Edit tour
Windows
Analysis Report
Swift Copy_19.02.2025.exe
Overview
General Information
| Sample name: | Swift Copy_19.02.2025.exe |
| Analysis ID: | 1620702 |
| MD5: | cfd2a2a0de8c10180319835f2c148578 |
| SHA1: | a685193f4a254f4a67d116120c870f827d83b561 |
| SHA256: | 7d9639376d9c7dcecfdf494950100a6d04238a7d510d65c4b52225b634073b24 |
| Tags: | exeuser-lowmal3 |
| Infos: |  |
 | |
Detection
GuLoader, Snake Keylogger
| Score: | 100 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
Joe Sandbox ML detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
Swift Copy_19.02.2025.exe (PID: 2532 cmdline:
"C:\Users\ user\Deskt op\Swift C opy_19.02. 2025.exe" MD5: CFD2A2A0DE8C10180319835F2C148578) "C:\Users\ user\Deskt op\Swift C opy_19.02. 2025.exe" MD5: CFD2A2A0DE8C10180319835F2C148578)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| 404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"C2 url": "https://api.telegram.org/bot7868872251:AAGgFQ9Bkl4sqj91n2vPKSuoyNLVzJTqODY/sendMessage"}{"Exfil Mode": "Telegram", "Token": "7868872251:AAGgFQ9Bkl4sqj91n2vPKSuoyNLVzJTqODY", "Chat_id": "8173633564", "Version": "4.4"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| Click to see the 1 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-21T08:29:39.382429+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49991 | 104.21.112.1 | 443 | TCP |
| 2025-02-21T08:29:40.200794+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49992 | 104.21.112.1 | 443 | TCP |
| 2025-02-21T08:29:40.990332+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49993 | 104.21.112.1 | 443 | TCP |
| 2025-02-21T08:29:41.909412+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49994 | 104.21.112.1 | 443 | TCP |
| 2025-02-21T08:29:42.694800+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49995 | 104.21.112.1 | 443 | TCP |
| 2025-02-21T08:29:43.471307+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49996 | 104.21.112.1 | 443 | TCP |
| 2025-02-21T08:29:44.563716+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49997 | 104.21.112.1 | 443 | TCP |
| 2025-02-21T08:29:45.328610+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49998 | 104.21.112.1 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-21T08:29:37.301012+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:38.832275+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:39.614831+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:40.426040+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:41.363536+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:42.129340+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:42.926091+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:43.707329+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:44.785406+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-21T08:29:31.759430+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49987 | 142.250.186.174 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-21T08:29:53.615236+0100 | 1810008 | 1 | Potentially Bad Traffic | 192.168.2.6 | 50001 | 149.154.167.220 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-21T08:29:46.995244+0100 | 1810007 | 1 | Potentially Bad Traffic | 192.168.2.6 | 49999 | 149.154.167.220 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 6_2_36A38790 | |
| Source: | Code function: | 6_2_36A38EF1 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_004065C7 | |
| Source: | Code function: | 0_2_00405996 | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 6_2_00402868 | |
| Source: | Code function: | 6_2_004065C7 | |
| Source: | Code function: | 6_2_00405996 | |
| Source: | Code function: | 6_2_03F7F2C0 | |
| Source: | Code function: | 6_2_03F7F4AC | |
| Source: | Code function: | 6_2_03F7F961 | |
| Source: | Code function: | 6_2_36A12A90 | |
| Source: | Code function: | 6_2_36A12EF0 | |
| Source: | Code function: | 6_2_36A10B30 | |
| Source: | Code function: | 6_2_36A10B30 | |
| Source: | Code function: | 6_2_36A12EEA | |
| Source: | Code function: | 6_2_36A1DAC8 | |
| Source: | Code function: | 6_2_36A13236 | |
| Source: | Code function: | 6_2_36A1D218 | |
| Source: | Code function: | 6_2_36A1D670 | |
| Source: | Code function: | 6_2_36A1E7D0 | |
| Source: | Code function: | 6_2_36A1DF20 | |
| Source: | Code function: | 6_2_36A1E378 | |
| Source: | Code function: | 6_2_36A1F080 | |
| Source: | Code function: | 6_2_36A1F4D8 | |
| Source: | Code function: | 6_2_36A1EC28 | |
| Source: | Code function: | 6_2_36A10040 | |
| Source: | Code function: | 6_2_36A1CDC0 | |
| Source: | Code function: | 6_2_36A1F930 | |
| Source: | Code function: | 6_2_36A31EA8 | |
| Source: | Code function: | 6_2_36A38FB0 | |
| Source: | Code function: | 6_2_36A37B78 | |
| Source: | Code function: | 6_2_36A3CE80 | |
| Source: | Code function: | 6_2_36A372C8 | |
| Source: | Code function: | 6_2_36A34ED0 | |
| Source: | Code function: | 6_2_36A34620 | |
| Source: | Code function: | 6_2_36A36A18 | |
| Source: | Code function: | 6_2_36A3EE70 | |
| Source: | Code function: | 6_2_36A36E70 | |
| Source: | Code function: | 6_2_36A34A78 | |
| Source: | Code function: | 6_2_36A31A50 | |
| Source: | Code function: | 6_2_36A3D7A0 | |
| Source: | Code function: | 6_2_36A3B7B0 | |
| Source: | Code function: | 6_2_36A32BB0 | |
| Source: | Code function: | 6_2_36A35780 | |
| Source: | Code function: | 6_2_36A3F790 | |
| Source: | Code function: | 6_2_36A35BD8 | |
| Source: | Code function: | 6_2_36A37720 | |
| Source: | Code function: | 6_2_36A3B320 | |
| Source: | Code function: | 6_2_36A35328 | |
| Source: | Code function: | 6_2_36A3F300 | |
| Source: | Code function: | 6_2_36A32300 | |
| Source: | Code function: | 6_2_36A3D310 | |
| Source: | Code function: | 6_2_36A32758 | |
| Source: | Code function: | 6_2_36A3B089 | |
| Source: | Code function: | 6_2_36A36488 | |
| Source: | Code function: | 6_2_36A30498 | |
| Source: | Code function: | 6_2_36A308F0 | |
| Source: | Code function: | 6_2_36A3E0C0 | |
| Source: | Code function: | 6_2_36A3C0D0 | |
| Source: | Code function: | 6_2_36A3DC30 | |
| Source: | Code function: | 6_2_36A36030 | |
| Source: | Code function: | 6_2_36A33008 | |
| Source: | Code function: | 6_2_36A33460 | |
| Source: | Code function: | 6_2_36A30040 | |
| Source: | Code function: | 6_2_36A3BC40 | |
| Source: | Code function: | 6_2_36A311A0 | |
| Source: | Code function: | 6_2_36A3E9E0 | |
| Source: | Code function: | 6_2_36A3C9F0 | |
| Source: | Code function: | 6_2_36A315F8 | |
| Source: | Code function: | 6_2_36A3C560 | |
| Source: | Code function: | 6_2_36A30D48 | |
| Source: | Code function: | 6_2_36A3E550 | |
| Source: | Code function: | 6_2_37786678 | |
| Source: | Code function: | 6_2_37785FD8 | |
| Source: | Code function: | 6_2_37784478 | |
| Source: | Code function: | 6_2_3778D470 | |
| Source: | Code function: | 6_2_3778A968 | |
| Source: | Code function: | 6_2_37780960 | |
| Source: | Code function: | 6_2_37787E60 | |
| Source: | Code function: | 6_2_37783B58 | |
| Source: | Code function: | 6_2_3778EC58 | |
| Source: | Code function: | 6_2_3778C150 | |
| Source: | Code function: | 6_2_37785B48 | |
| Source: | Code function: | 6_2_37789648 | |
| Source: | Code function: | 6_2_37780040 | |
| Source: | Code function: | 6_2_37786B40 | |
| Source: | Code function: | 6_2_37783238 | |
| Source: | Code function: | 6_2_3778D938 | |
| Source: | Code function: | 6_2_3778AE30 | |
| Source: | Code function: | 6_2_37785228 | |
| Source: | Code function: | 6_2_37788328 | |
| Source: | Code function: | 6_2_3778F120 | |
| Source: | Code function: | 6_2_37782918 | |
| Source: | Code function: | 6_2_3778C618 | |
| Source: | Code function: | 6_2_37781710 | |
| Source: | Code function: | 6_2_37789B10 | |
| Source: | Code function: | 6_2_37784908 | |
| Source: | Code function: | 6_2_37787008 | |
| Source: | Code function: | 6_2_3778DE00 | |
| Source: | Code function: | 6_2_37781FF8 | |
| Source: | Code function: | 6_2_3778B2F8 | |
| Source: | Code function: | 6_2_37780DF0 | |
| Source: | Code function: | 6_2_377887F0 | |
| Source: | Code function: | 6_2_37783FE8 | |
| Source: | Code function: | 6_2_3778F5E8 | |
| Source: | Code function: | 6_2_3778CAE0 | |
| Source: | Code function: | 6_2_37789FD8 | |
| Source: | Code function: | 6_2_377804D0 | |
| Source: | Code function: | 6_2_377874D0 | |
| Source: | Code function: | 6_2_377836C8 | |
| Source: | Code function: | 6_2_3778E2C8 | |
| Source: | Code function: | 6_2_3778B7C0 | |
| Source: | Code function: | 6_2_377856B8 | |
| Source: | Code function: | 6_2_37788CB8 | |
| Source: | Code function: | 6_2_3778FAB0 | |
| Source: | Code function: | 6_2_37782DA8 | |
| Source: | Code function: | 6_2_3778CFA8 | |
| Source: | Code function: | 6_2_37781BA0 | |
| Source: | Code function: | 6_2_3778A4A0 | |
| Source: | Code function: | 6_2_37784D98 | |
| Source: | Code function: | 6_2_37787998 | |
| Source: | Code function: | 6_2_3778E790 | |
| Source: | Code function: | 6_2_37782488 | |
| Source: | Code function: | 6_2_3778BC88 | |
| Source: | Code function: | 6_2_37781280 | |
| Source: | Code function: | 6_2_37789180 | |
| Source: | Code function: | 6_2_377B1CF0 | |
| Source: | Code function: | 6_2_377B1360 | |
| Source: | Code function: | 6_2_377B0508 | |
| Source: | Code function: | 6_2_377B09D0 | |
| Source: | Code function: | 6_2_377B0040 | |
| Source: | Code function: | 6_2_377B1828 | |
| Source: | Code function: | 6_2_377B0E98 | |
| Source: | Code function: | 6_2_377D4118 | |
| Source: | Code function: | 6_2_377D40B9 | |
| Source: | Code function: | 6_2_377D0C78 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_0040542B | |
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_00403359 | |
| Source: | Code function: | 6_2_00403359 | |
| Source: | Code function: | 0_2_00404C68 | |
| Source: | Code function: | 0_2_0040698E | |
| Source: | Code function: | 0_2_73911B5F | |
| Source: | Code function: | 6_2_00404C68 | |
| Source: | Code function: | 6_2_0040698E | |
| Source: | Code function: | 6_2_03F75370 | |
| Source: | Code function: | 6_2_03F7D278 | |
| Source: | Code function: | 6_2_03F7C146 | |
| Source: | Code function: | 6_2_03F7C738 | |
| Source: | Code function: | 6_2_03F776F1 | |
| Source: | Code function: | 6_2_03F7D548 | |
| Source: | Code function: | 6_2_03F76498 | |
| Source: | Code function: | 6_2_03F7C468 | |
| Source: | Code function: | 6_2_03F7CA08 | |
| Source: | Code function: | 6_2_03F7E988 | |
| Source: | Code function: | 6_2_03F76FC8 | |
| Source: | Code function: | 6_2_03F7CFAA | |
| Source: | Code function: | 6_2_03F73E09 | |
| Source: | Code function: | 6_2_03F79DE0 | |
| Source: | Code function: | 6_2_03F7CCD8 | |
| Source: | Code function: | 6_2_03F7F2C0 | |
| Source: | Code function: | 6_2_03F7B0B8 | |
| Source: | Code function: | 6_2_03F73A24 | |
| Source: | Code function: | 6_2_03F729EC | |
| Source: | Code function: | 6_2_03F7E97A | |
| Source: | Code function: | 6_2_03F7F961 | |
| Source: | Code function: | 6_2_36A12A90 | |
| Source: | Code function: | 6_2_36A19668 | |
| Source: | Code function: | 6_2_36A11FA8 | |
| Source: | Code function: | 6_2_36A10B30 | |
| Source: | Code function: | 6_2_36A11850 | |
| Source: | Code function: | 6_2_36A15148 | |
| Source: | Code function: | 6_2_36A1DAB9 | |
| Source: | Code function: | 6_2_36A1DAC8 | |
| Source: | Code function: | 6_2_36A1D209 | |
| Source: | Code function: | 6_2_36A1D218 | |
| Source: | Code function: | 6_2_36A1D660 | |
| Source: | Code function: | 6_2_36A1D670 | |
| Source: | Code function: | 6_2_36A11FA2 | |
| Source: | Code function: | 6_2_36A1E7CF | |
| Source: | Code function: | 6_2_36A1E7D0 | |
| Source: | Code function: | 6_2_36A1DF20 | |
| Source: | Code function: | 6_2_36A10B20 | |
| Source: | Code function: | 6_2_36A1DF1F | |
| Source: | Code function: | 6_2_36A1E36A | |
| Source: | Code function: | 6_2_36A1E378 | |
| Source: | Code function: | 6_2_36A1F080 | |
| Source: | Code function: | 6_2_36A18CC0 | |
| Source: | Code function: | 6_2_36A1F4D8 | |
| Source: | Code function: | 6_2_36A1EC28 | |
| Source: | Code function: | 6_2_36A1003F | |
| Source: | Code function: | 6_2_36A10011 | |
| Source: | Code function: | 6_2_36A1EC18 | |
| Source: | Code function: | 6_2_36A1F071 | |
| Source: | Code function: | 6_2_36A11841 | |
