef1423a8f82a00e4448fc69e
Instruction ID: 901b36cc48eeb4a62ebb2488a1050532299e9e46e5a2febe56adf7edf08a8327
Opcode Fuzzy Hash: 0cf212a7259d58e6ce4d9fb9aa1d3545ae6d384eef1423a8f82a00e4448fc69e
Instruction Fuzzy Hash: 8A21D5B54083846FE7128B21DC41FA2BFB8DF47314F0880DBE9848B193D368A909C7B6

Function 00C5AA0B Relevance: 1.6, APIs: 1, Instructions: 70
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 00C5AA8B

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 3dbca71fb20d0fe44251f6737dca7c905af8eb9f1630204d0df0be1e2a8de7e2
Instruction ID: 445f0f992d4acb76edb5527290cf9c1c2329a4b54a678849bb963b8a868a87f5
Opcode Fuzzy Hash: 3dbca71fb20d0fe44251f6737dca7c905af8eb9f1630204d0df0be1e2a8de7e2
Instruction Fuzzy Hash: 5021B0755083C05FDB12CB29DC55B92BFE8AF06314F0D85EAE884CF153D225D949CB62

Function 00C5A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,CECEF17D,00000000,00000000,00000000,00000000), ref: 00C5A40C

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b49af723221f7946187a1d690de6e4d7959a19b70729f44c1f426f178ba3dd75
Instruction ID: 1755f3a1b2660d072c54bd4992b1bd006e7913a415a354e2baeb0ed401ccff8f
Opcode Fuzzy Hash: b49af723221f7946187a1d690de6e4d7959a19b70729f44c1f426f178ba3dd75
Instruction Fuzzy Hash: B7218E79600604AFE720CE66CC85F66B7ECEF04714F08855AEE498B251D364E989CAB6

Function 00C5A962 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,CECEF17D,00000000,00000000,00000000,00000000), ref: 00C5A9C1

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 438fe300fafc9c76c64486e8e92215ce07093151ebe25221972d6c67804884ce
Instruction ID: c953c5c5e94e5feddae43c05a91d84ceb9a698ddf32f60deeb39637e52a1832d
Opcode Fuzzy Hash: 438fe300fafc9c76c64486e8e92215ce07093151ebe25221972d6c67804884ce
Instruction Fuzzy Hash: D6112B75500214AFE721CF66CC41F66F7E8EF48314F04855AEE498B141C335A548CBB6

Function 00C5A882 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(?,00000E24,CECEF17D,00000000,00000000,00000000,00000000), ref: 00C5A8DE

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: b91b5760ffae2370c830accd08c16f91c59d2aef15cee01e4cc497900aae32a2
Instruction ID: 97ad09aa8951449c1187517fdcd0a765ad3b57827614e10f7c7dab20d6d0b96c
Opcode Fuzzy Hash: b91b5760ffae2370c830accd08c16f91c59d2aef15cee01e4cc497900aae32a2
Instruction Fuzzy Hash: 21112775500300AFEB21CF66DC41F66FBE8EF48324F08845AED488B245C334A548CBB6

Function 00C5A2AE Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 00C5A30C

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 908573f0fd43c0a60da21b6acc4fefba2d22fe7f43d9abcc95fa26fddea25dcc
Instruction ID: 9bcaa378b4825dc4c65705a3a2cd484ffdcaefede2c67d17808f0c9d17c8db96
Opcode Fuzzy Hash: 908573f0fd43c0a60da21b6acc4fefba2d22fe7f43d9abcc95fa26fddea25dcc
Instruction Fuzzy Hash: D511A0754093C49FDB228B26DC95A52BFB4DF07224F0981DBED848F263D265A948CB72

Function 00C5AA46 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 00C5AA8B

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: e34d907d05a5c54ef3cc53ee7d38371bb8eb9bba1a529a42bd39ab176c25992a
Instruction ID: c253b98b3195c2513587cc62aa26a508dacac977489e71eb095c80c184dc890a
Opcode Fuzzy Hash: e34d907d05a5c54ef3cc53ee7d38371bb8eb9bba1a529a42bd39ab176c25992a
Instruction Fuzzy Hash: 7A11C4756002409FEB10CF2AD985B66FBD8EF04721F08C5AAED49CB255E335E948DF62