| Source: | Code function: | 6_2_36A10040 | |
| Source: | Code function: | 6_2_36A1CDAF | |
| Source: | Code function: | 6_2_36A1CDC0 | |
| Source: | Code function: | 6_2_36A1F922 | |
| Source: | Code function: | 6_2_36A1F930 | |
| Source: | Code function: | 6_2_36A19D38 | |
| Source: | Code function: | 6_2_36A15138 | |
| Source: | Code function: | 6_2_36A31EA8 | |
| Source: | Code function: | 6_2_36A38FB0 | |
| Source: | Code function: | 6_2_36A37B78 | |
| Source: | Code function: | 6_2_36A3FC20 | |
| Source: | Code function: | 6_2_36A381D0 | |
| Source: | Code function: | 6_2_36A372B8 | |
| Source: | Code function: | 6_2_36A3CE80 | |
| Source: | Code function: | 6_2_36A31E98 | |
| Source: | Code function: | 6_2_36A3F2EF | |
| Source: | Code function: | 6_2_36A322F0 | |
| Source: | Code function: | 6_2_36A3D2FF | |
| Source: | Code function: | 6_2_36A34EC6 | |
| Source: | Code function: | 6_2_36A372C8 | |
| Source: | Code function: | 6_2_36A34ED0 | |
| Source: | Code function: | 6_2_36A34620 | |
| Source: | Code function: | 6_2_36A34610 | |
| Source: | Code function: | 6_2_36A36A18 | |
| Source: | Code function: | 6_2_36A36E62 | |
| Source: | Code function: | 6_2_36A34A6A | |
| Source: | Code function: | 6_2_36A3CE6F | |
| Source: | Code function: | 6_2_36A3EE70 | |
| Source: | Code function: | 6_2_36A36E70 | |
| Source: | Code function: | 6_2_36A34A78 | |
| Source: | Code function: | 6_2_36A31A41 | |
| Source: | Code function: | 6_2_36A31A50 | |
| Source: | Code function: | 6_2_36A3EE5F | |
| Source: | Code function: | 6_2_36A38FA1 | |
| Source: | Code function: | 6_2_36A3B7A0 | |
| Source: | Code function: | 6_2_36A32BA0 | |
| Source: | Code function: | 6_2_36A3D7A0 | |
| Source: | Code function: | 6_2_36A3B7B0 | |
| Source: | Code function: | 6_2_36A32BB0 | |
| Source: | Code function: | 6_2_36A35780 | |
| Source: | Code function: | 6_2_36A3F780 | |
| Source: | Code function: | 6_2_36A3D78F | |
| Source: | Code function: | 6_2_36A3F790 | |
| Source: | Code function: | 6_2_36A35BD8 | |
| Source: | Code function: | 6_2_36A35322 | |
| Source: | Code function: | 6_2_36A37720 | |
| Source: | Code function: | 6_2_36A3B320 | |
| Source: | Code function: | 6_2_36A35328 | |
| Source: | Code function: | 6_2_36A3F300 | |
| Source: | Code function: | 6_2_36A32300 | |
| Source: | Code function: | 6_2_36A3B30F | |
| Source: | Code function: | 6_2_36A37710 | |
| Source: | Code function: | 6_2_36A3D310 | |
| Source: | Code function: | 6_2_36A37B69 | |
| Source: | Code function: | 6_2_36A35770 | |
| Source: | Code function: | 6_2_36A32749 | |
| Source: | Code function: | 6_2_36A32758 | |
| Source: | Code function: | 6_2_36A3E0AF | |
| Source: | Code function: | 6_2_36A338AD | |
| Source: | Code function: | 6_2_36A338B8 | |
| Source: | Code function: | 6_2_36A3C0BF | |
| Source: | Code function: | 6_2_36A30489 | |
| Source: | Code function: | 6_2_36A36488 | |
| Source: | Code function: | 6_2_36A30498 | |
| Source: | Code function: | 6_2_36A394E1 | |
| Source: | Code function: | 6_2_36A308E0 | |
| Source: | Code function: | 6_2_36A308F0 | |
| Source: | Code function: | 6_2_36A3E0C0 | |
| Source: | Code function: | 6_2_36A3C0D0 | |
| Source: | Code function: | 6_2_36A36022 | |
| Source: | Code function: | 6_2_36A3DC21 | |
| Source: | Code function: | 6_2_36A3BC33 | |
| Source: | Code function: | 6_2_36A3DC30 | |
| Source: | Code function: | 6_2_36A36030 | |
| Source: | Code function: | 6_2_36A33007 | |
| Source: | Code function: | 6_2_36A33008 | |
| Source: | Code function: | 6_2_36A30012 | |
| Source: | Code function: | 6_2_36A3FC17 | |
| Source: | Code function: | 6_2_36A33460 | |
| Source: | Code function: | 6_2_36A36478 | |
| Source: | Code function: | 6_2_36A30040 | |
| Source: | Code function: | 6_2_36A3BC40 | |
| Source: | Code function: | 6_2_36A33450 | |
| Source: | Code function: | 6_2_36A311A0 | |
| Source: | Code function: | 6_2_36A31190 | |
| Source: | Code function: | 6_2_36A3C9E0 | |
| Source: | Code function: | 6_2_36A3E9E0 | |
| Source: | Code function: | 6_2_36A315E8 | |
| Source: | Code function: | 6_2_36A3C9F0 | |
| Source: | Code function: | 6_2_36A315F8 | |
| Source: | Code function: | 6_2_36A381C0 | |
| Source: | Code function: | 6_2_36A3E9D0 | |
| Source: | Code function: | 6_2_36A3A528 | |
| Source: | Code function: | 6_2_36A30D39 | |
| Source: | Code function: | 6_2_36A3A538 | |
| Source: | Code function: | 6_2_36A3C560 | |
| Source: | Code function: | 6_2_36A3E540 | |
| Source: | Code function: | 6_2_36A30D48 | |
| Source: | Code function: | 6_2_36A3C550 | |
| Source: | Code function: | 6_2_36A3E550 | |
| Source: | Code function: | 6_2_37786678 | |
| Source: | Code function: | 6_2_37785FD8 | |
| Source: | Code function: | 6_2_37784478 | |
| Source: | Code function: | 6_2_37782478 | |
| Source: | Code function: | 6_2_3778BC78 | |
| Source: | Code function: | 6_2_3778E77F | |
| Source: | Code function: | 6_2_3778D470 | |
| Source: | Code function: | 6_2_37781270 | |
| Source: | Code function: | 6_2_37789171 | |
| Source: | Code function: | 6_2_3778A968 | |
| Source: | Code function: | 6_2_37784468 | |
| Source: | Code function: | 6_2_37786568 | |
| Source: | Code function: | 6_2_37786669 | |
| Source: | Code function: | 6_2_37780960 | |
| Source: | Code function: | 6_2_37787E60 | |
| Source: | Code function: | 6_2_3778D460 | |
| Source: | Code function: | 6_2_37783B58 | |
| Source: | Code function: | 6_2_3778EC58 | |
| Source: | Code function: | 6_2_3778A958 | |
| Source: | Code function: | 6_2_3778C150 | |
| Source: | Code function: | 6_2_37780950 | |
| Source: | Code function: | 6_2_37787E50 | |
| Source: | Code function: | 6_2_37783B53 | |
| Source: | Code function: | 6_2_37785B48 | |
| Source: | Code function: | 6_2_37789648 | |
| Source: | Code function: | 6_2_3778EC4D | |
| Source: | Code function: | 6_2_37780040 | |
| Source: | Code function: | 6_2_37786B40 | |
| Source: | Code function: | 6_2_3778C143 | |
| Source: | Code function: | 6_2_37783238 | |
| Source: | Code function: | 6_2_3778D938 | |
| Source: | Code function: | 6_2_37785B39 | |
| Source: | Code function: | 6_2_3778AE30 | |
| Source: | Code function: | 6_2_37786B30 | |
| Source: | Code function: | 6_2_37789637 | |
| Source: | Code function: | 6_2_37785228 | |
| Source: | Code function: | 6_2_37788328 | |
| Source: | Code function: | 6_2_3778322F | |
| Source: | Code function: | 6_2_3778F120 | |
| Source: | Code function: | 6_2_3778D927 | |
| Source: | Code function: | 6_2_37782918 | |
| Source: | Code function: | 6_2_3778C618 | |
| Source: | Code function: | 6_2_37785219 | |
| Source: | Code function: | 6_2_37788319 | |
| Source: | Code function: | 6_2_3778AE1F | |
| Source: | Code function: | 6_2_37781710 | |
| Source: | Code function: | 6_2_37789B10 | |
| Source: | Code function: | 6_2_3778F111 | |
| Source: | Code function: | 6_2_37782913 | |
| Source: | Code function: | 6_2_37784908 | |
| Source: | Code function: | 6_2_37787008 | |
| Source: | Code function: | 6_2_3778C608 | |
| Source: | Code function: | 6_2_3778660F | |
| Source: | Code function: | 6_2_3778DE00 | |
| Source: | Code function: | 6_2_37781FF8 | |
| Source: | Code function: | 6_2_3778B2F8 | |
| Source: | Code function: | 6_2_377848FB | |
| Source: | Code function: | 6_2_37786FFB | |
| Source: | Code function: | 6_2_377816FF | |
| Source: | Code function: | 6_2_37789AFF | |
| Source: | Code function: | 6_2_37780DF0 | |
| Source: | Code function: | 6_2_377887F0 | |
| Source: | Code function: | 6_2_3778DDF0 | |
| Source: | Code function: | 6_2_37783FE8 | |
| Source: | Code function: | 6_2_3778F5E8 | |
| Source: | Code function: | 6_2_37781FE8 | |
| Source: | Code function: | 6_2_3778B2E8 | |
| Source: | Code function: | 6_2_3778CAE0 | |
| Source: | Code function: | 6_2_37780DE0 | |
| Source: | Code function: | 6_2_377887E0 | |
| Source: | Code function: | 6_2_37789FD8 | |
| Source: | Code function: | 6_2_37783FD8 | |
| Source: | Code function: | 6_2_377804D0 | |
| Source: | Code function: | 6_2_377874D0 | |
| Source: | Code function: | 6_2_3778CAD1 | |
| Source: | Code function: | 6_2_3778F5D7 | |
| Source: | Code function: | 6_2_377836C8 | |
| Source: | Code function: | 6_2_3778E2C8 | |
| Source: | Code function: | 6_2_37789FC8 | |
| Source: | Code function: | 6_2_3778B7C0 | |
| Source: | Code function: | 6_2_377804C0 | |
| Source: | Code function: | 6_2_377836C3 | |
| Source: | Code function: | 6_2_37785FC7 | |
| Source: | Code function: | 6_2_377856B8 | |
| Source: | Code function: | 6_2_37788CB8 | |
| Source: | Code function: | 6_2_3778E2B8 | |
| Source: | Code function: | 6_2_377874BF | |
| Source: | Code function: | 6_2_3778FAB0 | |
| Source: | Code function: | 6_2_37782DA8 | |
| Source: | Code function: | 6_2_3778CFA8 | |
| Source: | Code function: | 6_2_377856A8 | |
| Source: | Code function: | 6_2_37788CA9 | |
| Source: | Code function: | 6_2_3778B7AF | |
| Source: | Code function: | 6_2_37781BA0 | |
| Source: | Code function: | 6_2_3778A4A0 | |
| Source: | Code function: | 6_2_3778FAA0 | |
| Source: | Code function: | 6_2_3778CFA6 | |
| Source: | Code function: | 6_2_37784D98 | |
| Source: | Code function: | 6_2_37787998 | |
| Source: | Code function: | 6_2_37782D9B | |
| Source: | Code function: | 6_2_3778E790 | |
| Source: | Code function: | 6_2_37781B91 | |
| Source: | Code function: | 6_2_37782488 | |
| Source: | Code function: | 6_2_3778BC88 | |
| Source: | Code function: | 6_2_37787988 | |
| Source: | Code function: | 6_2_37784D89 | |
| Source: | Code function: | 6_2_3778A48F | |
| Source: | Code function: | 6_2_37781280 | |
| Source: | Code function: | 6_2_37789180 | |
| Source: | Code function: | 6_2_377A73E0 | |
| Source: | Code function: | 6_2_377ADA30 | |
| Source: | Code function: | 6_2_377A1F73 | |
| Source: | Code function: | 6_2_377A9F73 | |
| Source: | Code function: | 6_2_377AF168 | |
| Source: | Code function: | 6_2_377A516F | |
| Source: | Code function: | 6_2_377AF163 | |
| Source: | Code function: | 6_2_377A3560 | |
| Source: | Code function: | 6_2_377A0360 | |
| Source: | Code function: | 6_2_377A6760 | |
| Source: | Code function: | 6_2_377A3558 | |
| Source: | Code function: | 6_2_377A9553 | |
| Source: | Code function: | 6_2_377A6750 | |
| Source: | Code function: | 6_2_377A0357 | |
| Source: | Code function: | 6_2_377A4B40 | |
| Source: | Code function: | 6_2_377A1940 | |
| Source: | Code function: | 6_2_377A4B31 | |
| Source: | Code function: | 6_2_377AB129 | |
| Source: | Code function: | 6_2_377A192F | |
| Source: | Code function: | 6_2_377A6120 | |
| Source: | Code function: | 6_2_377A2F20 | |
| Source: | Code function: | 6_2_377A2F10 | |
| Source: | Code function: | 6_2_377A6110 | |
| Source: | Code function: | 6_2_377A4500 | |
| Source: | Code function: | 6_2_377A1300 | |
| Source: | Code function: | 6_2_377A5DF1 | |
| Source: | Code function: | 6_2_377A41E0 | |
| Source: | Code function: | 6_2_377A0FE0 | |
| Source: | Code function: | 6_2_377A41D0 | |
| Source: | Code function: | 6_2_377A0FD0 | |
| Source: | Code function: | 6_2_377ABDD0 | |
| Source: | Code function: | 6_2_377A73CF | |
| Source: | Code function: | 6_2_377A57C0 | |
| Source: | Code function: | 6_2_377A25C0 | |
| Source: | Code function: | 6_2_377A25B0 | |
| Source: | Code function: | 6_2_377A57B1 | |
| Source: | Code function: | 6_2_377A3BA0 | |
| Source: | Code function: | 6_2_377A09A0 | |
| Source: | Code function: | 6_2_377A6DA0 | |
| Source: | Code function: | 6_2_377A099B | |
| Source: | Code function: | 6_2_377A3B90 | |
| Source: | Code function: | 6_2_377A6D90 | |
| Source: | Code function: | 6_2_377A5180 | |
| Source: | Code function: | 6_2_377A1F80 | |
| Source: | Code function: | 6_2_377A0670 | |
| Source: | Code function: | 6_2_377A6A70 | |
| Source: | Code function: | 6_2_377A386F | |
| Source: | Code function: | 6_2_377A4E60 | |
| Source: | Code function: | 6_2_377A1C60 | |
| Source: | Code function: | 6_2_377A9A60 | |
| Source: | Code function: | 6_2_377A4E51 | |
| Source: | Code function: | 6_2_377A6440 | |
| Source: | Code function: | 6_2_377A3240 | |
| Source: | Code function: | 6_2_377A0040 | |
| Source: | Code function: | 6_2_377A3230 | |
| Source: | Code function: | 6_2_377ADA2B | |
| Source: | Code function: | 6_2_377A642F | |
| Source: | Code function: | 6_2_377A4820 | |
| Source: | Code function: | 6_2_377A1620 | |
| Source: | Code function: | 6_2_377A4810 | |
| Source: | Code function: | 6_2_377AD210 | |
| Source: | Code function: | 6_2_377A5E00 | |
| Source: | Code function: | 6_2_377A2C00 | |
| Source: | Code function: | 6_2_377A12F0 | |
| Source: | Code function: | 6_2_377A44F0 | |
| Source: | Code function: | 6_2_377A9CE8 | |
| Source: | Code function: | 6_2_377A5AE0 | |
| Source: | Code function: | 6_2_377A28E0 | |
| Source: | Code function: | 6_2_377A5AD0 | |
| Source: | Code function: | 6_2_377A70C0 | |
| Source: | Code function: | 6_2_377A3EC0 | |
| Source: | Code function: | 6_2_377A0CC0 | |
| Source: | Code function: | 6_2_377A0CB0 | |
| Source: | Code function: | 6_2_377A70B1 | |
| Source: | Code function: | 6_2_377A3EAF | |
| Source: | Code function: | 6_2_377A54A0 | |
| Source: | Code function: | 6_2_377A22A0 | |
| Source: | Code function: | 6_2_377A5497 | |
| Source: | Code function: | 6_2_377A6A80 | |
| Source: | Code function: | 6_2_377A3880 | |
| Source: | Code function: | 6_2_377A0680 | |
| Source: | Code function: | 6_2_377BFB30 | |
| Source: | Code function: | 6_2_377B8470 | |
| Source: | Code function: | 6_2_377B1CF0 | |
| Source: | Code function: | 6_2_377B9D70 | |
| Source: | Code function: | 6_2_377BCF70 | |
| Source: | Code function: | 6_2_377BCF63 | |
| Source: | Code function: | 6_2_377B1360 | |
| Source: | Code function: | 6_2_377B3360 | |
| Source: | Code function: | 6_2_377B1351 | |
| Source: | Code function: | 6_2_377BE550 | |
| Source: | Code function: | 6_2_377BB350 | |
| Source: | Code function: | 6_2_377BB345 | |
| Source: | Code function: | 6_2_377BC930 | |
| Source: | Code function: | 6_2_377B9730 | |
| Source: | Code function: | 6_2_377BFB2B | |
| Source: | Code function: | 6_2_377B9720 | |
| Source: | Code function: | 6_2_377BC91F | |
| Source: | Code function: | 6_2_377BAD10 | |
| Source: | Code function: | 6_2_377BDF10 | |
| Source: | Code function: | 6_2_377B0508 | |
| Source: | Code function: | 6_2_377BDF01 | |
| Source: | Code function: | 6_2_377BC5FF | |
| Source: | Code function: | 6_2_377BDBF0 | |
| Source: | Code function: | 6_2_377BA9F0 | |
| Source: | Code function: | 6_2_377BA9E0 | |
| Source: | Code function: | 6_2_377BDBE7 | |
| Source: | Code function: | 6_2_377BF1D0 | |
| Source: | Code function: | 6_2_377B09D0 | |
| Source: | Code function: | 6_2_377B8DD0 | |
| Source: | Code function: | 6_2_377BBFD0 | |
| Source: | Code function: | 6_2_377BBFC5 | |
| Source: | Code function: | 6_2_377B09BF | |
| Source: | Code function: | 6_2_377BF1BF | |
| Source: | Code function: | 6_2_377BD5B0 | |
| Source: | Code function: | 6_2_377BA3B0 | |
| Source: | Code function: | 6_2_377BD5A7 | |
| Source: | Code function: | 6_2_377BB990 | |
| Source: | Code function: | 6_2_377B8790 | |
| Source: | Code function: | 6_2_377BEB90 | |
| Source: | Code function: | 6_2_377BEB81 | |
| Source: | Code function: | 6_2_377B8780 | |
| Source: | Code function: | 6_2_377BB980 | |
| Source: | Code function: | 6_2_377BE870 | |
| Source: | Code function: | 6_2_377BB670 | |
| Source: | Code function: | 6_2_377B8461 | |
| Source: | Code function: | 6_2_377BE861 | |
| Source: | Code function: | 6_2_377BB65F | |
| Source: | Code function: | 6_2_377B9A50 | |
| Source: | Code function: | 6_2_377BCC50 | |
| Source: | Code function: | 6_2_377BCC41 | |
| Source: | Code function: | 6_2_377B0040 | |
| Source: | Code function: | 6_2_377B7A40 | |
| Source: | Code function: | 6_2_377BB030 | |
| Source: | Code function: | 6_2_377BE230 | |
| Source: | Code function: | 6_2_377B1828 | |
| Source: | Code function: | 6_2_377BE221 | |
| Source: | Code function: | 6_2_377B0013 | |
| Source: | Code function: | 6_2_377BC610 | |
| Source: | Code function: | 6_2_377B9410 | |
| Source: | Code function: | 6_2_377BF810 | |
| Source: | Code function: | 6_2_377B1817 | |
| Source: | Code function: | 6_2_377B940B | |
| Source: | Code function: | 6_2_377BF800 | |
| Source: | Code function: | 6_2_377B04FB | |
| Source: | Code function: | 6_2_377BF4F0 | |
| Source: | Code function: | 6_2_377B90F0 | |
| Source: | Code function: | 6_2_377BC2F0 | |
| Source: | Code function: | 6_2_377B1CE0 | |
| Source: | Code function: | 6_2_377BC2E0 | |
| Source: | Code function: | 6_2_377BF4E0 | |
| Source: | Code function: | 6_2_377B90E7 | |
| Source: | Code function: | 6_2_377BD8D0 | |
| Source: | Code function: | 6_2_377BA6D0 | |
| Source: | Code function: | 6_2_377BD8C0 | |
| Source: | Code function: | 6_2_377BBCB0 | |
| Source: | Code function: | 6_2_377B8AB0 | |
| Source: | Code function: | 6_2_377BEEB0 | |
| Source: | Code function: | 6_2_377B8AAB | |
| Source: | Code function: | 6_2_377B72A8 | |
| Source: | Code function: | 6_2_377BBCA0 | |
| Source: | Code function: | 6_2_377B0E98 | |
| Source: | Code function: | 6_2_377BEE9F | |
| Source: | Code function: | 6_2_377BA090 | |
| Source: | Code function: | 6_2_377BD290 | |
| Source: | Code function: | 6_2_377B0E8D | |
| Source: | Code function: | 6_2_377BD280 | |
| Source: | Code function: | 6_2_377D16D8 | |
| Source: | Code function: | 6_2_377D32B0 | |
| Source: | Code function: | 6_2_377D1DF8 | |
| Source: | Code function: | 6_2_377D3998 | |
| Source: | Code function: | 6_2_377D24E0 | |
| Source: | Code function: | 6_2_377D0FF0 | |
| Source: | Code function: | 6_2_377D2BC8 | |
| Source: | Code function: | 6_2_377D4A80 | |
| Source: | Code function: | 6_2_377D16D3 | |
| Source: | Code function: | 6_2_377D16C8 | |
| Source: | Code function: | 6_2_377D32A0 | |
| Source: | Code function: | 6_2_377D1DE8 | |
| Source: | Code function: | 6_2_377D3989 | |
| Source: | Code function: | 6_2_377D24D0 | |
| Source: | Code function: | 6_2_377D01E8 | |
| Source: | Code function: | 6_2_377D01D8 | |
| Source: | Code function: | 6_2_377D0FE0 | |
| Source: | Code function: | 6_2_377D0C78 | |
| Source: | Code function: | 6_2_377D2BB9 | |
| Source: | Code function: | 6_2_37E65BE8 | |
| Source: | Code function: | 6_2_37E6B450 | |
| Source: | Code function: | 6_2_37E61AFC | |
| Source: | Code function: | 6_2_37E64958 | |
| Source: | Code function: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00403359 | |
| Source: | Code function: | 6_2_00403359 | |
| Source: | Code function: | 0_2_004046EC | |
| Source: | Code function: | 0_2_00402104 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_73911B5F | |
| Source: | Code function: | 6_2_03F7891F | |
| Source: | Code function: | 6_2_03F78DE0 | |
| Source: | Code function: | 6_2_03F78C30 | |
| Source: | Code function: | 6_2_37E634AE | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_004065C7 | |
| Source: | Code function: | 0_2_00405996 | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 6_2_00402868 | |
| Source: | Code function: | 6_2_004065C7 | |
| Source: | Code function: | 6_2_00405996 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4884 | ||
| Source: | API call chain: | graph_0-4889 | ||
| Source: | Code function: | 0_2_00401E49 | |
| Source: | Code function: | 0_2_73911B5F | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00403359 | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 1 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 System Network Configuration Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 3 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | 1 Clipboard Data | 4 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 215 System Information Discovery | SSH | Keylogging | 15 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 3 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 53% | Virustotal | Browse | ||
| 47% | ReversingLabs | Win32.Spyware.Snakekeylogger |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 142.250.186.174 | true | false | high | |
| drive.usercontent.google.com | 142.250.185.161 | true | false | high | |
| reallyfreegeoip.org | 104.21.112.1 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 158.101.44.242 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 104.21.112.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 142.250.185.161 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 142.250.186.174 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 158.101.44.242 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1620702 |
| Start date and time: | 2025-02-21 08:26:48 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 8m 32s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Run name: | Run with higher sleep bypass |
| Number of analysed new started processes analysed: | 7 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Swift Copy_19.02.2025.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/14@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded IPs from analysis (whitelisted): 13.107.246.45, 52.149.20.212, 20.12.23.50
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse | ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| 104.21.112.1 | Get hash | malicious | FormBook, GuLoader | Browse |
| |
| Get hash | malicious | DarkCloud | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Lokibot | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| 158.101.44.242 | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| reallyfreegeoip.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| api.telegram.org | Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| ORACLE-BMC-31898US | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, MSIL Logger, MassLogger RAT, PureLog Stealer | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | GuLoader | Browse |
| |
| Get hash | malicious | AsyncRAT, GuLoader | Browse |
| ||
| Get hash | malicious | AsyncRAT, StormKitty, WorldWind Stealer | Browse |
| ||
| Get hash | malicious | AsyncRAT, GuLoader | Browse |
| ||
| Get hash | malicious | AsyncRAT, GuLoader | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | GuLoader | Browse |
| |
| Get hash | malicious | AsyncRAT, GuLoader | Browse |
| ||
| Get hash | malicious | AsyncRAT, GuLoader | Browse |
| ||
| Get hash | malicious | AsyncRAT, GuLoader | Browse |
| ||
| Get hash | malicious | Discord Token Stealer, GuLoader | Browse |
| ||
| Get hash | malicious | Discord Token Stealer, GuLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | FormBook, GuLoader | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsl778C.tmp\System.dll | Get hash | malicious | FormBook, GuLoader | Browse | ||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 844 |
| Entropy (8bit): | 3.4419337585661194 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0c0a/ledp8wXuQUlbqOl11RsbdpYmHbq+1gPmvRdRc0zJCN85v4t2YZ/elFlz:8QudO/9lTYd9lgOJw224qy |
| MD5: | 0952E177EA970C800BA4C174E0DAD3A6 |
| SHA1: | C4D0FD59D6E109FA121223BF8EF798A78B816A0E |
| SHA-256: | A3C472F6D8E7DE868B9FE4D0D9C7513610B80DFA9E9E2892F2D3C2B9F979BB09 |
| SHA-512: | 77F6CC7D48507EEC6A7287E5714CB94539817860DD5CC06ABC00BFBBBB1AB3C2558463E7762E01ADE91DE376D38132D7244C295D449AF780511214B5B5921C01 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 5.719859767584478 |
| Encrypted: | false |
| SSDEEP: | 192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6 |
| MD5: | 0D7AD4F45DC6F5AA87F606D0331C6901 |
| SHA1: | 48DF0911F0484CBE2A8CDD5362140B63C41EE457 |
| SHA-256: | 3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA |
| SHA-512: | C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 844 |
| Entropy (8bit): | 3.4419337585661194 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0c0a/ledp8wXuQUlbqOl11RsbdpYmHbq+1gPmvRdRc0zJCN85v4t2YZ/elFlz:8QudO/9lTYd9lgOJw224qy |
| MD5: | 0952E177EA970C800BA4C174E0DAD3A6 |
| SHA1: | C4D0FD59D6E109FA121223BF8EF798A78B816A0E |
| SHA-256: | A3C472F6D8E7DE868B9FE4D0D9C7513610B80DFA9E9E2892F2D3C2B9F979BB09 |
| SHA-512: | 77F6CC7D48507EEC6A7287E5714CB94539817860DD5CC06ABC00BFBBBB1AB3C2558463E7762E01ADE91DE376D38132D7244C295D449AF780511214B5B5921C01 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 385 |
| Entropy (8bit): | 4.832402033784482 |
| Encrypted: | false |
| SSDEEP: | 6:TgHzz2qOXw2WiNBEzeEbEHJMA20Lm/HklkC70jeQQuRhClLZMJyNUivycFAe1:KGJYiNyXgHJMAt6HkyC70jkRT71 |
| MD5: | 90EC9FEAAB66462033FBB70FB9A3EE4B |
| SHA1: | 7AEF435EFC9C6007010315D6A7278A04E5A52429 |
| SHA-256: | E2C21AFE2CCD6E3D219780F268500BB8337D8B891E8595EC7C49AC35BAAC2057 |