Function 00C5A7C2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,CECEF17D,00000000,00000000,00000000,00000000), ref: 00C5A815

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: ea0fd6e1e2e104978a796f57644306fca9321430ad8fbed80cd2c0d152293c53
Instruction ID: 3cbb3ebf23c72b886e371f3662ee164c80446f3f4f2341eb721c05285ecb4d25
Opcode Fuzzy Hash: ea0fd6e1e2e104978a796f57644306fca9321430ad8fbed80cd2c0d152293c53
Instruction Fuzzy Hash: 2301D675504644AEE720CB16DC45FA6F7E8DF04724F18C05AEE498B281D378A948CAB6

Function 00C5AF8B Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 00C5AFE4

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: d718feead92062d5a6e9895df82140bcb43686758c41bac1774680d752a70b19
Instruction ID: 73a0673596afc3163216a8e4bfe160745adeb48464da5975db479c46db333e2d
Opcode Fuzzy Hash: d718feead92062d5a6e9895df82140bcb43686758c41bac1774680d752a70b19
Instruction Fuzzy Hash: 2511E0755093C09FC7128B25CC85B52BFF4EF06220F0884DBEC898B2A3C334A848CB62

Function 00C5B1B4 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 00C5B208

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 8baedff445f86624a604e0e05ee808b86bfd1694b64ec1b7974303aa29fe3c9e
Instruction ID: 6ba88fd5fc2743a23e1d6bb30ff7164e52081dd348ae7a45c013851f42e23f34
Opcode Fuzzy Hash: 8baedff445f86624a604e0e05ee808b86bfd1694b64ec1b7974303aa29fe3c9e
Instruction Fuzzy Hash: 681170755093C49FDB128F15DC84B56BFA4DF46220F0884EAED848F256D275A948CB72

Function 00C5ABE6 Relevance: 1.5, APIs: 1, Instructions: 47pipeCOMMON

Download Yara Rule

APIs

CreatePipe.KERNELBASE(?,00000E24,?,?), ref: 00C5AC36

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: CreatePipe
String ID:
API String ID: 2719314638-0
Opcode ID: 8fd66b754429a76e1481fff64f81ae105110d95415d4d52793c53266e65af1f7
Instruction ID: 3e92b659d0ca5fb58b580d9c274c8e2baa18113305991ed6e34649c1dcfea840
Opcode Fuzzy Hash: 8fd66b754429a76e1481fff64f81ae105110d95415d4d52793c53266e65af1f7
Instruction Fuzzy Hash: 02017171600200ABD310DF16DD86F36FBE8FB88A20F14855AED489B745D735B915CBE6

Function 00C5A172 Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,00000E24,?,?), ref: 00C5A1C2

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: e289074649bcf36b5dc56e39262772fef079346616ef284ab62ab1e38e5277d3
Instruction ID: 72f65fc0882d6aaacae91d296eb43aaa0fd6a207766318f8647b74755408eb2a
Opcode Fuzzy Hash: e289074649bcf36b5dc56e39262772fef079346616ef284ab62ab1e38e5277d3
Instruction Fuzzy Hash: 6E01B171600200ABD310DF16CC86B36FBE8EB88A20F14855AEC089B745D735B911CBE2

Function 00C5AFB2 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

FindClose.KERNELBASE(?), ref: 00C5AFE4

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 9c36cd61bf086af82819600c789ea83ae113b713df095669597550416a3f493c
Instruction ID: 9b7f54d5859f0f82d93e80b9a5fe21b337c7cf619fc8f0c25e011e8726880ff8
Opcode Fuzzy Hash: 9c36cd61bf086af82819600c789ea83ae113b713df095669597550416a3f493c
Instruction Fuzzy Hash: EA01F9785006449FDB108F16DC85762FBD4EF05321F08C1AADD498B791D375EC48DE62