| SHA-512: | 2CF848417755B906827EB26E42F84B8A454EA409855F3705D74E66F0F4340B8019D914E6616D302A69363A5F834A6E1CCB9A1F2B7887FA5A42BD11CAE317BEB4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 28874 |
| Entropy (8bit): | 7.844370082286915 |
| Encrypted: | false |
| SSDEEP: | 768:JPcUFwwqj73AuqAnmlcjknNblmP1CvYUI3dtz1VSA:JPcUsjHqOwxDYiA |
| MD5: | C9ABF950B5EA7C4E30DD9F58FC96E8D2 |
| SHA1: | 783B728F9C93A86A9524AF93F9DF2EC851A38A69 |
| SHA-256: | 7B1F375157924D100B36C83547FD9A070C5C2F99AA2821AF7372D73DD34A264B |
| SHA-512: | C40DAFA22A0D2AEAB1757D1EF4A4D47A5A3098552C98AB1CA36A4C8D4EB6526ACD632737ACE30C04DD56C37F967B2477991DB1A461BAC329A26B6A050EA6A7BE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 450534 |
| Entropy (8bit): | 2.6473802752967566 |
| Encrypted: | false |
| SSDEEP: | 3072:d3x7TBmJ/bOa0qNwkQOlSzOrRth4+49IBW276D:dhnghuq+kLSOrRth4XCBWY6D |
| MD5: | E846A0B20301808D60676739AC9B5EB1 |
| SHA1: | E930132F14B65F087EF4FD0F82AD02A63B546244 |
| SHA-256: | FD753F0E8394081E9DC335352A9A1681D6E542AF7E24E891C5A37E2DF65B3F10 |
| SHA-512: | 7D1E14D4CEC4ED12F22C3909EDAC6C802D421BF00F045BF61DBE10B9357708B4BAF3F12CEB0D0709832134DC9E1FC41F32D922B254E62A65AA731B09D591B36A |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 215804 |
| Entropy (8bit): | 7.513742176745442 |
| Encrypted: | false |
| SSDEEP: | 3072:auYg7NtmmfwGUNKQMibuuvBtskYCWBYZiLuWhnsF+fAFlPmnhHvF3nVPXoT7XxCl:amNFUNC4LBBYCWBtCohPFnx+hyYto1AW |
| MD5: | C305740F9F095BD3F9D7DFFA1068399E |
| SHA1: | 6976A759EE936BDEE1DF7CAA370494A1B3701AE4 |
| SHA-256: | 4D6A7623602268D5A5BC24E72B2E92658D1196C85A3D15C8C398D7AEC8B2F9E0 |
| SHA-512: | DE84527E96BC3021C36C7CC81BCC2BF533EC6C36F308CD845BBA5484F8B6C8B7FD42617F411DFB9DE1BA98AFA855FC3B9E1B3639F236C9B7911A93FEEAF31892 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 491 |
| Entropy (8bit): | 4.31953270914656 |
| Encrypted: | false |
| SSDEEP: | 12:7KiEoPLTxneWRDBeFaSWTVQK/mD5VWlHAX/bIogUXv:+xojTxneydeF0QKF9Wfg6 |
| MD5: | 663E26E192D34C89A21482F86A0CC079 |
| SHA1: | D50C89DDF76D97B7FFF7AFBB20FE698B820F35BE |
| SHA-256: | 79AB4370CA578D5FA793BFE1A3041D70B95855D3056594FA41EDC00ECF416A20 |
| SHA-512: | B9A84B48F8A8F733F10A88F285169ECA7416E6FE1A2B51B73A4A4228C7A8781292DCBDE1FF748ECD1E7FF14B743F3E0BF455EE3C1BD0BF2454B0E33B39A30FA3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 652 |
| Entropy (8bit): | 4.355240967905803 |
| Encrypted: | false |
| SSDEEP: | 12:DQK0AeDcGABWyOVm1kjppAiYFCR/TD6zQAFqrX47tP8wokbb1XF1LbkeW0r3q:DQK0AeDKczjDInzQzrX47tP3ZIKr3q |
| MD5: | 790EBF2AC0CA4ADCDB58E45D0A450DBC |
| SHA1: | D18F698C2AA650D78AD5167E3B2B9953F54D3F8A |
| SHA-256: | C49F3F671B7CBF550040EA2DC10D462A46D87C7D62CA0F85C6CDFE86A42CECD2 |
| SHA-512: | 1F3D6EE159D0EE604D22A6565228F41C58FADCF141B8A69A277D70B8D74A3306205B3FC56C1F4D93873056BF29C68053305B55EEA3B878A0C967739D224A445B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29380 |
| Entropy (8bit): | 1.2646489004189274 |
| Encrypted: | false |
| SSDEEP: | 192:vp3MOAy7WiXB2O1NUcFWb38pStMMI81jeUWBmSF//LzzIxj13gjwKWuQ6SSph7NC:x3vArO7WwNM/JUZe3gjw36z7A |
| MD5: | 766D9EF7530D23758F482B0AB2B54788 |
| SHA1: | C430E21B1463ECEB32D05C6F0909D9821C27A3E7 |
| SHA-256: | 7BA4160056FB1B321E5859A9AA1F9C277B9C798B968C34E735F5222710E7ED09 |
| SHA-512: | 5BC154B564AF204C25D2E7651E3C4C9F9263C3E6A88F149DDBE9892BAF0B26079E171AEBAC4DD334EE8192EC4F2C5D510536A2287AD1EEA5BD357AAAFABAD68F |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 602 |
| Entropy (8bit): | 4.605036996213703 |
| Encrypted: | false |
| SSDEEP: | 12:VOnCFZCC0zHqKKMiM5tLBcwhRlZGoMTisWPulSW5VKZRU4wPa:UGQCsqKtiEvlEBTi1W5gZRB |
| MD5: | AC5918C28B077C9134D607DD4DA5C7D8 |
| SHA1: | 0B6E4CD64998D4A6BDCBD6698F1388BB0B4F204D |
| SHA-256: | 7A0296F17E8BDED15E306321AF16A537DFE424EA806BDA138402C11453C27E1D |
| SHA-512: | 0B83B999A6EE4FD22604DF2ED2610403ABEAA24AA0926DB61C91F63B9477A0AA63DA1AC8B6C2DE348F523E7ED4C414CD28A30B75E8B6FADED2C2431D5F6A6F5E |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 497 |
| Entropy (8bit): | 4.53243935171649 |
| Encrypted: | false |
| SSDEEP: | 12:0IFT8Q2uF5oBYyQgRxc6h9JOTTu8MSgMgUWYM16Ew51NLaH:X8VuYYyxrhrViBDy/9H |
| MD5: | 349C3014AD27290CECAF439303816708 |
| SHA1: | 33C07D049A06EDA444A3AB12E4E935D61618ADC8 |
| SHA-256: | 7AEA294FBDC4CFA3972C4BF45A2C787F38174B5A0E8A3C2AB45ACB0FC5B5D120 |
| SHA-512: | 801B190430E8FBED64D7EE2E1BCAA2A35651E5C261D79726E93668D7F13DEA58D8CCD34EDBCA3FD4340B219AB1FA75CB2F58ADAE2EF79741C8886462A6A16FCE |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 499466 |
| Entropy (8bit): | 1.2537138658824154 |
| Encrypted: | false |
| SSDEEP: | 1536:n9B+wZ0kdeJjeICC3gnX++yF9zMVwwC6mfPWc:n950dCqaXFyPzM1mfB |
| MD5: | A751D549670670F890F5A08CC4F5A4D6 |
| SHA1: | C44D434264F7DAE94C0D5A7FB58053D81B99391D |
| SHA-256: | D05E57BC53965EA455C243B24BD34A5549ED8F08698C834A411435F0EB9F893D |
| SHA-512: | 03FDFE35FC7D8DD0BF02E7E78C7D69B989A6A495BD4ECBDD34C1012AE82B7ABFDBE8FC30B82705BF54BDBD0F2493F7A04F78F9FA15809A8461AD556B8A584AA8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 271621 |
| Entropy (8bit): | 1.2540543167421097 |
| Encrypted: | false |
| SSDEEP: | 768:KtofaHIEDu5ffzIabBiHt/tAr4ajzjk8NG4GwGuV0VXHfR:1faDwfzIaAYDjk8gXfR |
| MD5: | CCE99D8B4C78640993AA75D7C428D061 |
| SHA1: | 6C4F21368687D9A2C8423032BCC8E0ED3227DA07 |
| SHA-256: | 33D5EDAE3829EF41E644CD76D9BC5F8386420513BD254CA7AB4A88C5C615810C |
| SHA-512: | 47ED14565C2D4208F66A7AE070454243F26D06C72F784B9C8675BA172A0B94CF85868778E8DE07F12ABE6078A29D58A833FA269BFD82CD47A01E9E4601730836 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.9564349118896605 |
| TrID: |
|
| File name: | Swift Copy_19.02.2025.exe |
| File size: | 693'604 bytes |
| MD5: | cfd2a2a0de8c10180319835f2c148578 |
| SHA1: | a685193f4a254f4a67d116120c870f827d83b561 |
| SHA256: | 7d9639376d9c7dcecfdf494950100a6d04238a7d510d65c4b52225b634073b24 |
| SHA512: | a423f5abf8ff6b7caa625cb292760f08839527352dde9808f8c73b2d7e5f76d5c7e6f4d997054c39a9375a02a74b044a89efd4dae9e7ad0a4c835c8ae83ca259 |
| SSDEEP: | 12288:Xa/AcZ6qJ2s1+pBOi+jWtpXpUtvntYRo0/vzwZ2XdgjPEmADNA0EpphZNG2K:X4Z6SQB5+ypXGL4oyszjsmY0K |
| TLSH: | F1E4239162D4C9EAE0668FF2E47DCAF44DF89D20E938834353547E2D3D7A5018E1A3DA |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................d...*..... |
 | |
| Icon Hash: | 23034d4b1303112b |
| Entrypoint: | 0x403359 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x5C157F1B [Sat Dec 15 22:24:27 2018 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | b34f154ec913d2d2c435cbd644e91687 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+14h], ebx |
| mov dword ptr [esp+10h], 0040A2E0h |
| mov dword ptr [esp+1Ch], ebx |
| call dword ptr [004080A8h] |
| call dword ptr [004080A4h] |
| and eax, BFFFFFFFh |
| cmp ax, 00000006h |
| mov dword ptr [0042A20Ch], eax |
| je 00007F962122FF63h |
| push ebx |
| call 00007F9621233215h |
| cmp eax, ebx |
| je 00007F962122FF59h |
| push 00000C00h |
| call eax |
| mov esi, 004082B0h |
| push esi |
| call 00007F962123318Fh |
| push esi |
| call dword ptr [00408150h] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], 00000000h |
| jne 00007F962122FF3Ch |
| push 0000000Ah |
| call 00007F96212331E8h |
| push 00000008h |
| call 00007F96212331E1h |
| push 00000006h |
| mov dword ptr [0042A204h], eax |
| call 00007F96212331D5h |
| cmp eax, ebx |
| je 00007F962122FF61h |
| push 0000001Eh |
| call eax |
| test eax, eax |
| je 00007F962122FF59h |
| or byte ptr [0042A20Fh], 00000040h |
| push ebp |
| call dword ptr [00408044h] |
| push ebx |
| call dword ptr [004082A0h] |
| mov dword ptr [0042A2D8h], eax |
| push ebx |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebx |
| push 004216A8h |
| call dword ptr [00408188h] |
| push 0040A2C8h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8504 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x55000 | 0x2fde8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x62a5 | 0x6400 | 5814efda24a547f46f687d77de540309 | False | 0.6590234375 | data | 6.431421556070023 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x1396 | 0x1400 | ef1be07ca8b096915258569fb3718a3c | False | 0.453125 | data | 5.159710562612049 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x20318 | 0x600 | 7d0d44c89e64b001096d8f9c60b1ac1b | False | 0.4928385416666667 | data | 3.90464114821524 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x2b000 | 0x2a000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x55000 | 0x2fde8 | 0x2fe00 | 30681180cff1042f2d0d4ceee6d45f1a | False | 0.9422986700391645 | data | 7.870508006637617 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x55418 | 0x1c24c | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 1.0003036191401506 |
| RT_ICON | 0x71668 | 0x923b | PNG image data, 256 x 256, 8-bit colormap, non-interlaced | English | United States | 0.9948978228930145 |
| RT_ICON | 0x7a8a8 | 0x3945 | PNG image data, 256 x 256, 4-bit colormap, non-interlaced | English | United States | 1.0007502898847283 |
| RT_ICON | 0x7e1f0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.5910788381742739 |
| RT_ICON | 0x80798 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.62312382739212 |
| RT_ICON | 0x81840 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304 | English | United States | 0.7022921108742004 |
| RT_ICON | 0x826e8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024 | English | United States | 0.7955776173285198 |
| RT_ICON | 0x82f90 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States | 0.5170731707317073 |
| RT_ICON | 0x835f8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256 | English | United States | 0.7210982658959537 |
| RT_ICON | 0x83b60 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.7322695035460993 |
| RT_ICON | 0x83fc8 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States | 0.6666666666666666 |
| RT_ICON | 0x842b0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States | 0.7297297297297297 |
| RT_DIALOG | 0x843d8 | 0x120 | data | English | United States | 0.5138888888888888 |
| RT_DIALOG | 0x844f8 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x84618 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x846e0 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x84740 | 0xae | data | English | United States | 0.6379310344827587 |
| RT_VERSION | 0x847f0 | 0x2b8 | COM executable for DOS | English | United States | 0.47413793103448276 |
| RT_MANIFEST | 0x84aa8 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW |
| ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Description | Data |
|---|---|
| Comments | lampatia |
| FileDescription | flighting redescribes nasioinial |
| FileVersion | 1.4.0.0 |
| InternalName | dovetailwise.exe |
| OriginalFilename | dovetailwise.exe |
| ProductName | autodidakte leah bubas |
| ProductVersion | 1.4.0.0 |
| Translation | 0x0409 0x04e4 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-21T08:29:31.759430+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.6 | 49987 | 142.250.186.174 | 443 | TCP |
| 2025-02-21T08:29:37.301012+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:38.832275+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:39.382429+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49991 | 104.21.112.1 | 443 | TCP |
| 2025-02-21T08:29:39.614831+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:40.200794+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49992 | 104.21.112.1 | 443 | TCP |
| 2025-02-21T08:29:40.426040+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:40.990332+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49993 | 104.21.112.1 | 443 | TCP |
| 2025-02-21T08:29:41.363536+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:41.909412+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49994 | 104.21.112.1 | 443 | TCP |
| 2025-02-21T08:29:42.129340+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:42.694800+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49995 | 104.21.112.1 | 443 | TCP |
| 2025-02-21T08:29:42.926091+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:43.471307+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49996 | 104.21.112.1 | 443 | TCP |
| 2025-02-21T08:29:43.707329+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:44.563716+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49997 | 104.21.112.1 | 443 | TCP |