Function 00C5A2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 00C5A30C

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 21794233877bb8b27e6838eb3490a5b12328548cdc3edbebd3a8a0e3c89f9d3b
Instruction ID: aa2a5e52ba6d669b2e529d57ab159f086f98c2f5ed86904646abd89cb352eedc
Opcode Fuzzy Hash: 21794233877bb8b27e6838eb3490a5b12328548cdc3edbebd3a8a0e3c89f9d3b
Instruction Fuzzy Hash: BCF0DC385046449FDB208F16D885B22FBA0EF04729F08C1AADD484B266D379E848CAA2

Function 00C5A6D4 Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00C5A748

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 7ad83dbcab0362bada3df25f750af867f289ae84f2459b68e311cd82e09b1eb1
Instruction ID: 8b0c6c124f13bceb540fa0af8e3a0bcae6d26bed01928a4a9cb074a3e45736c8
Opcode Fuzzy Hash: 7ad83dbcab0362bada3df25f750af867f289ae84f2459b68e311cd82e09b1eb1
Instruction Fuzzy Hash: 4B21B0B59097C45FD7128B25DC95792BFB4AF07320F0984DAEC858F5A3D2249908C772

Function 00C5A716 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 00C5A748

Memory Dump Source

Source File: 00000006.00000002.2604722695.0000000000C5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c5a000_unarchiver.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 652eaf0e5412c76b8bcccffc9d7690aa99f326edac11a16e33fa21fbf26b6965
Instruction ID: c4d6036521446ff59947ea14bb5b146ad3fccb03efa537c418e5574ab500b8d3
Opcode Fuzzy Hash: 652eaf0e5412c76b8bcccffc9d7690aa99f326edac11a16e33fa21fbf26b6965
Instruction Fuzzy Hash: 1A01F278A006409FDB10CF26D985766FBE4DF08321F08C4AADD49CF656D379E948CEA2

Function 00F902C0 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2605674607.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f90000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c076e00dff56fe2f9e3a26a12a351ab7645dbae6029f1b26b6cf085300308889
Instruction ID: 9856d55c7fab16c4ba8aa5d78ab339be99a4ba51a28b2dea39589379f582a878
Opcode Fuzzy Hash: c076e00dff56fe2f9e3a26a12a351ab7645dbae6029f1b26b6cf085300308889
Instruction Fuzzy Hash: 39B15E38B01100CFDB24EB65E958B5E7BB2FF8A310B118629D906DB359CF309D44EB91

Function 00F90799 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2605674607.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f90000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81e994987dcc479b497012db3231acbc5452f6452208686d4c513a12b87b18e5
Instruction ID: 35479d53ce7d025b4bbd3112170fec78de8088a5714697bfaf63ba8fdd76872d
Opcode Fuzzy Hash: 81e994987dcc479b497012db3231acbc5452f6452208686d4c513a12b87b18e5
Instruction Fuzzy Hash: 9BA18B34B002008FEB19EBB5D85576E77B3ABC5308F258429D906DB395DF798C82DB91

Function 00F90B8F Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2605674607.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f90000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7544938e2084e41a740ae9712c5b98fa9329f96ec2823932127fa20c8555b6e8
Instruction ID: 8b0f9f61584bb45d2ba6df08ed7071c1e075a4e1cb3ce7dafc85b0e7a1501ee5
Opcode Fuzzy Hash: 7544938e2084e41a740ae9712c5b98fa9329f96ec2823932127fa20c8555b6e8
Instruction Fuzzy Hash: 6911E136A10118AFCB01EBB8DC4899F7BF2BF8A214B164566D506DB276DF32DC068781

Function 00F90BA0 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2605674607.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f90000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ec81b5091b43ff83a2346592a3a683cbbc694dfd2a51f05aafa70591d3abcfb
Instruction ID: 5395b5f2e3572f1d972b62458cc1167e8f5b0134ec42a928968ce90fa6b7dc25
Opcode Fuzzy Hash: 6ec81b5091b43ff83a2346592a3a683cbbc694dfd2a51f05aafa70591d3abcfb
Instruction Fuzzy Hash: 6211B235A10118AFCB44EB74D84899E77F6BF89214B164475D606DB236DF31DC059781