| 2025-02-21T08:29:44.785406+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | TCP |
| 2025-02-21T08:29:45.328610+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49998 | 104.21.112.1 | 443 | TCP |
| 2025-02-21T08:29:46.995244+0100 | 1810007 | Joe Security ANOMALY Telegram Send Message | 1 | 192.168.2.6 | 49999 | 149.154.167.220 | 443 | TCP |
| 2025-02-21T08:29:53.615236+0100 | 1810008 | Joe Security ANOMALY Telegram Send File | 1 | 192.168.2.6 | 50001 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 21, 2025 08:29:30.722163916 CET | 49987 | 443 | 192.168.2.6 | 142.250.186.174 |
| Feb 21, 2025 08:29:30.722209930 CET | 443 | 49987 | 142.250.186.174 | 192.168.2.6 |
| Feb 21, 2025 08:29:30.722274065 CET | 49987 | 443 | 192.168.2.6 | 142.250.186.174 |
| Feb 21, 2025 08:29:30.735632896 CET | 49987 | 443 | 192.168.2.6 | 142.250.186.174 |
| Feb 21, 2025 08:29:30.735644102 CET | 443 | 49987 | 142.250.186.174 | 192.168.2.6 |
| Feb 21, 2025 08:29:31.370840073 CET | 443 | 49987 | 142.250.186.174 | 192.168.2.6 |
| Feb 21, 2025 08:29:31.371083975 CET | 49987 | 443 | 192.168.2.6 | 142.250.186.174 |
| Feb 21, 2025 08:29:31.371640921 CET | 443 | 49987 | 142.250.186.174 | 192.168.2.6 |
| Feb 21, 2025 08:29:31.371720076 CET | 49987 | 443 | 192.168.2.6 | 142.250.186.174 |
| Feb 21, 2025 08:29:31.442145109 CET | 49987 | 443 | 192.168.2.6 | 142.250.186.174 |
| Feb 21, 2025 08:29:31.442173958 CET | 443 | 49987 | 142.250.186.174 | 192.168.2.6 |
| Feb 21, 2025 08:29:31.442576885 CET | 443 | 49987 | 142.250.186.174 | 192.168.2.6 |
| Feb 21, 2025 08:29:31.442626953 CET | 49987 | 443 | 192.168.2.6 | 142.250.186.174 |
| Feb 21, 2025 08:29:31.452753067 CET | 49987 | 443 | 192.168.2.6 | 142.250.186.174 |
| Feb 21, 2025 08:29:31.495332003 CET | 443 | 49987 | 142.250.186.174 | 192.168.2.6 |
| Feb 21, 2025 08:29:31.759423971 CET | 443 | 49987 | 142.250.186.174 | 192.168.2.6 |
| Feb 21, 2025 08:29:31.759495974 CET | 49987 | 443 | 192.168.2.6 | 142.250.186.174 |
| Feb 21, 2025 08:29:31.759530067 CET | 443 | 49987 | 142.250.186.174 | 192.168.2.6 |
| Feb 21, 2025 08:29:31.759613991 CET | 49987 | 443 | 192.168.2.6 | 142.250.186.174 |
| Feb 21, 2025 08:29:31.760108948 CET | 49987 | 443 | 192.168.2.6 | 142.250.186.174 |
| Feb 21, 2025 08:29:31.760154009 CET | 443 | 49987 | 142.250.186.174 | 192.168.2.6 |
| Feb 21, 2025 08:29:31.760234118 CET | 49987 | 443 | 192.168.2.6 | 142.250.186.174 |
| Feb 21, 2025 08:29:31.797841072 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:31.797878981 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:31.798177958 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:31.798295975 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:31.798304081 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:32.464235067 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:32.464339018 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:32.468055964 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:32.468063116 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:32.468421936 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:32.468486071 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:32.535352945 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:32.579325914 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.885386944 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.885505915 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:34.885953903 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.886012077 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:34.897500038 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.897782087 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:34.897792101 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.897914886 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:34.976010084 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.976078033 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.976118088 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.976125002 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:34.976139069 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.976149082 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:34.976167917 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:34.976181984 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:34.976265907 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.976305962 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:34.981066942 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.981121063 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:34.981127024 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.981163979 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:34.987324953 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.987432957 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:34.987447977 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.987489939 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:34.993649006 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.993702888 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:34.993710041 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:34.993746996 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.000076056 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.000128031 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.000138044 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.000170946 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.005944014 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.006001949 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.006007910 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.006043911 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.012059927 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.012123108 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.012130022 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.012183905 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.017966986 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.018018007 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.018023968 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.018059969 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.024162054 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.024211884 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.024219036 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.024264097 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.029958963 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.030014992 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.030026913 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.030059099 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.036015034 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.036067009 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.066865921 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.066939116 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.066946030 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.066956043 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.066979885 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.067011118 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.067014933 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.067058086 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.067239046 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.067282915 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.067399979 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.067523003 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.067529917 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.067572117 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.067794085 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.067856073 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.067859888 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.067894936 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.073163986 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.073256016 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.073263884 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.073374987 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.079509974 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.079580069 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.079606056 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.079612970 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.079687119 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.092832088 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.092935085 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.092943907 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.093034029 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.095061064 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.095163107 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.095170021 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.095248938 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.098326921 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.098381042 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.098386049 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.098423958 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.107709885 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.107806921 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.108386993 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.108428955 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.108462095 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.108511925 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.108517885 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.108560085 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.113753080 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.113815069 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.113821983 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.113864899 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.118662119 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.118762970 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.118771076 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.118860006 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.123414993 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.123516083 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.123524904 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.123601913 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.127698898 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.127788067 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.127795935 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.127886057 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.132601023 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.132663012 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.132669926 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.132710934 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.135807991 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.135890007 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.135895967 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.135945082 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.135983944 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.136044979 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.139880896 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.139931917 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.139940977 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.139976978 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.143753052 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.143841028 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.143846989 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.143904924 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.147665977 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.147716999 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.147722960 