Function 00F60808 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2605570904.0000000000F60000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f60000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e71ed20ade523fa99dfbeacb5ace4d45d4483584ba8ebf9cf1a96d9b05185a33
Instruction ID: b723e5d403ef91d345718170f0fd814852e6b341a39ec6dbdb008c0f0a909376
Opcode Fuzzy Hash: e71ed20ade523fa99dfbeacb5ace4d45d4483584ba8ebf9cf1a96d9b05185a33
Instruction Fuzzy Hash: 7A01D4B24092446FD301CF55EC41C57BBE8DF86624F04C5AEFC488B202D339B9198BA2

Function 00F605E0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2605570904.0000000000F60000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f60000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79e4483f59b67730b29ab6517a169c138d274cb3ada51dec9c81e5a2c17a007e
Instruction ID: 82df0beffa5f11c30a3d00c5a124f2770e679ad71df4c689b779cf0669ca5849
Opcode Fuzzy Hash: 79e4483f59b67730b29ab6517a169c138d274cb3ada51dec9c81e5a2c17a007e
Instruction Fuzzy Hash: 4601D6B55487845FC3118F16EC41893BFF8EF8663070984ABE848CB612D239A909CB72

Function 00F6082E Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2605570904.0000000000F60000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f60000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c9642b5856ff129fa8aef8112e5f8f977bd448c15565b4c1696c2be7d8e2128
Instruction ID: 12d866fa6a12cca287f80a324f884c6bbbe0faa7008233f7e09e62120a6118e1
Opcode Fuzzy Hash: 6c9642b5856ff129fa8aef8112e5f8f977bd448c15565b4c1696c2be7d8e2128
Instruction Fuzzy Hash: 90F08CB2905204AB9200DF59ED46C66F7ECEF85521F08C56EEC088B704E27AA9158AE2

Function 00F90C50 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2605674607.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f90000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d600f38ee6afdf20948362e8ee265511353b40b58eb856fcd1208a0e1e91ebc7
Instruction ID: 03f5175f24d8010ace20336b466adc2c20ea396221cf9db677ade025d72df62a
Opcode Fuzzy Hash: d600f38ee6afdf20948362e8ee265511353b40b58eb856fcd1208a0e1e91ebc7
Instruction Fuzzy Hash: 97E02231F082901FCB04CBBC08405AE7FA28B92110B6A02BEC009C7292DE318D038740

Function 00F60606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2605570904.0000000000F60000.00000040.00000020.00020000.00000000.sdmp, Offset: 00F60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f60000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4400ebbda32699738d10e5ad6816b17481ac36194a9710f69cf4372b33151bc5
Instruction ID: cd01170d4b4cf61df1add4a41f0d465c6383a99836d57c7cd3e01d66fbec592f
Opcode Fuzzy Hash: 4400ebbda32699738d10e5ad6816b17481ac36194a9710f69cf4372b33151bc5
Instruction Fuzzy Hash: 89E092B66006044B9650CF0AEC42452F7D8EB84630708C07FDC0D8B701D239B504CAA5

Function 00F90C60 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2605674607.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f90000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfd640174f52a9f517935b9ced022a3fad0680945593691f68e0798cb97ef03d
Instruction ID: a4c4c98895608c5a62dc2f25360b5395fe6e591d8f31e725820c08d9422aa34f
Opcode Fuzzy Hash: dfd640174f52a9f517935b9ced022a3fad0680945593691f68e0798cb97ef03d
Instruction Fuzzy Hash: ACD0C231F002182F8B44EBB848441AE7AEA9B80054B66407AC009D7341EE30DD428380

Function 00F90DD1 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2605674607.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f90000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28e2d705f64805242f8734983445778fdc37a6fe18467b4ede9508cd41fcc546
Instruction ID: 0ff13c60b9fc29407d24432e7213648cc86e2b38d8f1f4328974e49deca114e7
Opcode Fuzzy Hash: 28e2d705f64805242f8734983445778fdc37a6fe18467b4ede9508cd41fcc546
Instruction Fuzzy Hash: C3E0122410D7808FD706A738DC297553F956FA2309F4A80E5C4488B2A7CA74DC40D791

Function 00C523F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2604662946.0000000000C52000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C52000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c52000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b161eb426e22250e02cdfe911a0abe11627952e09e8ad9779c33287af572a467
Instruction ID: 1fcf21f73f3a025b7331e4e9f55566c9f4c357c2497c5ebee65cce710fc70a6b
Opcode Fuzzy Hash: b161eb426e22250e02cdfe911a0abe11627952e09e8ad9779c33287af572a467
Instruction Fuzzy Hash: EDD05E792057814FD3169E1CC1A5B9537D8AB52715F4A44F9EC408B763C768EAC5E600

Function 00C523BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2604662946.0000000000C52000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C52000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_c52000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf3f8f4004a9b4f90ccf31b2d658ab860ac000873f5cf8e9207afcb5be21a680
Instruction ID: ebe9223ac5a5cfc5bc20aba7d76f3e991291466d2b87492d615dc268c12840b8
Opcode Fuzzy Hash: bf3f8f4004a9b4f90ccf31b2d658ab860ac000873f5cf8e9207afcb5be21a680
Instruction Fuzzy Hash: A7D05E383002814BCB15DE1CC2D4F5933D8AB41715F1A44E8AC208B272C7A8D9C5CA00

Function 00F90DE0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2605674607.0000000000F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_f90000_unarchiver.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b73da1c91a9bd1457ada496a3bf2ac93b0ad41b0896e669a269b63d652901cf
Instruction ID: 62d104e3fadc19794bf6de75825a53065f02878815398fbb910f2f93975310f3
Opcode Fuzzy Hash: 1b73da1c91a9bd1457ada496a3bf2ac93b0ad41b0896e669a269b63d652901cf
Instruction Fuzzy Hash: 94C012302002048FDB04B778D819A2573D66BD0318F59C46494084B266CE74EC80E684

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://onedrivesharedfiles.sbs/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\1hrmw4m1.p0e\boonless_protected.exe

C:\Users\user\AppData\Local\Temp\unarchiver.log

C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso (copy)

C:\Users\user\Downloads\Payment_49070_from_TKO_MEDIA_LLC.iso.crdownload

Chrome Cache Entry: 47

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Windows Analysis Report
http://onedrivesharedfiles.sbs/

Function 00F90C99 Relevance: 6.3, Strings: 5, Instructions: 85
COMMON

Function 00F90CA8 Relevance: 6.3, Strings: 5, Instructions: 82
COMMON

Function 00C5B246 Relevance: 1.6, APIs: 1, Instructions: 101
COMMON

Function 00C5AD04 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Function 00C5AB76 Relevance: 1.6, APIs: 1, Instructions: 92
pipeCOMMON

Function 00C5A5DC Relevance: 1.6, APIs: 1, Instructions: 90
fileCOMMON

Function 00C5A120 Relevance: 1.6, APIs: 1, Instructions: 82
fileCOMMON

Function 00C5B276 Relevance: 1.6, APIs: 1, Instructions: 80
COMMON

Function 00C5A370 Relevance: 1.6, APIs: 1, Instructions: 80
registryCOMMON

Function 00C5AD2A Relevance: 1.6, APIs: 1, Instructions: 80
COMMON

Function 00C5A850 Relevance: 1.6, APIs: 1, Instructions: 78
COMMON

Function 00C5A933 Relevance: 1.6, APIs: 1, Instructions: 77
fileCOMMON

Function 00C5A5FE Relevance: 1.6, APIs: 1, Instructions: 76
fileCOMMON

Function 00C5A78F Relevance: 1.6, APIs: 1, Instructions: 73
COMMON

Function 00C5AA0B Relevance: 1.6, APIs: 1, Instructions: 70
COMMON