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.147778988 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.151561022 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.151611090 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.151617050 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.151649952 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.155412912 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.155488014 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.155505896 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.155589104 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.160511017 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.160604000 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.160634995 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.160665989 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.160671949 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.160865068 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.163119078 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.163239956 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.163283110 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.163376093 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.165477037 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.165622950 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.165636063 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.165746927 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.167836905 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.167910099 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.167916059 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.167953968 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.169631004 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.169698954 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.169704914 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.169740915 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.172676086 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.172744989 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.172858953 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.172966003 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.174799919 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.174863100 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.174870014 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.174906969 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.177097082 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.177160025 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.177165985 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.177207947 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.184376001 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.184434891 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.184463024 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.184483051 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.184483051 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.184490919 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.184534073 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.184534073 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.185873032 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.185939074 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.185957909 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.186012030 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.186084032 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.186321020 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.186326981 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.186511040 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.189124107 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.189306974 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.189312935 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.189368010 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.190306902 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.190457106 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.190462112 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.190632105 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.199242115 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.199325085 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.199333906 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.199345112 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.199393988 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.199393988 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.199714899 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.199764013 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.199774981 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.199781895 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.199809074 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.199903965 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.204545021 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.204588890 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.204643965 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.204651117 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.204668045 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.204710960 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.204760075 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.204951048 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.204971075 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.205022097 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.210510015 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.210585117 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.210592985 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.210655928 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.210669994 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.210716009 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.210721016 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.210786104 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.211030006 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.211324930 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.211330891 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.211509943 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.214627028 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.214701891 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.214725971 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.214732885 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.214747906 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.215337992 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.215341091 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.215691090 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.218609095 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.218672037 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.218698978 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.218699932 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.218708992 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.218720913 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.218787909 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.222768068 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.222822905 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.222840071 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.222846985 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.222898006 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.222898006 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.222907066 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.223021984 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.226646900 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.226834059 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.226840019 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.226902008 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.226913929 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.226921082 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.227217913 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.233452082 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.233501911 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.233529091 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.233541965 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.233541965 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.233549118 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.233577967 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.233577967 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.235518932 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.235575914 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.235583067 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.235697985 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.236013889 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.236170053 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.236207962 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.236325026 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.239388943 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.239535093 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.239542007 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.240010977 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.240063906 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.240119934 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.240124941 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.240200996 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.243256092 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.243330956 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.243336916 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.243413925 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.243872881 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.243983030 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.243989944 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.244142056 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.247153044 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.247328997 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.247334957 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.247498989 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.247505903 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.247559071 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.247564077 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.247736931 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.249609947 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.249665976 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.249672890 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.249743938 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.251045942 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.251097918 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.251105070 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.251337051 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.252789974 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.252871990 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.252876997 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.252995968 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.254098892 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.254189968 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.254462957 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.254513979 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.255857944 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.255964994 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.256020069 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.256127119 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.257616997 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.257728100 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.257736921 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.257860899 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.259191990 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.259248972 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.259255886 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.259294987 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.260742903 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.260854959 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.260899067 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.261096954 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.262124062 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.262193918 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.262274027 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.262320995 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.263792038 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.263854980 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.263860941 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.263925076 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.265227079 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.265285969 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.265291929 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.265377045 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.266776085 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.266834021 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.266839981 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.266910076 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.268011093 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.268141985 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.268184900 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.268256903 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.268263102 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.268313885 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.269428015 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.269495010 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.269598007 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.269687891 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.270015001 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.270071983 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.270076990 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.270159960 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.277688026 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.277739048 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.277756929 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.277769089 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.277779102 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.277839899 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.277869940 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.277873993 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.277888060 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.277905941 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.277926922 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.277930975 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.277946949 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.277956009 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.277983904 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.277988911 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.278022051 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.278022051 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.278143883 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.278377056 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.282259941 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.282325983 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.282337904 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.282447100 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.282447100 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.282454014 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.282481909 CET | 443 | 49988 | 142.250.185.161 | 192.168.2.6 |
| Feb 21, 2025 08:29:35.282529116 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:35.282529116 CET | 49988 | 443 | 192.168.2.6 | 142.250.185.161 |
| Feb 21, 2025 08:29:36.512706995 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:36.517735004 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:36.517839909 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:36.518064976 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:36.523047924 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:37.081201077 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:37.103708982 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:37.108741999 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:37.258359909 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:37.301012039 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:37.715648890 CET | 49990 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:37.715686083 CET | 443 | 49990 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:37.715775967 CET | 49990 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:37.718170881 CET | 49990 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:37.718185902 CET | 443 | 49990 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:38.318422079 CET | 443 | 49990 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:38.318492889 CET | 49990 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:38.320722103 CET | 49990 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:38.320732117 CET | 443 | 49990 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:38.321002960 CET | 443 | 49990 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:38.325126886 CET | 49990 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:38.367336035 CET | 443 | 49990 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:38.590023041 CET | 443 | 49990 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:38.590097904 CET | 443 | 49990 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:38.590230942 CET | 49990 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:38.596434116 CET | 49990 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:38.633894920 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:38.638972998 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:38.790958881 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:38.793225050 CET | 49991 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:38.793281078 CET | 443 | 49991 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:38.793356895 CET | 49991 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:38.793646097 CET | 49991 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:38.793667078 CET | 443 | 49991 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:38.832274914 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:39.249020100 CET | 443 | 49991 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:39.251837969 CET | 49991 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:39.251859903 CET | 443 | 49991 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:39.382442951 CET | 443 | 49991 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:39.382500887 CET | 443 | 49991 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:39.382739067 CET | 49991 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:39.383116961 CET | 49991 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:39.408577919 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:39.414644003 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:39.563488960 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:39.564313889 CET | 49992 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:39.564382076 CET | 443 | 49992 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:39.564459085 CET | 49992 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:39.564733982 CET | 49992 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:39.564748049 CET | 443 | 49992 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:39.614830971 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:40.043651104 CET | 443 | 49992 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:40.045509100 CET | 49992 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:40.045546055 CET | 443 | 49992 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:40.200814962 CET | 443 | 49992 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:40.200881004 CET | 443 | 49992 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:40.200925112 CET | 49992 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:40.201351881 CET | 49992 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:40.222812891 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:40.227863073 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:40.377568960 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:40.378614902 CET | 49993 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:40.378660917 CET | 443 | 49993 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:40.378748894 CET | 49993 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:40.379044056 CET | 49993 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:40.379055023 CET | 443 | 49993 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:40.426039934 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:40.845585108 CET | 443 | 49993 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:40.847481012 CET | 49993 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:40.847502947 CET | 443 | 49993 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:40.990362883 CET | 443 | 49993 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:40.990438938 CET | 443 | 49993 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:40.990588903 CET | 49993 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:40.991152048 CET | 49993 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:41.032267094 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:41.037338972 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:41.321453094 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:41.322122097 CET | 49994 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:41.322171926 CET | 443 | 49994 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:41.322246075 CET | 49994 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:41.322518110 CET | 49994 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:41.322530031 CET | 443 | 49994 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:41.363535881 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:41.777071953 CET | 443 | 49994 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:41.782304049 CET | 49994 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:41.782341003 CET | 443 | 49994 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:41.909347057 CET | 443 | 49994 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:41.909425020 CET | 443 | 49994 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:41.909476995 CET | 49994 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:41.909881115 CET | 49994 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:41.930900097 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:41.936156034 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:42.088720083 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:42.089586973 CET | 49995 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:42.089632988 CET | 443 | 49995 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:42.089720011 CET | 49995 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:42.089979887 CET | 49995 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:42.089993954 CET | 443 | 49995 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:42.129339933 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:42.565980911 CET | 443 | 49995 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:42.567744017 CET | 49995 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:42.567764997 CET | 443 | 49995 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:42.694782972 CET | 443 | 49995 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:42.694859028 CET | 443 | 49995 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:42.694936991 CET | 49995 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:42.695395947 CET | 49995 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:42.718482018 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:42.723619938 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:42.875241995 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:42.876065969 CET | 49996 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:42.876116037 CET | 443 | 49996 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:42.876208067 CET | 49996 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:42.876490116 CET | 49996 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:42.876507998 CET | 443 | 49996 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:42.926090956 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:43.331525087 CET | 443 | 49996 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:43.333272934 CET | 49996 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:43.333317995 CET | 443 | 49996 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:43.471304893 CET | 443 | 49996 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:43.471394062 CET | 443 | 49996 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:43.471611977 CET | 49996 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:43.472075939 CET | 49996 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:43.499068975 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:43.504194021 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:43.654258013 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:43.655014992 CET | 49997 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:43.655076027 CET | 443 | 49997 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:43.655145884 CET | 49997 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:43.655437946 CET | 49997 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:43.655452967 CET | 443 | 49997 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:43.707329035 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:44.228212118 CET | 443 | 49997 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:44.229919910 CET | 49997 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:44.229948044 CET | 443 | 49997 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:44.563738108 CET | 443 | 49997 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:44.563812017 CET | 443 | 49997 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:44.563863993 CET | 49997 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:44.564305067 CET | 49997 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:44.583898067 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:44.589023113 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:44.739655972 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:29:44.740398884 CET | 49998 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:44.740449905 CET | 443 | 49998 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:44.740514994 CET | 49998 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:44.740818024 CET | 49998 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:44.740833044 CET | 443 | 49998 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:44.785406113 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Feb 21, 2025 08:29:45.196130037 CET | 443 | 49998 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:45.197761059 CET | 49998 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:45.197801113 CET | 443 | 49998 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:45.328618050 CET | 443 | 49998 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:45.328691006 CET | 443 | 49998 | 104.21.112.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:45.328764915 CET | 49998 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:45.332570076 CET | 49998 | 443 | 192.168.2.6 | 104.21.112.1 |
| Feb 21, 2025 08:29:46.134442091 CET | 49999 | 443 | 192.168.2.6 | 149.154.167.220 |
| Feb 21, 2025 08:29:46.134475946 CET | 443 | 49999 | 149.154.167.220 | 192.168.2.6 |
| Feb 21, 2025 08:29:46.134566069 CET | 49999 | 443 | 192.168.2.6 | 149.154.167.220 |
| Feb 21, 2025 08:29:46.135031939 CET | 49999 | 443 | 192.168.2.6 | 149.154.167.220 |
| Feb 21, 2025 08:29:46.135042906 CET | 443 | 49999 | 149.154.167.220 | 192.168.2.6 |
| Feb 21, 2025 08:29:46.750447989 CET | 443 | 49999 | 149.154.167.220 | 192.168.2.6 |
| Feb 21, 2025 08:29:46.750705957 CET | 49999 | 443 | 192.168.2.6 | 149.154.167.220 |
| Feb 21, 2025 08:29:46.752831936 CET | 49999 | 443 | 192.168.2.6 | 149.154.167.220 |
| Feb 21, 2025 08:29:46.752844095 CET | 443 | 49999 | 149.154.167.220 | 192.168.2.6 |
| Feb 21, 2025 08:29:46.753163099 CET | 443 | 49999 | 149.154.167.220 | 192.168.2.6 |
| Feb 21, 2025 08:29:46.754765034 CET | 49999 | 443 | 192.168.2.6 | 149.154.167.220 |
| Feb 21, 2025 08:29:46.799329042 CET | 443 | 49999 | 149.154.167.220 | 192.168.2.6 |
| Feb 21, 2025 08:29:46.995290995 CET | 443 | 49999 | 149.154.167.220 | 192.168.2.6 |
| Feb 21, 2025 08:29:46.995384932 CET | 443 | 49999 | 149.154.167.220 | 192.168.2.6 |
| Feb 21, 2025 08:29:46.995450020 CET | 49999 | 443 | 192.168.2.6 | 149.154.167.220 |
| Feb 21, 2025 08:29:47.010135889 CET | 49999 | 443 | 192.168.2.6 | 149.154.167.220 |
| Feb 21, 2025 08:29:53.000930071 CET | 50001 | 443 | 192.168.2.6 | 149.154.167.220 |
| Feb 21, 2025 08:29:53.000979900 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.6 |
| Feb 21, 2025 08:29:53.001059055 CET | 50001 | 443 | 192.168.2.6 | 149.154.167.220 |
| Feb 21, 2025 08:29:53.001347065 CET | 50001 | 443 | 192.168.2.6 | 149.154.167.220 |
| Feb 21, 2025 08:29:53.001358986 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.6 |
| Feb 21, 2025 08:29:53.613281965 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.6 |
| Feb 21, 2025 08:29:53.615087032 CET | 50001 | 443 | 192.168.2.6 | 149.154.167.220 |
| Feb 21, 2025 08:29:53.615103006 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.6 |
| Feb 21, 2025 08:29:53.615195990 CET | 50001 | 443 | 192.168.2.6 | 149.154.167.220 |
| Feb 21, 2025 08:29:53.615202904 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.6 |
| Feb 21, 2025 08:29:53.901912928 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.6 |
| Feb 21, 2025 08:29:53.901993990 CET | 443 | 50001 | 149.154.167.220 | 192.168.2.6 |
| Feb 21, 2025 08:29:53.902250051 CET | 50001 | 443 | 192.168.2.6 | 149.154.167.220 |
| Feb 21, 2025 08:29:53.902520895 CET | 50001 | 443 | 192.168.2.6 | 149.154.167.220 |
| Feb 21, 2025 08:30:49.739548922 CET | 80 | 49989 | 158.101.44.242 | 192.168.2.6 |
| Feb 21, 2025 08:30:49.741925955 CET | 49989 | 80 | 192.168.2.6 | 158.101.44.242 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 21, 2025 08:29:30.705641031 CET | 56083 | 53 | 192.168.2.6 | 1.1.1.1 |
| Feb 21, 2025 08:29:30.713500977 CET | 53 | 56083 | 1.1.1.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:31.786098957 CET | 55215 | 53 | 192.168.2.6 | 1.1.1.1 |
| Feb 21, 2025 08:29:31.794706106 CET | 53 | 55215 | 1.1.1.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:36.489435911 CET | 60349 | 53 | 192.168.2.6 | 1.1.1.1 |
| Feb 21, 2025 08:29:36.496939898 CET | 53 | 60349 | 1.1.1.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:37.701881886 CET | 65476 | 53 | 192.168.2.6 | 1.1.1.1 |
| Feb 21, 2025 08:29:37.714881897 CET | 53 | 65476 | 1.1.1.1 | 192.168.2.6 |
| Feb 21, 2025 08:29:46.126414061 CET | 50182 | 53 | 192.168.2.6 | 1.1.1.1 |
| Feb 21, 2025 08:29:46.133745909 CET | 53 | 50182 | 1.1.1.1 | 192.168.2.6 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Feb 21, 2025 08:29:30.705641031 CET | 192.168.2.6 | 1.1.1.1 | 0xcc2a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 21, 2025 08:29:31.786098957 CET | 192.168.2.6 | 1.1.1.1 | 0x36bf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 21, 2025 08:29:36.489435911 CET | 192.168.2.6 | 1.1.1.1 | 0xb5df | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 21, 2025 08:29:37.701881886 CET | 192.168.2.6 | 1.1.1.1 | 0x930b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 21, 2025 08:29:46.126414061 CET | 192.168.2.6 | 1.1.1.1 | 0xd759 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Feb 21, 2025 08:29:30.713500977 CET | 1.1.1.1 | 192.168.2.6 | 0xcc2a | No error (0) | 142.250.186.174 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:29:31.794706106 CET | 1.1.1.1 | 192.168.2.6 | 0x36bf | No error (0) | 142.250.185.161 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:29:36.496939898 CET | 1.1.1.1 | 192.168.2.6 | 0xb5df | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Feb 21, 2025 08:29:36.496939898 CET | 1.1.1.1 | 192.168.2.6 | 0xb5df | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:29:36.496939898 CET | 1.1.1.1 | 192.168.2.6 | 0xb5df | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:29:36.496939898 CET | 1.1.1.1 | 192.168.2.6 | 0xb5df | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:29:36.496939898 CET | 1.1.1.1 | 192.168.2.6 | 0xb5df | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:29:36.496939898 CET | 1.1.1.1 | 192.168.2.6 | 0xb5df | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:29:37.714881897 CET | 1.1.1.1 | 192.168.2.6 | 0x930b | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:29:37.714881897 CET | 1.1.1.1 | 192.168.2.6 | 0x930b | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:29:37.714881897 CET | 1.1.1.1 | 192.168.2.6 | 0x930b | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:29:37.714881897 CET | 1.1.1.1 | 192.168.2.6 | 0x930b | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:29:37.714881897 CET | 1.1.1.1 | 192.168.2.6 | 0x930b | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:29:37.714881897 CET | 1.1.1.1 | 192.168.2.6 | 0x930b | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:29:37.714881897 CET | 1.1.1.1 | 192.168.2.6 | 0x930b | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:29:46.133745909 CET | 1.1.1.1 | 192.168.2.6 | 0xd759 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49989 | 158.101.44.242 | 80 | 3892 | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 21, 2025 08:29:36.518064976 CET | 151 | OUT | |
| Feb 21, 2025 08:29:37.081201077 CET | 321 | IN | |
| Feb 21, 2025 08:29:37.103708982 CET | 127 | OUT | |
| Feb 21, 2025 08:29:37.258359909 CET | 321 | IN | |
| Feb 21, 2025 08:29:38.633894920 CET | 127 | OUT | |
| Feb 21, 2025 08:29:38.790958881 CET | 321 | IN | |
| Feb 21, 2025 08:29:39.408577919 CET | 127 | OUT | |
| Feb 21, 2025 08:29:39.563488960 CET | 321 | IN | |
| Feb 21, 2025 08:29:40.222812891 CET | 127 | OUT | |
| Feb 21, 2025 08:29:40.377568960 CET | 321 | IN | |
| Feb 21, 2025 08:29:41.032267094 CET | 127 | OUT | |
| Feb 21, 2025 08:29:41.321453094 CET | 321 | IN | |
| Feb 21, 2025 08:29:41.930900097 CET | 127 | OUT | |
| Feb 21, 2025 08:29:42.088720083 CET | 321 | IN | |
| Feb 21, 2025 08:29:42.718482018 CET | 127 | OUT | |
| Feb 21, 2025 08:29:42.875241995 CET | 321 | IN | |
| Feb 21, 2025 08:29:43.499068975 CET | 127 | OUT | |
| Feb 21, 2025 08:29:43.654258013 CET | 321 | IN | |
| Feb 21, 2025 08:29:44.583898067 CET | 127 | OUT | |
| Feb 21, 2025 08:29:44.739655972 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49987 | 142.250.186.174 | 443 | 3892 | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-21 07:29:31 UTC | 216 | OUT | |
| 2025-02-21 07:29:31 UTC | 1610 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.6 | 49988 | 142.250.185.161 | 443 | 3892 | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-21 07:29:32 UTC | 258 | OUT | |
| 2025-02-21 07:29:34 UTC | 5015 | IN | |
| 2025-02-21 07:29:34 UTC | 5015 | IN | |
| 2025-02-21 07:29:34 UTC | 4668 | IN | |
| 2025-02-21 07:29:34 UTC | 1390 | IN | |
| 2025-02-21 07:29:34 UTC | 1390 | IN | |
| 2025-02-21 07:29:34 UTC | 1390 | IN |